(part of formally closing the TCP connection).
Many TCP services do not close a connection
properly so the reset connection is not always generated - if the TCP
testing on ethereal was done using such a service this could cause it to
be missed in the analyzer.
Well, technically speaking RST is NOT part of formally closing a session.
The proper way to close a session is by using the normal 3-way FIN
handshake.
RST segments are used to indicate that an unrecoverable error has occured
and
that the session is thus destroyed.
Some implementors do (which i think is wrong) stupid things from time to
time
in the name of performance. Some implementations do use RST as a quick way
to
shut down sessions. Broken and abusing tcp but thats the way they do it.
Attached is a small patch to stop ethereal from flagging RST or FIN segments
as zero windows
or dup acks (which they are not)
there are still bugs in the analysis:
1, basic window updates should NOT be flagged as dupacks, but that would
take more
brainsurgery to fix than this simple patch above.
2, rfc2988 implementation
3, detection of partial acks !!!! (important)
4, it can not detect and distinguish between tahoe/reno/newreno
_________________________________________________________________
Personalise your mobile chart ringtones and polyphonics. Go to
http://ringtones.com.au/ninemsn/control?page=/ninemsn/main.jsp
Attachment:
packet-tcp.c.diff
Description: Binary data