TCP reset is an abrupt closure of the session. It causes the resources allocated to the connection to be immediately released and all other information about the connection is erased.
The Netdata Agent monitors the average number of sent TCP RESETS over the last 10 seconds. This can indicate a port scan or that a service running on the system has crashed. As a result a high number of sent TCP RESETS.
See more about TCP Resets
When an unexpected TCP packet arrives at a host, that host usually responds by sending a reset packet back on the same connection. A reset packet is one with no payload and with the RST bit set in the TCP header flags. There are a few circumstances in which a TCP packet might not be expected. The two most common are:
- The packet is an initial SYN packet trying to establish a connection to a server port on which no process is listening.
- The packet arrives on a TCP connection that was previously established, but the local application already closed its socket or exited and the OS closed the socket.