Wireshark-users: Re: [Wireshark-users] (no subject)

From: Hansang Bae <for_list_hbae@xxxxxxxxxx>
Date: Wed, 08 Jul 2009 19:59:28 -0400
Gaudineer, Kevin wrote:
Thank you for the reply..   I do have a small capture file of a TDS
exchange between client and server.  This trace ends with a TCP hard
reset from the client and I believe this is what is causing the problem,
however I can not explain why there is a TCP hard reset.
Can I attach to this response back to the forum.

Kevin,
RSTs are usually not a good thing (unless it's IE closing down an SSL session, then it's normal). But there are a few ways to see if the DB is trying to control the flow of the traffic. Instead of my giving out step by step here on the list, go to www.wireshark.org and follow the link to Sharkfest presentations. Download the presentation "AU-4, AU-5 (Bae) Protocol Analysis in a Complex Enterprise" and look at slide #5. See if you're suffering from that type of a problem.

hmmm, actually the old preso is still there. I uploaded a newer one with 'answers' in it. I'll forward you a copy tomorrow if you'd like.

In the meantime, use editcap -s to cut off the data part (try to leave the TDS headers if you can) and feel free to post it here.


--


Thanks,
Hansang