So this is interesting.... I did a pkt capture with tshark while a 'guix pull' was running and captured RST packets for the TLS connection:
1 0.000000000 <redacted> 185.233.100.56 SSL 2804 Continuation Data 2 0.000047880 <redacted> 185.233.100.56 SSL 2804 Continuation Data 3 0.355735909 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0 4 0.355891353 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0 5 0.355891393 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0 6 0.355939644 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0 7 0.356476147 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0 8 0.356476197 185.233.100.56 <redacted> TCP 62 443 → 53526 [RST] Seq=1 Win=0 Len=0 Now, is that RST coming from an intermediate device (ex: my firewall) or directly from the sub server? Not sure but I will inspect firewall logs and its interesting that its only the one host exhibiting this behavior. FWIW, no host-based firewall or IPS/IDS in play here.
