While monitoring an enterprise LAN, you notice the following in a packet capture: Host A and Host B suddenly start sending large numbers of duplicate ACKs with the same acknowledgment numbers, and within a few milliseconds Host B issues a TCP RST that ends the flow. From a network-level session hijacking perspective, what is the most plausible explanation for this behavior?
An ICMP destination-unreachable message from a router caused Host B to close the session, producing the observed traffic.
The packets show normal congestion control; duplicate ACKs followed by a reset occur when the congestion window reaches zero.
A spoofing host injected TCP segments with an incorrect sequence number, creating an ACK storm that culminated in a connection reset.
Host A legitimately enabled TCP Fast Open, which can generate duplicate ACKs during option negotiation.
A burst of duplicate ACKs followed by a TCP reset is a classic symptom of an ACK storm. This happens when a third party forges packets that appear to belong to an established TCP session but contain an out-of-window (unexpected) sequence number. Each endpoint tries to re-synchronize by repeatedly acknowledging what it believes to be the correct next sequence, while the other side does the same, creating a flood of duplicate ACKs. When neither side can reconcile the sequence space, one host eventually sends a RST to tear the connection down. TCP Fast Open, normal congestion-control mechanisms, and ICMP unreachable messages do not create this specific ACK storm pattern and therefore are less plausible explanations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network-level session hijacking?
Open an interactive chat with Bash
What is an ACK storm and what causes it?
Open an interactive chat with Bash
What is a TCP RST packet and why is it used?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .