This is our old Q&A Site. Please post any new questions and answers at

I trying to track down a connection issue. What I'm seeing is s [SYN] followed by a {RST,ACK} series of packets. What would cause this?

asked 06 Jan '11, 11:06

vmjr's gravatar image

accept rate: 100%

This is very simply that the port you are trying to connect to is not being listened to on the remote host. Either your service is not running on the host, or possibly it has been firewalled.

permanent link

answered 06 Jan '11, 15:04

martyvis's gravatar image

accept rate: 7%

edited 06 Jan '11, 22:43

Two things: I think you mean "service is NOT running on the host". and usually a firewall does not reply with a RST packet if it is configured correctly. It will just drop the SYN with no answer at all. There are some IDS/IPS systems that issue forged RST packets sometimes though.

(06 Jan '11, 18:57) Jasper ♦♦

Just fixed the not. I agree generally a firewall will be stealthy - but just covering the bases for the original poster.

(06 Jan '11, 22:45) martyvis

I have seen a SYN with a RST,ACK sent back. In this case is was a portmap failure on a CISCO ASA firewall. A nonat statement is needed to tell the firewall to not nat the packet as it passes through the firewall.

permanent link

answered 07 Jan '11, 13:52

erics's gravatar image

accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 06 Jan '11, 11:06

question was seen: 125,404 times

last updated: 07 Jan '11, 13:52

p​o​w​e​r​e​d by O​S​Q​A