Wireshark mailing list archives
Re: Expert item for TCP RST flag
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Thu, 09 Jan 2014 10:22:11 -0500
On 01/09/2014 07:40 AM, Joerg Mayer wrote:
On Tue, Jan 07, 2014 at 05:09:11PM -0800, Gerald Combs wrote:On 1/7/14 4:19 PM, Joerg Mayer wrote:Right now TCP packets with RST are marked as severity chat. Is there a reason why this isn't warn?Some applications use RSTs as a way to quickly close connections. Internet Explorer is probably the most common example.Just curious: How does an application do that (rst instead of proper fin-sequence)? Kill the process that opened the tcp socket?
By calling close() instead of shutdown() on the socket fd. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Expert item for TCP RST flag Joerg Mayer (Jan 07)
- Re: Expert item for TCP RST flag Gerald Combs (Jan 08)
- Re: Expert item for TCP RST flag mmann78 (Jan 08)
- Re: Expert item for TCP RST flag Edwin Groothuis (Jan 09)
- Re: Expert item for TCP RST flag Joerg Mayer (Jan 09)
- Re: Expert item for TCP RST flag Joerg Mayer (Jan 09)
- Re: Expert item for TCP RST flag Jeff Morriss (Jan 09)
- Re: Expert item for TCP RST flag Michael Tuexen (Jan 09)
- Re: Expert item for TCP RST flag Gerald Combs (Jan 08)
- <Possible follow-ups>
- Re: Expert item for TCP RST flag Ed Beroset (Jan 09)