Re: Expert item for TCP RST flag

[Ed Beroset <beroset () mindspring com>]

Joerg Mayer wrote:

> The reason for my question is that someone had network trouble and looked
> at the error/warning items. Had RST been at that level, he would have found
> the problem lots of work hours earlier - the RSTs were indications of a
> real problem.
>
> So the question is: Do we allow lazy application writers to "hide" indications
> of real problems in the network?

For what it's worth, I emphatically agree that RST abuse is is a problem (see RFC-3360 for still more corroboration 
http://tools.ietf.org/search/rfc3360).  By flagging these as warning indications rather than chat, misbehaving 
applications will be more apparent, but at the potential risk of flooding the poor network engineer with irrelevant 
data.  However, I think that it's probably data that can easily be filtered out.  For that reason, I'd strongly endorse 
changing them to "warning" level.

Ed
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe