I need some expertise advise. I suspect this guy is doing something bad in our server. our connected client loses connection. is this a modern kind of attack? he keep send ACK, so strange that why server 192.168.1.10 with CHECKSUM error. port 4 4 4 0 5 is connect server port 5 5 5 2 3 is game server port hope somebody can enlighten on this. whether there's something i have to fix. regards MM asked 30 Nov '15, 04:19  mmguy |
Hi all,
One Answer:
Easy one first, the TCP checksum errors can be ignored as the trace was taken at the server and checksum is offloaded to the ethernet card.... Edit-Preferences-TCP - uncheck validate checksum to 'fix' those ... ;-) Secondly - providing serious advice on a screenshot alone is close to impossible . The client closes the connections pretty early with a RST, nothing that should do much harm to your server... If this is about a game server, it might be viable to share the capture file on cloudshark or other places to look at the payload... answered 30 Nov '15, 11:16  mrEEde |
Hi MrEEde,
thank you for your reply. here is the capture file: https://www.cloudshark.org/captures/6b6ff5ac3d8a I really appreciate your time for considering in helping me.
Game Server Port is 5 5 5 2 3 and 5 5 5 0 9 Connect server Port is 4 4 4 0 5
rgds
MM