RST ACK with Reset cause

rsttcp

We have a device that connects over Wired LAN (Ethernet) to our cloud servers.
At certain customer locations, when the device tries to send data, we are getting RST ACK from the customer server to our cloud server with a reset cause.
I am not able to understand the reason from this.

The device is getting connected through DHCP to the customers routers and then from the routers to our cloud server.

I have attached a copy of the wireshark dump.

Best Answer

The RST packets in your capture are unrelated to all the other TCP connections seen in your capture. That makes it difficult to guess what may have triggered them. I see no evidence to suggest that the RST packets were triggered by other packets in your capture.

Unlike a normal RST packet, each RST packet in your capture also has a payload. The selected packet has this payload:

(Ref.Id: ?sufKKsWW25F4Cs7CEW4MM?)

This payload is the best hint so far about what may have caused those RST packets. Maybe if you capture traffic for a longer period of time you'll find out if the RST packets are related to a TCP connection which has been idle for a while.

Also check the logs on any middleboxes (NAT, firewall, etc.) for the string sufKKsWW25F4Cs7CEW4MM.

Searching for Ref.Id and RST leads to this older question about a firewall called Sonicwall NSA 2400. And from a quick look over the other search results it appears that the majority of them also mention Sonicwall. So it sounds like the RST packets are most likely produced by a Sonicwall firewall.

Best Answer

Related Solutions

TCP RST Reset Every 5 Minutes on Windows 2003 sp2

Linux – When does the TCP engine decide to send an ACK

Related Topic