Using Wireshark I produced the following trace. My question is, how do I determine why the host 10.0.10.110 sends the first RST,ACK in 222? Additionally, why does the server sent three RST,ACK (222, 226, and 228) before it sends a SYN in 229? Here is what is happening -- the client (10.0.10.115) is pushing data to the server (10.0.10.110). The server acknowledges it, which is the normal communication flow. 220 and 221 show the normal flow. 222 shows that the server sends an RST,ACK. 225 shows the client responding with a SYN. In 226, the server sends another RST,ACK to which the client responds with another SYN (227). The server send another RST,ACK in 228 and the client sends another SYN (229). At that point, the server sends a SYN,ACK in 230, and the client responds with an ACK in 231. 232 and 233 show normal communication flow.asked 26 May '17, 15:23 randy_ynchausti edited 27 May '17, 01:29 Jasper ♦♦ |
One Answer:
The RST,ACK in 222 is probably a normal session termination thing, which is kind of common now (instead of using FIN-ACK-FIN-ACK, which is slower). The other resets are most likely caused by the fact that the client is trying to reuse the same socket pair again - normally, the client should use a different ephemeral port for each connection it starts. If the socket pairs are reused too soon you'll get a reset because the server stack doesn't accept a new connection yet that has the same IP and port pairs until some time has passed. answered 27 May '17, 01:34 Jasper ♦♦ |