Wireshark-users: Re: [Wireshark-users] RST flag at end of TCP transmission

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jeff Bruns <jeff.bruns@xxxxxxxxx>
Date: Mon, 3 May 2010 11:32:34 -0400
Thank you for your reply. As suggested, I've attached the wireshark dump file for the TCP transmission in question.

Thanks again for the help.

Jeff

On Sun, May 2, 2010 at 10:28 PM, sandeep nitta <sandeep.nitta@xxxxxxxxx> wrote:
 AFAIK, after RST, the connection need not start all over again.

the RST might also be a reason if there are any malformed packets in
the tcp stream.

OR

there the sender has already closed the port on whcih the connection
was open some time back and hence the RST.

OR

the host has simply run out of resources.


i dont find a definite answer to your questions, but these might be
the possible reasons.
if you can attach the trace file, people can look at that and probably
analyze more.

Thanks,
Sadeep Nitta



On Mon, May 3, 2010 at 6:04 AM, Jeff Bruns <jeff.bruns@xxxxxxxxx> wrote:
> Greetings-
> This is more of a beginners TCP question than it is a wireshark question,
> but I haven't had much success finding the answer. I have a TCP transmission
> that appears to have been delivered successfully and in its entirety, but
> has an RST packet sent by the sender. There are no out of order packets,
> packet retransmissions or other indications of stream interruption.
>
> It was my understanding that the reset flag was a request by the sending
> party that the connection be reset and everything start over. That being the
> case, I would have expected to have some packet loss or other stream issues
> precipitate the RST flag. I also would have expected that immediately
> following the RST flag, a new connection would be established and the whole
> process repeated. There was no follow up connection or retransmission.
>
> I am close to understanding the purpose of the RST flag? Or am I way off?
>
> Thanks.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Attachment: TCPwithEndingRST.pcap
Description: Binary data