Colasoft Capsa offers expert diagnosis results for the following transport layer events.
| Event |
Description |
Severity |
Possible causes and solutions |
| TCP Connection Refused | A client's initial TCP connection attempt has been rejected by the target host. |
Fault |
- A client is requesting a service that the host does not offer.
- The server is overload to establish new connections.
|
| TCP Repeated Connect Attempt |
A client is attempting multiple times to establish a TCP connection. |
Fault |
A firewall may be blocking the SYN packet sent from the client to the server, or ACK packet sent from the server to the client. |
| TCP Retransmission | The packet fragment sequence number is equal to or smaller than the previous one. |
Performance |
- The transmitting packets are missing in network.
- The acknowledgment packets are being transmitted through a slower path.
- The network is overloaded.
- The receiver or router is overloaded
|
| TCP Invalid Checksum |
- The checksum of a TCP header and/or data is in error.
- The checksum value is calculated and written to the packet by the sender, and then recalculated from the received packet by the receiver.
- It indicates an error if the two values are different.
|
Fault |
- There is a faulty device in the network.
- If the checksums of all local packets are shown as invalid, the checksum offload function may be enabled; in this case, the adapter performs the cycle-intensive process of calculating CRC, the Windows TCP/IP stack does not calculate the IP and TCP checksums but leaves them as 0x0000.
|
| TCP Slow ACK | The ACK Packets Response Time of TCP connection exceeds the average responce time of the connection plus the Slow ACK Time threshold. |
Performance |
- The acknowledgment packets are being transmitted via a slower path.
- The network is overloaded .
- The receiver or router is overloaded
|
| TCP Duplicate Ack |
A TCP ACK packet captured more than 3 times. |
Performance |
- Missequence or packet lost noticed of packet sender noticed by protocol stack.
- Retransmission due to the packet lost.
|
| TCP Port Scan | A local or remote station is scanning the network for opened TCP ports. |
Security |
- The host is infected by worm.
- the host is using port scanning tools or other attack tools.
|
| TCP Syn Flood |
Vast TCP Syn packets sent fast exceed the threshold speed. |
Security |
- DOS/DDOS attack based on TCP.
- TCP Syn compel the server to establish or maintain mutiple semi-open TCP links, lead to the resource exhaustion and DOS.
|
| TCP Data Offset Error | When the TCP data offset is less than five,it indicates a TCP data offset error. |
Security |
The host is sending wrong TCP packets. |