Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TCP flags

What do the flags RST and PSH mean? Specifically when the firewall log says:

'Deny TCP connection x.x.x.x/721 to x.x.x.x/515 flags RST PSH'

Thanks

  • Other Security Subjects
2 REPLIES
Hall of Fame Super Silver

Re: TCP flags

Corey

The flag RST is the reset flag. It is used when one participant in a TCP connection wants to immediately stop the connection. Normal termination of TCP connections use the FIN and FIN/ACK exchange to gracefully terminate the connection. The RST is used to abruptly terminate (frequently in response to some error condition).

The flag PSH is to indicate push. It is an indicator that the segment must be sent quckly (rather than waiting for additional data which could result in a more efficient larger segment).

HTH

Rick

New Member

Re: TCP flags

I am seeing a lot of these messages from clients that are in the DHCP scope of our AnyConnect clients to many of our VMWare clients. Would there be any reason specifically for this that relates to how VMWare handles TCP? I am wondering if it's related to the fact that our VMWare server uses a bunch of physical NICs tied together as a port-channel. Alternatively is there a way to disable this rule for "trusted" or specific source VLANs?

thanks

668
Views
0
Helpful
2
Replies
This widget could not be displayed.