Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1301
  • Last Modified:

TCP FIN packets missing in captures

Hello all,

I have been performing packet captures using wireshark and noticed that there are a large number of conversations that do not end with the typical FIN / FIN,ACK / ACK sequence of packets.  Instead they end with FIN, ACK / FIN ACK /  / RST.  I've read that some conversations will end with a RST but the more structured method is the FIN / FIN,ACK / ACK sequence.  

Can someone shed light on why these conversations are ending like this?
0
TCIchughes
Asked:
TCIchughes
  • 2
1 Solution
 
Rick_O_ShayCommented:
The Fin Ack sequence is the normal way to close a connection but some applications use reset to terminate a session. It doesn't get ack'd so it is assumed that it got to the other side and did its job.
0
 
TCIchughesAuthor Commented:
I've seen this explanation from other sources.  I also read that the remote end will sometimes even drop the connection to terminate it.  This results in the remote end issuing tcp keepalives until the connection times out.  Very sloppy.  Mine is a microsoft environment.  I guess Microsoft doesnt adhere to the RFC.  

Thanks for the help!
0
 
Rick_O_ShayCommented:
Firewalls can be a source of resets too when they think something is wrong/suspicious with a packet.
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now