Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1044
Views
0
Helpful
2
Replies

TCP flags

corey.mckinney
Level 1
Level 1

‎03-16-2006 02:54 PM - edited ‎03-09-2019 02:17 PM

What do the flags RST and PSH mean? Specifically when the firewall log says:

'Deny TCP connection x.x.x.x/721 to x.x.x.x/515 flags RST PSH'

Thanks

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎03-17-2006 10:25 AM

Corey

The flag RST is the reset flag. It is used when one participant in a TCP connection wants to immediately stop the connection. Normal termination of TCP connections use the FIN and FIN/ACK exchange to gracefully terminate the connection. The RST is used to abruptly terminate (frequently in response to some error condition).

The flag PSH is to indicate push. It is an indicator that the segment must be sent quckly (rather than waiting for additional data which could result in a more efficient larger segment).

HTH

Rick

HTH

Rick
0 Helpful

smudholkar
Level 1
Level 1
In response to Richard Burts

‎01-02-2010 08:18 PM

I am seeing a lot of these messages from clients that are in the DHCP scope of our AnyConnect clients to many of our VMWare clients. Would there be any reason specifically for this that relates to how VMWare handles TCP? I am wondering if it's related to the fact that our VMWare server uses a bunch of physical NICs tied together as a port-channel. Alternatively is there a way to disable this rule for "trusted" or specific source VLANs?

thanks

0 Helpful
Customers Also Viewed These Support Documents