Bagheera Posted May 17, 2018 Share Posted May 17, 2018 Hi, I'm currently looking at a .pcap using Wireshark. Hak5 had an excellent video with tips but I'm stuck at this Screenshot It seems I get an "RST, ACK" and then a retransmission, in a loop that continues in intervals. Same length every time. I'm supposed to analyse the pcap and explain any odd behavior. I hope really hope that there is a kind soul that might offer the time and assistance and explain what I'm seeing :D Thanks! Quote Link to comment Share on other sites More sharing options...
digininja Posted May 17, 2018 Share Posted May 17, 2018 Sounds like you are asking us to do your homework for you. Quote Link to comment Share on other sites More sharing options...
Bagheera Posted May 17, 2018 Author Share Posted May 17, 2018 No, just nudge me in the right direction. What might be causing this? Quote Link to comment Share on other sites More sharing options...
digininja Posted May 17, 2018 Share Posted May 17, 2018 Do you understand what the RST flag means and is used for? If not, do some research on that, that might help. Quote Link to comment Share on other sites More sharing options...
Bagheera Posted May 17, 2018 Author Share Posted May 17, 2018 Well, as the board so elegantly puts it, I am a newbie. So there seems to be many reasons for a device to send an RST, with no clear answer, from firewalls to response to receiving a packet. But this, if I understand correctly, is being send and resend after the retransmission, from one private host to another. For the sake of helping with the homework.. what could be achieved by doing this on, say, purpose? Quote Link to comment Share on other sites More sharing options...
digininja Posted May 18, 2018 Share Posted May 18, 2018 If I'd set this as homework (I do teach university classes occasionally) then I'd expect you to write up all the different possibilities. You've mentioned that there are many reasons, write about them all and once you've done that, go through them and speculate on which ones you think could be happening here and which are unlikely. That way, you are showing that you've done the research that you were asked for and showing that you can reason through different options to pick the most appropriate. 1 Quote Link to comment Share on other sites More sharing options...
Bigbiz Posted May 18, 2018 Share Posted May 18, 2018 How close are you to this packet source. Try to move farther away so the packet has time to unfold. Quote Link to comment Share on other sites More sharing options...
digininja Posted May 18, 2018 Share Posted May 18, 2018 From the screenshot and what he said it looks like a pcap that he has been given to analyse not a live capture. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.