Network Connection closing

Question

Please help me decode the following. I have a problem in the network, unable to figure out where it is. Follow is the decode summary we got from the capture by running the OPNET software.

I think Connection 2 is successful, where the client ends with FIN, and connection 1 ends prematurely issuing RST, what could be the reasons..?

Connection 1 Frame Source Destination Decode Summary

480 Server Client D=3590 S=443 FIN ACK=3832271994 SEQ=1338775336 LEN=0 WIN=11088 481 Client Server D=443 S=3590 ACK=1338775337 SEQ=3832271994 LEN=0 WIN=64512 502 Client Server D=443 S=3590 RST ACK=1338775337 SEQ=3832271994 LEN=0 WIN=0

Connection 2

855 Server Client D=3600 S=443 FIN ACK=3778329063 SEQ=3650187663 LEN=0 WIN=26328

856 Client Server D=443 S=3600 ACK=3650187664 SEQ=3778329063 LEN=0 WIN=63297

857 Client Server D=443 S=3600 FIN ACK=3650187664 SEQ=3778329063 LEN=0 WIN=63297

859 Server Client D=3600 S=443 ACK=3778329064 SEQ=3650187664 LEN=0 WIN=26328

In summary the connection endings are,

1 - Server: FIN, Client: RST
2 - Server: FIN, Client: FIN

Answer 1

From the Wikipedia page on TCP:

Some host TCP stacks may implement a half-duplex close sequence, as Linux or HP-UX do. If such a host actively closes a connection but still has not read all the incoming data the stack already received from the link, this host sends a RST instead of a FIN (Section 4.2.2.13 in RFC 1122).

Could it be something like this you are seeing?