I trying to track down a connection issue. What I'm seeing is s [SYN] followed by a {RST,ACK} series of packets. What would cause this?

asked 06 Jan '11, 11:06

vmjr's gravatar image

vmjr
1223
accept rate: 100%


This is very simply that the port you are trying to connect to is not being listened to on the remote host. Either your service is not running on the host, or possibly it has been firewalled.

link

answered 06 Jan '11, 15:04

martyvis's gravatar image

martyvis
8461524
accept rate: 7%

edited 06 Jan '11, 22:43

Two things: I think you mean "service is NOT running on the host". and usually a firewall does not reply with a RST packet if it is configured correctly. It will just drop the SYN with no answer at all. There are some IDS/IPS systems that issue forged RST packets sometimes though.

(06 Jan '11, 18:57) Jasper ♦

Just fixed the not. I agree generally a firewall will be stealthy - but just covering the bases for the original poster.

(06 Jan '11, 22:45) martyvis

I have seen a SYN with a RST,ACK sent back. In this case is was a portmap failure on a CISCO ASA firewall. A nonat statement is needed to tell the firewall to not nat the packet as it passes through the firewall.

link

answered 07 Jan '11, 13:52

erics's gravatar image

erics
462
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×46

Asked: 06 Jan '11, 11:06

Seen: 33,819 times

Last updated: 07 Jan '11, 13:52

powered by OSQA