Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
876 Views 3 Replies Latest reply: May 1, 2013 1:26 PM by alexn RSS
russel Newcomer 20 posts since
Mar 18, 2013
Currently Being Moderated

Apr 29, 2013 8:15 AM

Dropped TCP pack

While looking throgh the logs I noticed that I repeatedly see a syslog informational entry that reads "Dropped a TCP packet ith no matching session; flags=0x4<RST>". The thing is that there seems to be a matching session to me. We are currently trying to troubleshoot a communications problem and think this might be the problem. Can anyone help me understand why exactly this happening and how I can disable this feature or resolve it? I am currently using Sidewinder 8.3.1 on a S4016.

  • mtuma McAfee SME 315 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. May 1, 2013 12:06 PM (in response to russel)
    Re: Dropped TCP pack

    Hello,

     

    The example message that you pasted has RST flag set. My guess (from what I have seen in the past) is that the client or server sent two reset packets. The first reset closed out the session and the second one was audited by the firewall as a packet with no matching session. My recommendatino is to do some tcpdumps to see exactly what is happening.

     

    -Matt

  • alexn Veteran 722 posts since
    Aug 9, 2012
    Currently Being Moderated
    3. May 1, 2013 1:26 PM (in response to russel)
    Re: Dropped TCP pack

    TCP dump happens after processing the packet.


    Post Timings: 6.00 AM to 3.00PM PDT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points