What is a TCP Reset (RST)?

When an unexpected TCP packet arrives at a host, that host usually responds by sending a reset packet back on the same connection. A reset packet is simply one with no payload and with the RST bit set in the TCP header flags.

There are a few circumstances in which a TCP packet might not be expected; the two most common are:

  1. The packet is an initial SYN packet trying to establish a connection to a server port on which no process is listening.

  2. The packet arrives on a TCP connection that was previously established, but the local application already closed its socket or exited and the OS closed the socket.

Other circumstances are possible, but are unlikely outside of malicious behavior such as attempts to hijack a TCP connection.

Related

Blog: Cloudy with a Chance of TCP Drops
Network Data: Key Concepts
Network Performance Monitoring
Corvil for IT Operations Analytics