<div>
the application running for tapping server is post system for ordering food/drink where host will request to server if the order key-in. I detected unknown service appear when the server become slow and kill it the application/server come to normal again. From the captured packet detected many TCP RST packet along time since start packet was captured
</div>


the application running for tapping server is post system for ordering food/drink where host will request to server if the order key-in. I detected unknown service appear when the server become slow and kill it the application/server come to normal again. From the captured packet detected many TCP RST packet along time since start packet was captured

<div>
Are you seeing the resets by the same destination host? &nbsp;Could you share the capture file?
</div>


Are you seeing the resets by the same destination host?  Could you share the capture file?

<div>
What sort of protections do you have now? I would highly recommend reviewing that. I would not be shocked if there were some active attack attempts taking place. But we do need more detailed data to give definitive answers.
</div>


What sort of protections do you have now? I would highly recommend reviewing that. I would not be shocked if there were some active attack attempts taking place. But we do need more detailed data to give definitive answers.

<div>
<div class="content wysiwyg-content">
Hi All,<br />
<br />
I had capture the packet within our intranet where I place the sniffing tool at core switch to only capture conversation between all client to one server. I had observer the almost packet was captured is TCP SYN/ACK packet and TCP RST packet. The TCP SYN packet only below then 10% of captured packet. Its is abnormal in happen in this conversation?
</div>
</div>


Hi All,

I had capture the packet within our intranet where I place the sniffing tool at core switch to only capture conversation between all client to one server. I had observer the almost packet was captured is TCP SYN/ACK packet and TCP RST packet. The TCP SYN packet only below then 10% of captured packet. Its is abnormal in happen in this conversation?

TCP RST Packet over than 80% captured packet

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Transmission Control Protocol/Internet Protocol (TCP/IP) is the set of networking protocols that define end-to-end connectivity specifying how data should be packeted, addressed, transmitted, routed and received at the destination. This functionality is organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved.

TCP/IP

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.