Wireshark mailing list archives

Re: who sends RST packets? UNIX box or application? Troubleshooting hints?

From: bart sikkes <b.sikkes () gmail com>
Date: Wed, 15 Dec 2010 19:13:46 +0100

would have been more useful if you kept the source and destination ip
info. because it seems to me that the source send a syn and
destination sends a syn and ack back and then the source is sending
the reset (based on port info).

beyond that enough stuff to check. you could run wirehsark (or tcpdump
or such) on the solaris box and see if it does indeed send the reset.
beyond that:
- can other systems use the solaris box?
- are there any firewalls or such in between?
- has to solaris box itself some firewall or hosts.allow sort of setup?
- when you port scan the solaris box, is port 446 reported as listening?

good luck,
bart

On Wed, Dec 15, 2010 at 3:20 PM, Sven Aluoor <aluoor () gmail com> wrote:

Hi folks

I have here a box with Cisco's IOS which makes SCEP (Simple
Certificate Enrollment Protocol) request with Dst Port 446 to a
Solaris box with RSA Keon.

Apache is listening:

$ netstat -an | grep 446
     *.446                *.*                0      0 49152      0 LISTEN

nothing in layer 7 log files:

$ ls -lrt scep-*
-rw-r-----   1 root     root           0 Jan  20  2008 scep-error.log
-rw-r-----   1 root     root           0 Jan  20 2008 scep-access.log

snoop output (analyzed with Wireshark, see screenshot[0]).

I see that the source sends a SYN package and the destination box
answers with Reset. How to see if the reset comes from application
(RSA Keon) or the UNIX Box? I guess it is not the application because
of empty log file. Any other hints on troubleshooting this?

cheers Sven

[0] http://i.imgur.com/ZbEeh.png
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

who sends RST packets? UNIX box or application? Troubleshooting hints? Sven Aluoor (Dec 15)
- Re: who sends RST packets? UNIX box or application? Troubleshooting hints? bart sikkes (Dec 15)
- Re: who sends RST packets? UNIX box or application? Troubleshooting hints? Andrew Hood (Dec 16)