Home page logo
/

wireshark logo Wireshark mailing list archives

How to interpret trace
From: George Levasseur <geolev () yahoo com>
Date: Tue, 23 Mar 2010 07:01:16 -0700 (PDT)

Hi,

I am unsure of how to interpret a network trace. I understand that there is a source machine and a destination machine 
in the following trace snippet:

467708    620.887615    10.65.85.11    10.65.42.44    TNS    Request, Data (6), Data
467709    620.887860    10.65.42.44    10.65.85.11    TCP    ncube-lm > de-noc [RST] Seq=1 Win=0 Len=6

How should I read the above?

10.65.85.11 sends a TNS request to 10.65.42.44

Do I have that right?

I'm not sure what to make of the next line. I understand that it is a TCP reset which means TCP detected a request on a 
connection that was closed. Is that correct?

What I don't understand is, is there anything there that tells me who closed the connection? Is it 10.65.42.44 that 
closed it or 10.65.85.11?

Is the second line a response to the first line? 

Any help would be greatly appreciated.

Geolev


      
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]