Wireshark mailing list archives
Re: who sends RST packets? UNIX box or application? Troubleshooting hints?
From: bart sikkes <b.sikkes () gmail com>
Date: Wed, 15 Dec 2010 19:13:46 +0100
would have been more useful if you kept the source and destination ip info. because it seems to me that the source send a syn and destination sends a syn and ack back and then the source is sending the reset (based on port info). beyond that enough stuff to check. you could run wirehsark (or tcpdump or such) on the solaris box and see if it does indeed send the reset. beyond that: - can other systems use the solaris box? - are there any firewalls or such in between? - has to solaris box itself some firewall or hosts.allow sort of setup? - when you port scan the solaris box, is port 446 reported as listening? good luck, bart On Wed, Dec 15, 2010 at 3:20 PM, Sven Aluoor <aluoor () gmail com> wrote:
Hi folks I have here a box with Cisco's IOS which makes SCEP (Simple Certificate Enrollment Protocol) request with Dst Port 446 to a Solaris box with RSA Keon. Apache is listening: $ netstat -an | grep 446 *.446 *.* 0 0 49152 0 LISTEN nothing in layer 7 log files: $ ls -lrt scep-* -rw-r----- 1 root root 0 Jan 20 2008 scep-error.log -rw-r----- 1 root root 0 Jan 20 2008 scep-access.log snoop output (analyzed with Wireshark, see screenshot[0]). I see that the source sends a SYN package and the destination box answers with Reset. How to see if the reset comes from application (RSA Keon) or the UNIX Box? I guess it is not the application because of empty log file. Any other hints on troubleshooting this? cheers Sven [0] http://i.imgur.com/ZbEeh.png ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- who sends RST packets? UNIX box or application? Troubleshooting hints? Sven Aluoor (Dec 15)
- Re: who sends RST packets? UNIX box or application? Troubleshooting hints? bart sikkes (Dec 15)
- Re: who sends RST packets? UNIX box or application? Troubleshooting hints? Andrew Hood (Dec 16)