|
I had a similar problem recently and this list helped me
find out what was going on. I realized that Wireshark was able to dig deeper
into the HTTPS packets than I was used to with Sniffer Pro. If you expand the
SSL headers, you might pick up some additonal information such as Encryption
Alerts which was my case.
From the screenshot you provided, it could be that the
client is requesting a HTTPS session, and is getting an ssl certificate alert
and the browser is configured not to warn when the cert doesn't match so the
client sends a RST....just a theory.
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of St Onge,Adam Sent: Monday, April 21, 2008 3:51 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] TCP Resets Thanks for that tip, I
did discover something interesting. There is one time when the workstation
attempts to iniatiate a session with the web server, the web server sends an
ACK, and the workstation does a reset on the ACK. Any idea why we would reset an
ACK?? See picture below…
Thanks, Adam From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Barry Constantine Then I would recommend
looking closely at one of these TCP connections from open to close.
Makes me wonder if the connection is even opening properly at all
and the workstation is issuing Resets in an attempt to
recover. From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of What if the source is
always the workstation? This is an application
that is performing very slowly and I’m not seeing anything else in the capture
indicative of a problem other then a whole bunch of
resets…. Thanks, Adam From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Barry Constantine TCP Resets can be a
normal way of closing a connection. Is your application
behaving properly or is it malfunctioning or very
slow? For a busy server, TCP
Resets is a means that the server refuses additional connections. If you
use AOL IM (as an example), there are times when I get “AOL can’s be started”
message and this is the server sending back TCP
Resets. The answer to your
question really depends upon what you are seeing from an application
perspective; you cannot really tell anything by just looking at the
number. -Barry From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Trying to understand what a lot of
TCP Resets is indicative of? I have a capture that is ~1500 frames and 85
of those are TCP.Resets. Any
Ideas? Thanks, Adam ==============================================================================This communication, together with any attachments hereto or links contained herein, is for the sole use of the intended recipient(s) and may contain information that is confidential or legally protected. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, dissemination, distribution or use of this communication is STRICTLY PROHIBITED. If you have received this communication in error, please notify the sender immediately by return e-mail message and delete the original and all copies of the communication, along with any attachments hereto or links herein, from your system.==============================================================================The Travelers e-mail system made this annotation on 04/21/08, 13:33:20.==============================================================================This communication, together with any attachments hereto or links contained herein, is for the sole use of the intended recipient(s) and may contain information that is confidential or legally protected. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, dissemination, distribution or use of this communication is STRICTLY PROHIBITED. If you have received this communication in error, please notify the sender immediately by return e-mail message and delete the original and all copies of the communication, along with any attachments hereto or links herein, from your system.==============================================================================The Travelers e-mail system made this annotation on 04/21/08, 13:50:38.============================================================================== This communication, together with any attachments hereto or links contained herein, is for the sole use of the intended recipient(s) and may contain information that is confidential or legally protected. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, dissemination, distribution or use of this communication is STRICTLY PROHIBITED. If you have received this communication in error, please notify the sender immediately by return e-mail message and delete the original and all copies of the communication, along with any attachments hereto or links herein, from your system. ============================================================================== The Travelers e-mail system made this annotation on 04/21/08, 15:51:30. |
- References:
- Re: [Wireshark-users] TCP Resets
- From: Barry Constantine
- Re: [Wireshark-users] TCP Resets
- From: St Onge,Adam
- Re: [Wireshark-users] TCP Resets
- Prev by Date: Re: [Wireshark-users] TCP Resets
- Next by Date: Re: [Wireshark-users] TCP Resets
- Previous by thread: Re: [Wireshark-users] TCP Resets
- Next by thread: Re: [Wireshark-users] TCP Resets
- Index(es):