Hi,
I am unsure of how to interpret a network trace. I understand that there is a source machine and a destination machine in the following trace snippet:
467708 620.887615 10.65.85.11 10.65.42.44 TNS Request, Data (6), Data
467709 620.887860 10.65.42.44 10.65.85.11 TCP ncube-lm > de-noc [RST] Seq=1 Win=0 Len=6
How should I read the above?
10.65.85.11 sends a TNS request to 10.65.42.44
Do I have that right?
I'm not sure what to make of the next line. I understand that it is a TCP reset which means TCP detected a request on a connection that was closed. Is that
correct?
What I don't understand is, is there anything there that tells me who closed the connection? Is it 10.65.42.44 that closed it or 10.65.85.11?
Is the second line a response to the first line?
Any help would be greatly appreciated.
Geolev