Methods / L4 / RST
L4 · NetworkTCPConnection-ResetSpoofableState-Drain

RST stress test

Sends a high volume of empty TCP RST packets to test how cleanly your stack ignores resets for connections that do not exist.

Run RST test All methods
600k pps
peak packet rate

How it works

This method emits a steady stream of empty TCP packets with the RST flag set, imitating abrupt connection teardowns. For every reset, the receiving stack must check whether a matching connection exists before discarding it, so a large volume forces wasteful state lookups and consumes link capacity. It validates whether your firewall and TCP stack drop spurious resets at line rate and whether legitimate sessions survive a flood of forged teardown packets.

Parameters

pps600k ppsRate of RST packets sent at the target.
portany TCP portDestination service port under test.
duration10-300 sTest runtime.
sourcesdistributed rangesSource spread to emulate a multi-origin flood.

Run it from the CLI

retro-cli
$ retro run rst --target 203.0.113.45 --port 443 --duration 120

RST FAQ

Is RST testing legal?+
Only against infrastructure you own or are authorized to test. RETRO//STRESS requires authorized targets.
What does RST stress?+
Sends a high volume of empty TCP RST packets to test how cleanly your stack ignores resets for connections that do not exist.
Can I combine it with other methods?+
Yes, add it as a step in a packet chain to sequence it with other protocols.