This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Connection drop issue

0

I am having a desktop application which can talk to a server application using TCP/IP. It was working all these days but now we ran into an issue. The log message in the server shows that the socket is disconnected after a while, but we are able to exchange heart beat messages even after that. When i ran the Wireshark tool i am getting this log which i dont know how to interpret.

4297    36.375489   192.168.1.135   50.19.123.218   TCP bvcontrol > 843 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
4324    36.613058   50.19.123.218   192.168.1.135   TCP 843 > bvcontrol [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
4347    37.060445   192.168.1.135   50.19.123.218   TCP bvcontrol > 843 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
4427    37.297452   50.19.123.218   192.168.1.135   TCP 843 > bvcontrol [RST, ACK] Seq=3393086915 Ack=1 Win=0 Len=0
4453    37.764487   192.168.1.135   50.19.123.218   TCP bvcontrol > 843 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

asked 20 Sep '11, 00:48

Jeeva's gravatar image

Jeeva
1111
accept rate: 0%

edited 20 Sep '11, 06:48

Jaap's gravatar image

Jaap ♦
11.7k16101

One Answer:

2

This is a regular output when the client tries to connect to the server, but the server does not accept an incoming connection. You see the client initiating the TCP connection in the first packet, by sending a SYN. Normally the server would react by sending a SYN,ACK himself - but here in packet two you see the server sending back a Reset flagged packet (RST,ACK).

This means either the server does not have the application listening on port 843 (check with netstat on the server), or there might be another device in place (firewall, ACL router...) filtering traffic and reacting to connections on port 843 with sending back Reset.

answered 20 Sep '11, 01:10

Landi's gravatar image

Landi
2.3k51442
accept rate: 28%

Thank you Landi for your response, actually i am not able to put a picture here to show you the complete log that is why it is totaly misleading. After initial connection i am getting SYN,ACK after a while when the connection is dropped i am getting this log message

(20 Sep '11, 02:39) Jeeva

Which actually points to the application on port 843 running on the server has crashed or because of whatever reasons stopped working. There is no other reason why the server should send back Reset packets, except for those 2 previously mentioned.

(20 Sep '11, 04:42) Landi

RST packet after SYNC only 2 reason for that 1.Server not reachable. 2.Server taking long time to respond.

(01 Mar '13, 02:34) m_1607

RST packet after SYNC only 2 reason for that 1.Server not reachable.

actually: no.

If the server (the system) is not reachable you will either run into a timeout (firewall dropped packet, last hop - the system - not online) or you will get some ICMP error, if the network is not reachable and that ICMP packet makes it through to your client.

2.Server taking long time to respond.

actually: no.

If the server takes a long time to answer you will eventually get an answer after a long time and not a RESET.

(01 Mar '13, 09:35) Kurt Knochner ♦