# What is a TX TCP Reset?



## alex.scotton (Apr 20, 2007)

Hi all, 

I have just invested in a DLink DI-524 router (it was on offer, it was possibly a big mistake because DLinks' support and knowledge base sites are awful!)

My current setup is 2mb Virgin Broadband (another big mistake lol, but awaiting Sky to cover my area) and the following:


|-- Wi Fi --> Playstation 3
Cable Modem --> DLink DI-524 Router |
|-- Ethernet Cable --> Win XP PC

Whilst the PC is heavily protected by the Router and software firewall, the PS3 is however in a DMZ on advise from Sony... 

I have recently had to format the PC due to getting a virus and now maintain an excellent log of DOS (denial of service) attacks which the PC seems to be unphased by due to protection however the PS3 is regularly being booted of the WAN by the router and the log reads:

(***.51 being the PS3 and ***.1 being the router..obviously lol)

Thursday April 19, 2007 09:05:41 TX TCP reset for 192.168.0.51(63397) -> 192.168.0.1(80)
Thursday April 19, 2007 09:28:29 TX TCP reset for 192.168.0.51(63322) -> 192.168.0.1(80)
Thursday April 19, 2007 09:29:31 TX TCP reset for 192.168.0.51(63313) -> 192.168.0.1(80)
Thursday April 19, 2007 09:29:53 TX TCP reset for 192.168.0.51(63308) -> 192.168.0.1(80)
Thursday April 19, 2007 09:31:29 TX TCP reset for 192.168.0.51(63312) -> 192.168.0.1(80)

Are these TX TCP resets a way of the router protecting the PS3 from the DOS or a direct result of DOS attack working?  

Basically if someone could give me any information on this error/reset, or even better a resolution that would be excellent!

I have attached the router log file to this post, however the time and dates are incorrect however irellevant that may seem lol!

Cheers guys and look forward to a genius replying lol!

Alex


----------



## O111111O (Aug 27, 2005)

Most likely not.

TCP resets are pretty common from clients. Normally a client disconnects from a host by sending a TCP FIN. Then the host receiving the FIN should reply with a FIN ACK and close the connection.

What usually happens is that many hosts simply drop the connection in an effort to "save time" and leave a connection open in a half closed state.

When that happens, a host will see connections half closed and wait for it's TCP timer in it's stack for authorization to close the connection. It will then close it and most likely send a TCP RST, which is a the F-OFF slam the door in your face way of closing a connection.

Windows systems are notorious for this. 

You're just seeing part of this process. THat fact that you saw 4-5 in a row is interesting. I would suggest that you simply keep your eye on it. If you see hundreds per hour, then it's something to worry yourself about.


----------



## alex.scotton (Apr 20, 2007)

Hi there,
thanks for the speedy reply... it isn't the PC (i.e. Win XP) that is experiencing this problem... it's the PS3 and seems to always be doing when i'm playing online (Playstation network)

and it is doing it continously (eg last night whilst playing it kicked me off about 5-6 times in the space of an hour!)

everytime it happens the ps needs rebooting to re-establish the connection..


???????????????????!!!!!!!!!!!!!!?????????!!??!??!!!!!!!!??????!


----------



## O111111O (Aug 27, 2005)

Yeah, I gathered that it was the PS3. You didn't really explain that this was a problem.

The TCP resets are specifically from a high port on the PS3 to port 80 on the router.

This could be related to wireless issue under load. Can you possibly wire PS3 directly to router and see if problem goes away?


----------



## alex.scotton (Apr 20, 2007)

Hi bud

i tried plugging da playstation 3 in and no problems so it is apparently the wi fi..
However a thought crossed my mind when u pointed out that it was port 80 on the router. I realised that apache web server used to use that port so i have now re-configured apache to 150 and reset dlink router! And touch wood no problems as yet! 
However it does present another question, do u know whether routers reserve ports? Because even wen da pc was off there were problems and also after changing apache, the router had to be hard reset until the problem was rectified! 

Thanks for your help

alex


----------



## O111111O (Aug 27, 2005)

alex.scotton said:


> Hi bud
> 
> i tried plugging da playstation 3 in and no problems so it is apparently the wi fi..
> However a thought crossed my mind when u pointed out that it was port 80 on the router. I realised that apache web server used to use that port so i have now re-configured apache to 150 and reset dlink router! And touch wood no problems as yet!
> ...


Apache? Are you running a webserver w/ port forwarding as well? - Any HTTP:// listener will be port 80 by default.

Also, don't use TCP 150, that's reserved. Move it to a high port like TCP 8080.

Not sure, normally a router wouldn't, but software QA for home devices isn't extraordinary, so there's no telling what bug you've run into. I would say that after changing a listening port, it's pretty reasonable to reset the router as it has to restart processes to make that happen.


----------

