Wireshark mailing list archives
Re: Expert item for TCP RST flag
From: Ed Beroset <beroset () mindspring com>
Date: Thu, 9 Jan 2014 08:41:37 -0500 (GMT-05:00)
Joerg Mayer wrote:
The reason for my question is that someone had network trouble and looked at the error/warning items. Had RST been at that level, he would have found the problem lots of work hours earlier - the RSTs were indications of a real problem. So the question is: Do we allow lazy application writers to "hide" indications of real problems in the network?
For what it's worth, I emphatically agree that RST abuse is is a problem (see RFC-3360 for still more corroboration http://tools.ietf.org/search/rfc3360). By flagging these as warning indications rather than chat, misbehaving applications will be more apparent, but at the potential risk of flooding the poor network engineer with irrelevant data. However, I think that it's probably data that can easily be filtered out. For that reason, I'd strongly endorse changing them to "warning" level. Ed ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Expert item for TCP RST flag Joerg Mayer (Jan 07)
- Re: Expert item for TCP RST flag Gerald Combs (Jan 08)
- Re: Expert item for TCP RST flag mmann78 (Jan 08)
- Re: Expert item for TCP RST flag Edwin Groothuis (Jan 09)
- Re: Expert item for TCP RST flag Joerg Mayer (Jan 09)
- Re: Expert item for TCP RST flag Joerg Mayer (Jan 09)
- Re: Expert item for TCP RST flag Jeff Morriss (Jan 09)
- Re: Expert item for TCP RST flag Michael Tuexen (Jan 09)
- Re: Expert item for TCP RST flag Gerald Combs (Jan 08)
- <Possible follow-ups>
- Re: Expert item for TCP RST flag Ed Beroset (Jan 09)