This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

alt text Hi all,

I need some expertise advise. I suspect this guy is doing something bad in our server. our connected client loses connection. is this a modern kind of attack? he keep send ACK, so strange that why server 192.168.1.10 with CHECKSUM error.

port 4 4 4 0 5 is connect server port 5 5 5 2 3 is game server port

hope somebody can enlighten on this. whether there's something i have to fix.

regards

MM

asked 30 Nov '15, 04:19

mmguy's gravatar image

mmguy
6223
accept rate: 0%


Easy one first, the TCP checksum errors can be ignored as the trace was taken at the server and checksum is offloaded to the ethernet card.... Edit-Preferences-TCP - uncheck validate checksum to 'fix' those ... ;-)

Secondly - providing serious advice on a screenshot alone is close to impossible . The client closes the connections pretty early with a RST, nothing that should do much harm to your server...

If this is about a game server, it might be viable to share the capture file on cloudshark or other places to look at the payload...

permanent link

answered 30 Nov '15, 11:16

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

Hi MrEEde,

thank you for your reply. here is the capture file: https://www.cloudshark.org/captures/6b6ff5ac3d8a I really appreciate your time for considering in helping me.

Game Server Port is 5 5 5 2 3 and 5 5 5 0 9 Connect server Port is 4 4 4 0 5

rgds

MM

(30 Nov '15, 15:12) mmguy
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×139
×15

question asked: 30 Nov '15, 04:19

question was seen: 1,152 times

last updated: 30 Nov '15, 17:31

p​o​w​e​r​e​d by O​S​Q​A