First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Closing connection with FIN, ACK

  • retag add tags

Looking to confirm which side of the wire is killing a connection between two servers. My suspicion is that 4.49.90.20 is closing down the connection with sending a FIN ACK. Does that look correct? See three attempts:

Attempt #1: https://imgur.com/a/zkVTuPZ Attempt #2: https://imgur.com/a/kcWAfbi Attempt #3: https://imgur.com/a/F3gLhXM

N3tw0rk_Sh4rk's avatar
1
N3tw0rk_Sh4rk
asked 2020-02-18 19:38:34 +0000, updated 2020-02-18 19:39:21 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Yes - that's correct.
It might be easier to look at if you apply a Conversation Filter->TCP to the SYN packet at the beginning of each example. There a mix of port numbers in the images from different connections.
Looks like from the packet timing that the capture was done on 10.220.100.103.
About 120-160 uSec after receiving the FIN, ACK from 4.49.90.20 it responds with a RST, ACK.

Chuckc's avatar
3k
Chuckc
answered 2020-02-18 19:59:36 +0000, updated 2020-02-18 19:59:57 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks for confirming. Figured it was a 4.49 closing the connection because it was sent before the RST, ACK from 10.220

N3tw0rk_Sh4rk's avatar N3tw0rk_Sh4rk (2020-02-18 21:25:31 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer