Wireshark mailing list archives

Re: Expert item for TCP RST flag

From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Thu, 09 Jan 2014 10:22:11 -0500

On 01/09/2014 07:40 AM, Joerg Mayer wrote:

On Tue, Jan 07, 2014 at 05:09:11PM -0800, Gerald Combs wrote:

On 1/7/14 4:19 PM, Joerg Mayer wrote:

Right now TCP packets with RST are marked as severity chat. Is there a reason
why this isn't warn?


Some applications use RSTs as a way to quickly close connections.
Internet Explorer is probably the most common example.


Just curious: How does an application do that (rst instead of proper
fin-sequence)? Kill the process that opened the tcp socket?


By calling close() instead of shutdown() on the socket fd.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Expert item for TCP RST flag Joerg Mayer (Jan 07)
- Re: Expert item for TCP RST flag Gerald Combs (Jan 08)
  - Re: Expert item for TCP RST flag mmann78 (Jan 08)
  - Re: Expert item for TCP RST flag Edwin Groothuis (Jan 09)
  - Re: Expert item for TCP RST flag Joerg Mayer (Jan 09)
  - Re: Expert item for TCP RST flag Joerg Mayer (Jan 09)
    - Re: Expert item for TCP RST flag Jeff Morriss (Jan 09)
    - Re: Expert item for TCP RST flag Michael Tuexen (Jan 09)
- <Possible follow-ups>
- Re: Expert item for TCP RST flag Ed Beroset (Jan 09)