Wireshark · Wireshark-users: [Wireshark-users] who sends RST packets? UNIX box or application? Troubleshooting hints?

Wireshark-users: [Wireshark-users] who sends RST packets? UNIX box or application? Troubleshootin

From: Sven Aluoor <aluoor@xxxxxxxxx>

Date: Wed, 15 Dec 2010 15:20:07 +0100

Hi folks

I have here a box with Cisco's IOS which makes SCEP (Simple
Certificate Enrollment Protocol) request with Dst Port 446 to a
Solaris box with RSA Keon.

Apache is listening:

$ netstat -an | grep 446
      *.446                *.*                0      0 49152      0 LISTEN
	
nothing in layer 7 log files:

$ ls -lrt scep-*
-rw-r-----   1 root     root           0 Jan  20  2008 scep-error.log
-rw-r-----   1 root     root           0 Jan  20 2008 scep-access.log

snoop output (analyzed with Wireshark, see screenshot[0]).

I see that the source sends a SYN package and the destination box
answers with Reset. How to see if the reset comes from application
(RSA Keon) or the UNIX Box? I guess it is not the application because
of empty log file. Any other hints on troubleshooting this?

cheers Sven

[0] http://i.imgur.com/ZbEeh.png

Follow-Ups:
- Re: [Wireshark-users] who sends RST packets? UNIX box or application? Troubleshooting hints?
  - From: bart sikkes
- Re: [Wireshark-users] who sends RST packets? UNIX box or application? Troubleshooting hints?
  - From: Andrew Hood

Prev by Date: [Wireshark-users] Display Filter frame - how do that work?
Next by Date: Re: [Wireshark-users] Display Filter frame - how do that work?
Previous by thread: Re: [Wireshark-users] Display Filter frame - how do that work?
Next by thread: Re: [Wireshark-users] who sends RST packets? UNIX box or application? Troubleshooting hints?
Index(es):
- Date
- Thread