This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Collaborator
yesterday

tcpdump on r81.10

Hi All,

"I have a Checkpoint R81.10 gateway, and one of the servers is behind this gateway. There is an issue with the communication between two servers, and I took a TCP dump. When I open the captured data, there are a lot of TCP flags with reset [RST, ACK]. My question is, how do I know whether the reset is from the source side or the destination side, and what could be the possible reason behind this?

FYI I have attached the screenshot 

Preview file
97 KB
0 Kudos
2 Replies
Franktum
Contributor
yesterday

Hi,

One reason for RST, ACK is the destination server isn't listening through the port the source attacked. Check it out with netstat.

Regards

0 Kudos
Ihenock1011
Collaborator
3 hours ago
In response to Franktum

@Franktum Yes, I did that, and the server is listening on that port.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events