I have an issue with receiving RST packets when trying to access a particular service on a server. Running wireshark from the client side, I see that RST packets occur at TTL of 57 the source being the server IP. The server is a Linux box with a 64 TTL and there are 11 hops to the server from the client which results in a 53 TTL for good connections not facing the issue.
When the RST occurs and the TTL is 57, that tells me that it is not the client or server causing/sending the RST, but rather a device in the middle that is breaking the connection. If it was the server causing the RST the TTL for the RST packet would be 53.
My question is this, which way do I count the hops to determine what device is causing the RST if the TTL is 57? Seeing as how I am running the wireshark trace from the client, do I count hops from the client side or should I count hops from the server side seeing as it is the source of the RST?
Given the above, In the example below would I identify the device causing the RST packets to be d.d.d.d by counting down TTL from server side or would the suspected device be h.h.h.h by counting from the client side?
Example trace route:
1 a.a.a.a client side gateway
2 b.b.b.b
3 c.c.c.c
4 d.d.d.d
5 e.e.e.e
6 f.f.f.f
7 g.g.g.g
8 h.h.h.h
9 i.i.i.i
10 j.j.j.j
11 k.k.k.k
12 l.l.l.l server
No comments:
Post a Comment