On Wed, 17 Jun 2015, Maqbool Hashim wrote: > It is always the same destination servers and in normal operations > these source and destination hosts do have a bunch of legitimate flows > between them. I was leaning towards it being a reporting artifact, > but it's interesting that there are a whole set of Ack Reset packets > from the destination hosts with a source port of 0 also.
So the destination host is sending ACK+RST with the *source* port set to zero, or the *destination* port? > Does this not indicate that it probably isn't a reporting artifact? I would just tcpdump on one of the source machines to find out. ~Marcin
