RST ACK after SYN and Retransmission
When a connection is not ended correctly the TCP Reset flag is set to 1. However Windows and some OS us this flag together with ACK to mean a graceful disconnection and not a problem.
I would suggest to use the Wireshark filter tcp.flags.reset==1 && tcp.flags.ack == 0 to get only resets without ACK.
On the server side you may want to look to the percentages of communication errors you have in your trace :
- Normal < 5%
- Minor problems 5~10%
- Serious problems >10
Using the overall filter : tcp.analysis.flags && !tcp.analysis.window_update
Or more in depth with the following flags :
tcp.analysis.flags && !tcp.analysis.window_update
tcp.analysis.retransmission
tcp.analysis.duplicate_ack
tcp.analysis.out_of_order
tcp.analysis.zero_window
tcp.analysis.window_full
Nevi
Updated on September 18, 2022Comments
-
Nevi over 1 year
I'm very new with network, so forgive me if I ask dumb questions or if my vocabulary is bad
I'm trying to access an URL from a partner on a specific port. The server has a firewall which only accepts allowed IP address
The problem is that sometimes it works, sometimes not. I checked with Wireshark what the problem was and we receive a RST - ACK after a few TCP Retransmission
Before asking our partner to check their servers, I'd like to make sure that the issue is not caused by something we do wrong
What could be the cause of this error ?
Let me know if you need more informations
-
Alexandre Roux over 6 yearsCould you please elaborate on the down-vote? Because if I'm wrong I would like to understand why to learn from it. Thx