This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I see some red lines about some TCP connections and not sure what they mean

0

I'm new to Wireshark. I'm using it to detect if my pc was hacked or not.

I open it up first time today, and I can see some red lines which has these info:

36  15.728607   128.199.176.14  192.168.1.4 TCP 60  443 → 50207 [RST] Seq=1 Win=0 Len=0
425 52.346648   192.168.1.3 192.168.1.4 TCP 60  8009 → 50234 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

I'm not sure how to interpret these information.

Is it possible I'm under TCP Reset Attack?

asked 01 Jun '17, 16:38

kekehuang's gravatar image

kekehuang
6223
accept rate: 0%

edited 02 Jun '17, 02:00

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

0

This is highly unlikely. Resets are connection terminations that can happen for a number of reasons, but hacking is very rarely using those. Especially a RST/ACK combination is usually not critical, but used as a faster way of shutting down a data transfer that is complete.

answered 02 Jun '17, 01:33

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%