3

I'm very new with network, so forgive me if I ask dumb questions or if my vocabulary is bad

I'm trying to access an URL from a partner on a specific port. The server has a firewall which only accepts allowed IP address

The problem is that sometimes it works, sometimes not. I checked with Wireshark what the problem was and we receive a RST - ACK after a few TCP Retransmission

Wireshark Error

Before asking our partner to check their servers, I'd like to make sure that the issue is not caused by something we do wrong

What could be the cause of this error ?

Let me know if you need more informations

marsh-wiggle
  • 2,075
  • 4
  • 26
  • 44
Nevi
  • 131
  • 1
  • 4

1 Answers1

1

When a connection is not ended correctly the TCP Reset flag is set to 1. However Windows and some OS us this flag together with ACK to mean a graceful disconnection and not a problem.

I would suggest to use the Wireshark filter tcp.flags.reset==1 && tcp.flags.ack == 0 to get only resets without ACK.

On the server side you may want to look to the percentages of communication errors you have in your trace :

  • Normal < 5%
  • Minor problems 5~10%
  • Serious problems >10

Using the overall filter : tcp.analysis.flags && !tcp.analysis.window_update

Or more in depth with the following flags :

tcp.analysis.flags && !tcp.analysis.window_update

tcp.analysis.retransmission

tcp.analysis.duplicate_ack

tcp.analysis.out_of_order

tcp.analysis.zero_window

tcp.analysis.window_full

Alexandre Roux
  • 460
  • 6
  • 19