This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Packetfilter-violation LiveLog

If I take a look into my Packetfilter-violation LiveLog I often find entries that have stuff like "RST", "SYN", "ACK RST", and so on in the TCP-Flags... column. Unfortunately the manual does not give any information about this.
Does any of you know anything about these things ?

This thread was automatically locked due to age.

0 TnM over 23 years ago
These are TCP Flags used by the TCP/IP Protocol.

At the transport layer you can find TCP (and UDP). TCP is a connection oriented transport protocol. When you want to establish a communication to host B you send a "SYN" request to the appropriate port. If the port is opened the host B send a "SYN/ACK" to your host (A), then your computer send a "ACK" to acknowledge the communication. This is called the Three-way handshaking and it is the basis for the TCP protocol.

RST : This will be sent from a host when the acknowledgment number are incorrect then a established communication will be turned off.

ACK RST : This will be send from host B (the listener) when host a is trying to reach a port that is closed trying to initiate a TCP 3-way handshake.

For further info read the TCP RFC www.ietf.org

Patrice.
Cancel
Vote Up 0 Vote Down

Cancel