TCP FIN packets missing in captures

Posted on 2009-12-30
Last Modified: 2012-05-08
Hello all,

I have been performing packet captures using wireshark and noticed that there are a large number of conversations that do not end with the typical FIN / FIN,ACK / ACK sequence of packets.  Instead they end with FIN, ACK / FIN ACK /  / RST.  I've read that some conversations will end with a RST but the more structured method is the FIN / FIN,ACK / ACK sequence.  

Can someone shed light on why these conversations are ending like this?
Question by:TCIchughes
    LVL 21

    Accepted Solution

    The Fin Ack sequence is the normal way to close a connection but some applications use reset to terminate a session. It doesn't get ack'd so it is assumed that it got to the other side and did its job.

    Author Closing Comment

    I've seen this explanation from other sources.  I also read that the remote end will sometimes even drop the connection to terminate it.  This results in the remote end issuing tcp keepalives until the connection times out.  Very sloppy.  Mine is a microsoft environment.  I guess Microsoft doesnt adhere to the RFC.  

    Thanks for the help!
    LVL 21

    Expert Comment

    Firewalls can be a source of resets too when they think something is wrong/suspicious with a packet.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now