I trying to track down a connection issue. What I'm seeing is s [SYN] followed by a {RST,ACK} series of packets. What would cause this? asked 06 Jan '11, 11:06  vmjr |
2 Answers:
This is very simply that the port you are trying to connect to is not being listened to on the remote host. Either your service is not running on the host, or possibly it has been firewalled. answered 06 Jan '11, 15:04  martyvis edited 06 Jan '11, 22:43 |
I have seen a SYN with a RST,ACK sent back. In this case is was a portmap failure on a CISCO ASA firewall. A nonat statement is needed to tell the firewall to not nat the packet as it passes through the firewall. answered 07 Jan '11, 13:52  erics |
Two things: I think you mean "service is NOT running on the host". and usually a firewall does not reply with a RST packet if it is configured correctly. It will just drop the SYN with no answer at all. There are some IDS/IPS systems that issue forged RST packets sometimes though.
Just fixed the not. I agree generally a firewall will be stealthy - but just covering the bases for the original poster.