Dean QeMoo
asked on
TCP RST Packet over than 80% captured packet
Hi All,
I had capture the packet within our intranet where I place the sniffing tool at core switch to only capture conversation between all client to one server. I had observer the almost packet was captured is TCP SYN/ACK packet and TCP RST packet. The TCP SYN packet only below then 10% of captured packet. Its is abnormal in happen in this conversation?
I had capture the packet within our intranet where I place the sniffing tool at core switch to only capture conversation between all client to one server. I had observer the almost packet was captured is TCP SYN/ACK packet and TCP RST packet. The TCP SYN packet only below then 10% of captured packet. Its is abnormal in happen in this conversation?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you seeing the resets by the same destination host? Could you share the capture file?
What sort of protections do you have now? I would highly recommend reviewing that. I would not be shocked if there were some active attack attempts taking place. But we do need more detailed data to give definitive answers.
Author abandoned.
ASKER