Wireshark mailing list archives
How to interpret trace
From: George Levasseur <geolev () yahoo com>
Date: Tue, 23 Mar 2010 07:01:16 -0700 (PDT)
Hi, I am unsure of how to interpret a network trace. I understand that there is a source machine and a destination machine in the following trace snippet: 467708 620.887615 10.65.85.11 10.65.42.44 TNS Request, Data (6), Data 467709 620.887860 10.65.42.44 10.65.85.11 TCP ncube-lm > de-noc [RST] Seq=1 Win=0 Len=6 How should I read the above? 10.65.85.11 sends a TNS request to 10.65.42.44 Do I have that right? I'm not sure what to make of the next line. I understand that it is a TCP reset which means TCP detected a request on a connection that was closed. Is that correct? What I don't understand is, is there anything there that tells me who closed the connection? Is it 10.65.42.44 that closed it or 10.65.85.11? Is the second line a response to the first line? Any help would be greatly appreciated. Geolev
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to interpret trace George Levasseur (Mar 23)
- Re: How to interpret trace Martin Visser (Mar 24)