What's that NetScaler Reset Packet?

Source: Internet
Author: User
Tags netscaler

What's that NetScaler Reset Packet?

https://www.citrix.com/blogs/2014/05/20/whats-that-netscaler-reset-packet/

A few weeks ago I wrote a blog post on what to empower and extend your default Wireshark configuration titled NetScaler + W Ireshark = A Perfect combination! I ' d like-to-follow up-that-post with this article which focuses on what to interpret some of the the data so you could see in a NetScaler Trace.

The TCP Reset [RST]

Quick Tip:if want a general overview of what a TCP reset are, then please visit the following URLs to gain some high le Vel insight:http://en.wikipedia.org/wiki/tcp_reset_attack

There is numerous different reasons for what a TCP reset [rst] May has occurred, but understanding why the [RST] was issu Ed by one of the TCP end-points would provide you and insight into what a particular TCP communication flow was stopped.

As a note, a TCP [FIN] is similar to a TCP [RST] in that they both conclude a TCP communication. However, [FIN] ' s is the gracious means of ending the communication and a [RST] is a rather abrupt method for terminating The communication, perhaps similar to slamming the door or hanging up the phone rather abruptly.

OK, so you've taken a NetScaler trace and you're d like to see if there is any TCP [RST] ' s in the trace. Simply put the following filter expression (Tcp.flags.reset = = 1) into Wireshark and click "Apply":

If there is any TCP [RST] 's from applying the filter, you'll see them in the presented output, coupled with also seeing t He SOURCE IP address which sent the [RST]:

Highlight the packet row with the actual [RST] and look at the packet Detail pane under Transmission Control Protocol. You'll see that the TCP Reset flag was set with the (1) Value:

Now so you've seen that a particular HOST have issued a [RST], how does you determine what the reason is for the end of CO Mmunication? Well, in the previous graphic you can see additional detail included in the ' Info ' section, such as the Seq, Win and Lenre Spectively.

Make note of the "Win" field. The example provided you can see the value of is win=9700. This field gives your netscaler-assigned code for the actual [RST].

When you see a TCP [rst] issued, jot down the ' Win value ' and then reference the ' following chart to ' see why ' [rst] was is Sued:

================= End

What's that NetScaler Reset Packet?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.