I see some red lines about some TCP connections and not sure what they mean

Question

I'm new to Wireshark. I'm using it to detect if my pc was hacked or not.

I open it up first time today, and I can see some red lines which has these info:

36  15.728607   128.199.176.14  192.168.1.4 TCP 60  443 → 50207 [RST] Seq=1 Win=0 Len=0
425 52.346648   192.168.1.3 192.168.1.4 TCP 60  8009 → 50234 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

I'm not sure how to interpret these information.

Is it possible I'm under TCP Reset Attack?

Answer 1

0

This is highly unlikely. Resets are connection terminations that can happen for a number of reasons, but hacking is very rarely using those. Especially a RST/ACK combination is usually not critical, but used as a faster way of shutting down a data transfer that is complete.

permanent link

answered 02 Jun '17, 01:33

Jasper ♦♦
23.8k●5●51●284
accept rate: 18%

I see some red lines about some TCP connections and not sure what they mean

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions