This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm new to Wireshark. I'm using it to detect if my pc was hacked or not.

I open it up first time today, and I can see some red lines which has these info:

36  15.728607   128.199.176.14  192.168.1.4 TCP 60  443 → 50207 [RST] Seq=1 Win=0 Len=0
425 52.346648   192.168.1.3 192.168.1.4 TCP 60  8009 → 50234 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

I'm not sure how to interpret these information.

Is it possible I'm under TCP Reset Attack?

asked 01 Jun '17, 16:38

kekehuang's gravatar image

kekehuang
6223
accept rate: 0%

edited 02 Jun '17, 02:00

grahamb's gravatar image

grahamb ♦
19.8k330206


This is highly unlikely. Resets are connection terminations that can happen for a number of reasons, but hacking is very rarely using those. Especially a RST/ACK combination is usually not critical, but used as a faster way of shutting down a data transfer that is complete.

permanent link

answered 02 Jun '17, 01:33

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×27
×13

question asked: 01 Jun '17, 16:38

question was seen: 3,185 times

last updated: 02 Jun '17, 02:00

p​o​w​e​r​e​d by O​S​Q​A