This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Today I had a opportunity to work with wireshark.

I installed wireshark on my VMware and made some test on it.

And I found a interesting thing.

I sent the HTTP request to not exist computer and captured the all packet flow with wireshark.

The first packet was SYN packet.

And second one was re-transmission packet.(for system hadn't received any response from target computer).

But surprisingly, RST packet from the target computer reached.

I couldn't understand where this packet came from.

I tested for 2 target computers, and in both case, I had the RST packet.

So are there anyone answer about those suspicious RST packets?

Thanks for reading.

Regards.

alt text alt text

asked 28 Jul, 00:48

Takuya%20Kimura's gravatar image

Takuya Kimura
612
accept rate: 0%


The most likely explanation is that a security device exists on the route towards the IP address of the non-existent computer, and that device forges the RST packet in the name of the nonexistent computer.

permanent link

answered 28 Jul, 01:32

sindy's gravatar image

sindy
6.0k4850
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×752
×81
×5

question asked: 28 Jul, 00:48

question was seen: 266 times

last updated: 28 Jul, 01:32

p​o​w​e​r​e​d by O​S​Q​A