TCP troubleshooting

In this section we will learn about different network problems that occur and try to analyze and solve them with lab exercises. Let's start with the Reset (RST) packet.

TCP reset sequence

The TCP RST flag resets the connection. It indicates that the receiver should delete the connection. The receiver deletes the connection based on the sequence number and header information. If a connection doesn't exist on the receiver RST is set, and it can come at any time during the TCP connection lifecycle due to abnormal behavior. Let's take one example: a RST packet is sent after receiving SYN/ACK, as shown in the next image.

RST after SYN-ACK

In this example we will see why RST has been set after SYN-ACK instead of ACK:

Open the RST-01.pcap ...

Get Packet Analysis with Wireshark now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Packet Analysis with Wireshark by Anish Nath

TCP troubleshooting

TCP reset sequence

RST after SYN-ACK

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly