TL-SG108E V3 High RST TCP traffic trigger by nmap

TL-SG108E V3 High RST TCP traffic trigger by nmap
TL-SG108E V3 High RST TCP traffic trigger by nmap
2019-02-25 13:41:33
Model: TL-SG108E
Hardware Version: V3
Firmware Version: 20171214

I am getting high RST TCP traffic to the SG108E V3 when I ping it with the nmap command nmap -p 80 IP-of-the-switch. It seems to happen when the switch is busy doing something. In the screen shot below the RST TCP traffic is trigger when the nmap scan starts just after the switch responds to an ARP request. Once the traffic starts, the ping time to the switch goes from 2ms to 300ms and connectivity issues start to happen. Removing the ethernet cable from the test computer stops the traffic and restores connectivity.

 

Anyone else seeing this?

 

 

0
0
#1
Options
3 Replies
Re:TL-SG108E V3 High RST TCP traffic trigger by nmap
2019-02-26 06:31:42

PClements wrote

I am getting high RST TCP traffic to the SG108E V3 when I ping it with the nmap command nmap -p 80 IP-of-the-switch. It seems to happen when the switch is busy doing something. In the screen shot below the RST TCP traffic is trigger when the nmap scan starts just after the switch responds to an ARP request. Once the traffic starts, the ping time to the switch goes from 2ms to 300ms and connectivity issues start to happen. Removing the ethernet cable from the test computer stops the traffic and restores connectivity.

 

Anyone else seeing this?

 

Hi PCIements

 

I guess that you use nmap to detect the port 80 and access the management web at the same time, because the port 80 is occupied so get high RST TCP traffic. 

0
0
#2
Options
Re:Re:TL-SG108E V3 High RST TCP traffic trigger by nmap
2019-02-26 14:06:35

The switch was busy responding to an ARP request from the router which happens every few minutes. If you try to access the switch with a web browser when it is responding to one of these ARP requests, the same thing will happen. And if you leave the browser connection open long enough it will eventually happen. I am looking for someone to confirm this problem so I can pass it on to support. At this point they have not been able to repicate it. I have confirmed it on two different networks using windows and linux.

0
0
#3
Options
Re:Re:Re:TL-SG108E V3 High RST TCP traffic trigger by nmap
2019-02-27 00:58:35

PClements wrote

The switch was busy responding to an ARP request from the router which happens every few minutes. If you try to access the switch with a web browser when it is responding to one of these ARP requests, the same thing will happen. And if you leave the browser connection open long enough it will eventually happen. I am looking for someone to confirm this problem so I can pass it on to support. At this point they have not been able to repicate it. I have confirmed it on two different networks using windows and linux.

 

Hi PCIements 

 

Maybe you can try to bind the IP and MAC of TL-SG108E on the router and PC. Then the router and PC doesn't need to send ARP request and you can check if still have the problem. 

But if you use nmap to scan port 80, still will has the problem since port is occupied.

 

And please make sure that your devices do not use the same IP address, it will cause ARP table confusion.

0
0
#4
Options