Ask Your Question
0

Large number of RST-SYN

asked 2019-03-18 19:08:20 +0000

aasalem gravatar image

updated 2019-03-19 11:06:29 +0000

grahamb gravatar image

Am truing to tune this pc and not sure what and why this large number of RSTs are coming from.

1   0.000000000 127.0.0.1   127.0.0.1   TCP 76  45689 → 42385 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=4151242101 TSecr=0 WS=128
116 33.035618863    127.0.0.1   127.0.0.1   TCP 56  42385 → 39483 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

Linux alaa-HP-Pavilion-dv2700-Notebook-PC 4.15.0-46-generic #49~16.04.1-Ubuntu SMP Tue Feb 12 17:44:38 UTC 2019 i686 athlon i686 GNU/Linux

Scanned with clam.

https://drive.google.com/open?id=17Wn...

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
0

answered 2019-03-21 10:57:36 +0000

Kurt Knochner gravatar image

There is no service listening on port 42385. Not sure if you anonymized the pcap (127.0.0.1), or if you captured on localhost. Based on the delta time between SYN and RST, I tend to believe you captured on localhost. So, try to figure out which process is trying to connect to port 42385.

Run the following command and either check yourself or post here.

netstat -nap | grep 42385

Regards
Kurt

edit flag offensive delete link more
0

answered 2019-03-21 10:22:44 +0000

atom gravatar image

Maybe you could find out what application listens on port 42385.

edit flag offensive delete link more

Comments

I think there is nothing listening on port 42385, hence the resets. I think the issue is more about what process is continually sending the SYN to port 42385, from a random bunch of ephemeral ports. I'm not sure what tools are available on Linux to help with that, maybe lsof?

grahamb gravatar imagegrahamb ( 2019-03-21 10:58:38 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-03-18 19:08:20 +0000

Seen: 375 times

Last updated: Mar 21 '19