SOLVED: VIDEO: How to use WireShark to Troubleshoot RST TCP Resets

If you have a tool like Logic Monitor reporting that reporting something like:

The host SRV is experiencing an unusual number of failed TCP connections, probably incoming connections.
There are now 3.27 per second failed connections, putting the host in a warn level.

LogicMonitor

you can use free tools like WireShark to capture all of the network traffic on a Windows Server (or PC like Win 10 or Win 11 for that matter) then sort and filter the failures to look for patterns:

Here are some common TCP port numbers to consider:

Port NumberUsage
20File Transfer Protocol (aka FTP) Data Transfer
21File Transfer Protocol (aka FTP) Command Control
22Secure Shell (aka SSH)
23Telnet – Remote login service, unencrypted text messages
25Simple Mail Transfer Protocol (aka SMTP) E-mail Routing
53Domain Name System (aka DNS) service
80Hypertext Transfer Protocol (aka HTTP) used in World Wide Web
110Post Office Protocol (aka POP3) used by e-mail clients to retrieve e-mail from a server
119Network News Transfer Protocol (aka NNTP)
123Network Time Protocol (aka NTP)
143Internet Message Access Protocol (aka IMAP) Management of Digital Mail
161Simple Network Management Protocol (aka SNMP)
194Internet Relay Chat (aka IRC)
443HTTP Secure (aka HTTPS) HTTP over TLS/SSL

Published by
Ian Matthews

This website uses cookies.