Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8983
Views
0
Helpful
4
Replies

[RST, ACK] traffic

neo_christina
Level 1
Level 1

‎10-31-2006 06:23 AM - edited ‎03-05-2019 12:32 PM

Hi,

I would really appreciate some help on the following problem encountered:

The users are trying to access to a website but failed.

Hence, I simulated as a user accessing to the website and sniffed the traffic and found that there are many [RST, ACK] statements. Kindly advise what causes the many [RST, ACK] statements?

Btw, there are no firewall rules blocking. Any similar encounters? and any advise on what to look out for?

Thanks

Christina

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎10-31-2006 06:34 AM

Christina

Do I understand correctly that the packet that you see has the RST bit set and also the ACK bit set?

The ACK bit indicates a response packet. The RST is an abnormal termination of a TCP session (the FIN bit represents a normal termination). It sounds like devices on your end are initiating sessions, find something that they do not like and terminating. It sounds like what you are seeing is the acknowledgement from the server to your reset of the connection. Perhaps you can tell us a bit more about what if anything came in the trace before the RST, ACK?

HTH

Rick

HTH

Rick
0 Helpful

neo_christina
Level 1
Level 1
In response to Richard Burts

‎10-31-2006 07:05 AM

Hi Rick,

There are also many of the following messages:

- HTTP [TCP Previous segment lost] Continuation or non-HTTP traffic

- TCP [TCP Retransmission] [TCP segment of a reassembled PDU]

- TCP [TCP Dup ACK]

- TCP [TCP ACKed lost segment]

and some of the following messages:

- HTTP [TCP Out-Of-Order] Continuation or non-HTTP traffic

It seems that the packets are duplicated and lost many times.

Thanks

Christina

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to neo_christina

‎10-31-2006 08:07 AM

Christina

These messages would seem to indicate that there is a lot of packet loss and perhaps lots of delay in delivering packets that cause the sending station to retransmit (this is a normal part of TCP and is not a problem when done in small amounts). It looks like the amount of retransmitted packets contributes especially to the Dup ACK, and Out-Of-Order error messages.

Can you categorize these in any way? Are they associated mostly with particular destinations? Are they associated with particular source stations? Are they worse in some parts of your network than in others? If we can understand this traffic a bit better we might be able to find ways to address the issue.

HTH

Rick

HTH

Rick
0 Helpful

neo_christina
Level 1
Level 1
In response to Richard Burts

‎10-31-2006 06:14 PM

Hi Rick,

the test is from internal and external network to the web server. internal network seems ok. however, regional network connecting to the internal network has problems.

Thanks

Christina

0 Helpful
Customers Also Viewed These Support Documents