Wireshark · Wireshark-dev: Re: [Wireshark-dev] Expert item for TCP RST flag

Wireshark-dev: Re: [Wireshark-dev] Expert item for TCP RST flag

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Thu, 09 Jan 2014 10:22:11 -0500

On 01/09/2014 07:40 AM, Joerg Mayer wrote:

On Tue, Jan 07, 2014 at 05:09:11PM -0800, Gerald Combs wrote:

On 1/7/14 4:19 PM, Joerg Mayer wrote:

Right now TCP packets with RST are marked as severity chat. Is there a reason
why this isn't warn?


Some applications use RSTs as a way to quickly close connections.
Internet Explorer is probably the most common example.


Just curious: How does an application do that (rst instead of proper
fin-sequence)? Kill the process that opened the tcp socket?


By calling close() instead of shutdown() on the socket fd.

Follow-Ups:
- Re: [Wireshark-dev] Expert item for TCP RST flag
  - From: Michael Tuexen

References:
- [Wireshark-dev] Expert item for TCP RST flag
  - From: Joerg Mayer
- Re: [Wireshark-dev] Expert item for TCP RST flag
  - From: Gerald Combs
- Re: [Wireshark-dev] Expert item for TCP RST flag
  - From: Joerg Mayer