How to troubleshoot TCP-RST Issues?
There might be issues in the network where we see that connections are not getting completed. For example, this could happen when we try to access a website. Now, how to get to the bottom of this issue.
Below is an example of a TCP reset in Wireshark. For every SYN packet sent, the response is a packet with an RST flag set instead of our expectation of an SYN and ACK.
Does this mean that the RST was sent by 139.254.134.238 as shown in Wireshark?
The answer is that it may or may not be.
To get to the root of the problem, we need to look at the TTL(Time to Live) value. In the below picture, the value is seen as 64. Normally, the TTL values are set to 255,128 or 64. For every router it passes through, the TTL value reduces by 1. In this case, the value is 64 which means that it is not routed at all. This also means that the RST was not sent by 139.254.134.238 as seen in the captures. The RST was sent by a device within one hop.
Our final finding in this case was a Firewall in the network. It was the next device and there was a setting which allowed a client to have only up to 20 simultaneous connections and it had reached the limit. We made changes to the configuration on the Firewall and resolved the issue.
Note: Use the TTL value and isolate the device. Then take captures there and look into the configurations on particular reasons the TCP RST could be sent by that device.
9 years of experience in Wireless industry. L 3 Wireless Network Engineer at MIST Juniper || Ex Aruba Wireless / Switching PVOS & CX /Cloud
2 年Good one ?????
Member of Engineering Resolution Team at HPE Aruba Networking
2 年Good one
Wireless Software Engineer specializing in Networking Technology at Extreme Networks
2 年Real time lessons ??
Customer Success @ Celona | Ex-Ruckus | Enterprise Wireless | Learning and Working on 5G LAN | Private Cellular LAN
2 年Awesome dude.