On Tue, Apr 20, 2004 at 03:22:20PM +0200, L.Malinov wrote:
> I'm trying to troubleshoot some TCP session resets. As far as I can see in
> ethereal the reset causes are cki, cko, ehnc.
Ethereal itself doesn't know what the reset cause is; it's just
displaying data in the RST segment. There's no standard for that data -
to quote RFC 1122:
4.2.2.12 RST Segment: RFC-793 Section 3.4
A TCP SHOULD allow a received RST segment to include data.
DISCUSSION
It has been suggested that a RST segment could contain
ASCII text that encoded and explained the cause of the
RST. No standard has yet been established for such
data.
so either
1) the machine sending the RST is putting those codes there, and
you'd probably have to ask whoever supplies the TCP stack for
that machine
or
2) it's just sending out RSTs with random junk in the segment,
in which case it doesn't mean anything.
I don't know which is the case. Some OSes *do* put something there,
which is why we display it; Kevin Steves of HP contributed a tcpdump
patch to display it, which inspired me to make Ethereal display it, so
perhaps HP-UX puts something there. I think I might have seen it from
some other OS as well - I think it might've been CTIX (the UNIX from
Convergent Technologies), based on what the string was.