This is good stuff. I found your KZbin channel by chance, and I’m glad I did. Your explanations are clear and concise.

This is just pure class ... Fabulous !

thank you so much for pointing out the reset at the end of the tcp communication (FIN).

Short and nice. The link to the capture returns a 404? Could it be available again or elsewhere ?

Hi Chris , Thanks for posting the video, I have a question, how did we know that TTL 64 suggests packet was unrouted and the FIN was sent by the firewall.

Can you do a video on SSL handshake process and IPSEC VPN steps in detail ?

You have great way of explaining. Thanks a lot Chris 😁

Thanks for the informative video. The capture file given in the description returns a 404

hello Chris, I dont think it will be sending TCP RST if the port no 22 is not opened for that particular ip. Instead it will be retransmitting it ...you can capture a packet and test it yourself :)

Hey chris can u provide some info on tcp reset o ??? it will be super helpful.

Hi Chris . This is SUBU . Nice video and nice explanation as always . Highly appreciate if you shed more light on RESET from server due to TCP-SYN -sequence number out of window . on the firewalls , we have this no-sequence-check" . recently came across an issue when TCP transaction is happening between 2 SRX juniper FW's , witnessed packet drops . Server or client sending RESET during TCP-3 way handshake or post TCP 3 way handshake due to Sequence number checks . these elements could you please talk about for more clarity . will be of great help . Thanks .

Hey Chris, this one was nice. A question though - if reset comes from some intermediate firewall and TTL decreases to 54 then shouldn't the source IP should change as Firewall 's IP?

Another excellent video. Thank you for sharing!

Another awesome video many thanks for the effort

Hey Chris, at 6:27, is there a specific reason a server chooses to "ungracefully" abort the connection with a RST vs. a FIN? It is doing this to more quickly clear the TCP session on its end or something similar? Or just different ways different OS/TCP stacks handle closing connections?

Subscribed your channel and forwarded to my group.You are doing an awesome work

on what base you are saying it was the firewall, can you please explain more?

THank you for this very informative video! Question, when you do your packet captures, do you run them on the client, server, or firewall? or all 3 of them? I just want to know which one will have a more complete capture since sometimes firewalls drop packets and the client/server doesn't see it being dropped. Thanks in advance!

This content is gold

How did you know that the firewall sent the reset in packet 2

What if you see multiple resets back to back?

Excellent!!! As usual :-)

Hi Chris :) I suppose the trace file has been moved from the link you shared...can you please share the new link for the trace?

TTL is clear to me 😀

Hi Chris, the PCAP file is 404.

you did not explain how you know it was the firewall who sent the rst

Thank you 🙏

The wireshark file isn't available anymore.

Very informative

Would i also get a RST if the Firewall is blocking the port?

While this is clear and I may be encountering the same thing in my server, what's the best way we can make it automatically retry without abandoning the transaction. As firewall is not in my control the best way could be to make it auto retry.

very informative.

how did you know that 64 TTL is a reply from the firewall???

Excellent

Could we classify colors as Red = firewall and so on?

3:56 - How can you tell that it came from a Firewall? Is the TTL for Firewalls always 64? Also, if it came from a Firewall, why doesnt the Source IP indicate that?

the pcap file is 404, why?

The trace file has a 404 error. Please try to upload the file again, thanks in advance!

Many thanks your the best

Great!!

very useful, thanks