who sends RST packets? UNIX box or application? Troubleshooting hints?

[Sven Aluoor <aluoor () gmail com>]

Hi folks

I have here a box with Cisco's IOS which makes SCEP (Simple
Certificate Enrollment Protocol) request with Dst Port 446 to a
Solaris box with RSA Keon.

Apache is listening:

$ netstat -an | grep 446
      *.446                *.*                0      0 49152      0 LISTEN
        
nothing in layer 7 log files:

$ ls -lrt scep-*
-rw-r-----   1 root     root           0 Jan  20  2008 scep-error.log
-rw-r-----   1 root     root           0 Jan  20 2008 scep-access.log

snoop output (analyzed with Wireshark, see screenshot[0]).

I see that the source sends a SYN package and the destination box
answers with Reset. How to see if the reset comes from application
(RSA Keon) or the UNIX Box? I guess it is not the application because
of empty log file. Any other hints on troubleshooting this?

cheers Sven

[0] http://i.imgur.com/ZbEeh.png
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe