FIN stress test

Floods the target with a high volume of out-of-state TCP FIN packets, validating whether stateful firewalls and connection tracking drop closure packets that match no open session.

Run FIN test → All methods

600k pps

peak rate

How it works

FIN packets normally signal the graceful close of an existing TCP connection. This method sends a large stream of FIN packets that reference no established session, forcing firewalls and connection-tracking tables to evaluate and discard each one. It consumes packet-processing capacity and state-table lookups, testing whether your stateful inspection layer cleanly rejects out-of-state TCP without exhausting resources.

Parameters

pps600k ppsPacket rate of the FIN stream

duration10-600 sLength of the sustained flood

dst_port1-65535Target service port under test

source_spreadsingle to wideDistribution of source addresses

Run it from the CLI

retro-cli

$ retro run fin --target 203.0.113.45 --port 443 --duration 120

FIN FAQ

Is FIN testing legal?+

Only against infrastructure you own or are authorized to test. RETRO//STRESS requires authorized targets.

What does FIN stress?+

Floods the target with a high volume of out-of-state TCP FIN packets, validating whether stateful firewalls and connection tracking drop closure packets that match no open session.

Can I combine it with other methods?+

Yes, add it as a step in a packet chain to sequence it with other protocols.