Win-7 TCP sends [RST/ACK] after ~90 sec of traffic all the time. Repeatable 100% on multiple Win-7 PC's.
Same TCP App on Win-XP works just fine. TCP socket in both cases connected to Linux Ubuntu machine.
Any suggestions how to debug TCP layer ?

Cheers kes

Wireshark on PC in promiscuous mode (although if the TCP stream is destined for that PC (IP Stack) then non-promiscuous mode is okay.

That's excatly what I did and I did see RST/ACK was send by TCP client. Question why ?! k

573 98.491021 10.19.81.140 10.52.205.243 TELNET Telnet Data ...
574 98.491023 10.19.81.140 10.52.205.243 TELNET Telnet Data ...
575 98.491125 10.52.205.243 10.19.81.140 TCP 55678 > telnet [RST, ACK] Seq=345 Ack=5413 Win=0 Len=0

What does the TCP layer in the trace tell you? Also the IP layer?

What's the app. ?

The app is TELNET, trace tells that TCP send socket reset on Win-7 side. The FIN was not set from other end. Nothing special or abnormal. k

Yes, I understand what you have written in the trace above, what I meant was when you highlight the packet in Wireshark, there is a section beneath that can be broken down into Layer 2, 3 and 4.... when you examine the TCP layer in that section, what does it say with regards to the RST / ACK packet?

Few frames before RST, k

Frame 572: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Aug 2, 2012 16:30:47.979404000 Central Daylight Time
Epoch Time: 1343943047.979404000 seconds
[Time delta from previous captured frame: 0.000793000 seconds]
[Time delta from previous displayed frame: 0.000793000 seconds]
[Time since reference or first frame: 98.491017000 seconds]
Frame Number: 572
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:telnet]
Ethernet II, Src: Cisco_6d:be:80 (00:16:9c:6d:be:80), Dst: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
Destination: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
Address: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_6d:be:80 (00:16:9c:6d:be:80)
Address: Cisco_6d:be:80 (00:16:9c:6d:be:80)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 0000000000
Internet Protocol, Src: 10.19.81.140 (10.19.81.140), Dst: 10.52.205.243 (10.52.205.243)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 41
Identification: 0xb451 (46161)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (6)
Header checksum: 0x58b7 [correct]
[Good: True]
[Bad: False]
Source: 10.19.81.140 (10.19.81.140)
Destination: 10.52.205.243 (10.52.205.243)
Transmission Control Protocol, Src Port: telnet (23), Dst Port: 55678 (55678), Seq: 5412, Ack: 342, Len: 1
Source port: telnet (23)
Destination port: 55678 (55678)
[Stream index: 6]
Sequence number: 5412 (relative sequence number)
[Next sequence number: 5413 (relative sequence number)]
Acknowledgement number: 342 (relative ack number)
Header length: 20 bytes
Flags: 0x38 (PSH, ACK, URG)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..1. .... = Urgent: Set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size: 92
Checksum: 0xb97c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 1
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 570]
[The RTT to ACK the segment was: 0.000875000 seconds]
[Number of bytes in flight: 1]
Telnet
[Malformed Packet: TELNET]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
----------------------------------------------

Frame 573: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Aug 2, 2012 16:30:47.979408000 Central Daylight Time
Epoch Time: 1343943047.979408000 seconds
[Time delta from previous captured frame: 0.000004000 seconds]
[Time delta from previous displayed frame: 0.000004000 seconds]
[Time since reference or first frame: 98.491021000 seconds]
Frame Number: 573
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:telnet]
Ethernet II, Src: Cisco_6d:be:80 (00:16:9c:6d:be:80), Dst: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
Destination: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
Address: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_6d:be:80 (00:16:9c:6d:be:80)
Address: Cisco_6d:be:80 (00:16:9c:6d:be:80)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 0000000000
Internet Protocol, Src: 10.19.81.140 (10.19.81.140), Dst: 10.52.205.243 (10.52.205.243)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 41
Identification: 0xb452 (46162)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (6)
Header checksum: 0x58b6 [correct]
[Good: True]
[Bad: False]
Source: 10.19.81.140 (10.19.81.140)
Destination: 10.52.205.243 (10.52.205.243)
Transmission Control Protocol, Src Port: telnet (23), Dst Port: 55678 (55678), Seq: 5413, Ack: 342, Len: 1
Source port: telnet (23)
Destination port: 55678 (55678)
[Stream index: 6]
Sequence number: 5413 (relative sequence number)
[Next sequence number: 5414 (relative sequence number)]
Acknowledgement number: 342 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size: 92
Checksum: 0xc69c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Number of bytes in flight: 2]
Telnet
Data: \362
----------------------------------------------------------


Frame 574: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Aug 2, 2012 16:30:47.979410000 Central Daylight Time
Epoch Time: 1343943047.979410000 seconds
[Time delta from previous captured frame: 0.000002000 seconds]
[Time delta from previous displayed frame: 0.000002000 seconds]
[Time since reference or first frame: 98.491023000 seconds]
Frame Number: 574
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:telnet]
Ethernet II, Src: Cisco_6d:be:80 (00:16:9c:6d:be:80), Dst: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
Destination: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
Address: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_6d:be:80 (00:16:9c:6d:be:80)
Address: Cisco_6d:be:80 (00:16:9c:6d:be:80)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 00000000
Internet Protocol, Src: 10.19.81.140 (10.19.81.140), Dst: 10.52.205.243 (10.52.205.243)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 42
Identification: 0xb453 (46163)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (6)
Header checksum: 0x58b4 [correct]
[Good: True]
[Bad: False]
Source: 10.19.81.140 (10.19.81.140)
Destination: 10.52.205.243 (10.52.205.243)
Transmission Control Protocol, Src Port: telnet (23), Dst Port: 55678 (55678), Seq: 5414, Ack: 342, Len: 2
Source port: telnet (23)
Destination port: 55678 (55678)
[Stream index: 6]
Sequence number: 5414 (relative sequence number)
[Next sequence number: 5416 (relative sequence number)]
Acknowledgement number: 342 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size: 92
Checksum: 0xab91 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Number of bytes in flight: 4]
Telnet
Data: \r\n

Frame 575: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Arrival Time: Aug 2, 2012 16:30:47.979512000 Central Daylight Time
Epoch Time: 1343943047.979512000 seconds
[Time delta from previous captured frame: 0.000102000 seconds]
[Time delta from previous displayed frame: 0.000102000 seconds]
[Time since reference or first frame: 98.491125000 seconds]
Frame Number: 575
Frame Length: 54 bytes (432 bits)
Capture Length: 54 bytes (432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
Ethernet II, Src: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70), Dst: Cisco_6d:be:80 (00:16:9c:6d:be:80)
Destination: Cisco_6d:be:80 (00:16:9c:6d:be:80)
Address: Cisco_6d:be:80 (00:16:9c:6d:be:80)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
Address: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 10.52.205.243 (10.52.205.243), Dst: 10.19.81.140 (10.19.81.140)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x1707 (5895)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0000 [incorrect, should be 0xb002]
[Good: False]
[Bad: True]
[Expert Info (Error/Checksum): Bad checksum]
[Message: Bad checksum]
[Severity level: Error]
[Group: Checksum]
Source: 10.52.205.243 (10.52.205.243)
Destination: 10.19.81.140 (10.19.81.140)
Transmission Control Protocol, Src Port: 55678 (55678), Dst Port: telnet (23), Seq: 345, Ack: 5413, Len: 0
Source port: 55678 (55678)
Destination port: telnet (23)
[Stream index: 6]
Sequence number: 345 (relative sequence number)
Acknowledgement number: 5413 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size: 0
Checksum: 0x33e1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 572]
[The RTT to ACK the segment was: 0.000108000 seconds]

Frame 576: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Arrival Time: Aug 2, 2012 16:30:47.979564000 Central Daylight Time
Epoch Time: 1343943047.979564000 seconds
[Time delta from previous captured frame: 0.000052000 seconds]
[Time delta from previous displayed frame: 0.000052000 seconds]
[Time since reference or first frame: 98.491177000 seconds]
Frame Number: 576
Frame Length: 54 bytes (432 bits)
Capture Length: 54 bytes (432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
Ethernet II, Src: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70), Dst: Cisco_6d:be:80 (00:16:9c:6d:be:80)
Destination: Cisco_6d:be:80 (00:16:9c:6d:be:80)
Address: Cisco_6d:be:80 (00:16:9c:6d:be:80)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
Address: CompalIn_ab:dd:70 (00:1e:ec:ab:dd:70)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 10.52.205.243 (10.52.205.243), Dst: 10.19.81.140 (10.19.81.140)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x1708 (5896)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0000 [incorrect, should be 0xb001]
[Good: False]
[Bad: True]
[Expert Info (Error/Checksum): Bad checksum]
[Message: Bad checksum]
[Severity level: Error]
[Group: Checksum]
Source: 10.52.205.243 (10.52.205.243)
Destination: 10.19.81.140 (10.19.81.140)
Transmission Control Protocol, Src Port: 55678 (55678), Dst Port: telnet (23), Seq: 342, Len: 0
Source port: 55678 (55678)
Destination port: telnet (23)
[Stream index: 6]
Sequence number: 342 (relative sequence number)
Acknowledgement number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set
Header length: 20 bytes
Flags: 0x04 (RST)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgement: Not set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size: 0
Checksum: 0x33e1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]

Src/DstIp 10.19.81.140, attach WS pcap file, k

• https://www.dropbox.com/s/4krr4yiiwjmqr77/TCPRST.pcap?m