Wireshark · Ethereal-users: RE: [Ethereal-users] RST flag question

Ethereal-users: RE: [Ethereal-users] RST flag question

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Matt Kopf" <matt@xxxxxxxxxxxxxx>

Date: Thu, 5 Aug 2004 08:48:47 -0700

Although I agree with this. These are both computers that we control, and
the handshake is started with the start of our own application. It works
just fine over the LAN, but when you take the computer to this remote
location that goes over the Cisco router you see the RST flag and the
application dies. So I am very sure that it is not a SYN scan in this
particular situation at least. At least I know what to keep my eyes open for
though Thanks!

Matt

>-----Original Message-----
>From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-
>bounces@xxxxxxxxxxxx] On Behalf Of Jim Hendrick
>Sent: Wednesday, August 04, 2004 20:20
>To: 'Ethereal user support'
>Subject: RE: [Ethereal-users] RST flag question
>
>Sounds like someone mapping your server with a classic SYN scan (look at
>nmap).
>
>The "client" looks for open services this way. Sending a SYN, waiting for a
>SYN/ACK (indicating a listening service) and replying with a RST (not
>causing the connection to be opened, which would get logged on the server,
>but letting the scanner (client) know that a service is alive and
>reachable.
>
>Later,
>Jim
>
>-----Original Message-----
>From: ethereal-users-bounces@xxxxxxxxxxxx
>[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Matt Kopf
>Sent: Wednesday, August 04, 2004 4:26 PM
>To: 'Ethereal user support'
>Subject: [Ethereal-users] RST flag question
>
>
>Doing some monitoring on a network link that goes over a Cisco router I saw
>many times where the computer on the other end will start the handshake
>process, the server answered and then a RST from the client. So the
>question
>is:
>
>Can the router set the RST flag?
>
>What would cause the OS (windows) to set the RST flag?
>
>Thanks for the help.
>
>Matt Kopf
>
>_______________________________________________
>Ethereal-users mailing list
>Ethereal-users@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
>_______________________________________________
>Ethereal-users mailing list
>Ethereal-users@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.732 / Virus Database: 486 - Release Date: 07/29/2004
>

Follow-Ups:
- Re: [Ethereal-users] RST flag question
  - From: Ian Schorr

References:
- RE: [Ethereal-users] RST flag question
  - From: Jim Hendrick

Prev by Date: Re: [Ethereal-users] String search of packet details for hash value
Next by Date: Re: [Ethereal-users] RST flag question
Previous by thread: RE: [Ethereal-users] RST flag question
Next by thread: Re: [Ethereal-users] RST flag question
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$