HPE Community
Operating System - HP-UX
1833793 Members
2509 Online
110063 Solutions
New Discussion

TCP packet with Win=0

 
Bruno MMSC
New Member

‎11-08-2002 06:22 AM

‎11-08-2002 06:22 AM

TCP packet with Win=0

Hi,

I'm having an application on HP-UX 11.0.
On this i have an HTTP client application.
Some times with tcpdump i see a TCP packet with HTTP data and Win=0. This connection is sistematically reset from the HTTP server, by reset i mean a TCP reset flag set in answer from the server.
Any idea on how to solve this?
BD
0 Kudos
Reply
3 REPLIES 3
harry d brown jr
Honored Contributor

‎11-08-2002 06:42 AM

‎11-08-2002 06:42 AM

Re: TCP packet with Win=0


Bruno,

The first step is to make sure you have the latest patches.

Go to "maintenance and support"
then under "Patching"
take "customized patch bundles (custom patch manager)"

live free or die
harry
Live Free or Die
0 Kudos
Reply
Bruno MMSC
New Member

‎11-08-2002 07:09 AM

‎11-08-2002 07:09 AM

Re: TCP packet with Win=0

Thanks,

i cannot install patches without control on the machine. It is in a production environment.
Apllication SW installed on the machine is strongly dependent on the patch level.
Any other more detailed suggestion?

Bruno
BD
0 Kudos
Reply
Ron Kinner
Honored Contributor

‎11-08-2002 07:15 AM

‎11-08-2002 07:15 AM

Re: TCP packet with Win=0

Would be easier if you would give the exact packet info but there is a hacker technique called hping which uses win=0 and the reset flag.

http://www.securiteam.com/securitynews/A_new_stealth_port_scanning_method.html

The technique sends a packet from A to C with the source faked to appear that it comes from B. C replies to B with RST since it knows nothing of an existing conversation with B. This method is used to scan for open ports on C.



Ron
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.