I've been reading about the TCP protocol recently because I was a little curious about how and why certain flags were used.
In the information I found it talks about a normal close TCP FIN should be used to close a connection but then it also talks about TCP RST can be used for an abortive close on an active connection.
My question is, why would one use a RST to abort/close an active connection over using TCP FIN?
(Referring to an active connection as a connection where both endpoints sent and received data after the standard 3 way handshake. I know a RST can be used by the server when a client sends SYN for a server port that is not listening)
Best Answer
You wouldn't normally see a TCP RST. I suppose an application at layer 7 aborting might generate a RST, but I think you'll find that a RST is most often generated by a firewall between the two hosts. Here's a list of possible reasons from the TCP/IP guide:
Receipt of any TCP segment from any device with which the device receiving the segment does not currently have a connection (other than a SYN requesting a new connection).
Receipt of a message with an invalid or incorrect Sequence Number or Acknowledgment Number field, indicating the message may belong to a prior connection or is spurious in some other way.
Receipt of a SYN message on a port where there is no process listening for connections.