07-17-2012 03:12 AM - edited 03-11-2019 04:31 PM
Hello All,
I am having a problem with communication between two machines, i have put the packet capture and following is the output
61: 09:09:25.821628 802.1Q vlan#726 P0 192.168.249.69.731 > 192.168.249.21.2052: S 2228708690:2228708690(0) win 5840 <mss 1460,sackOK,timestamp 8266666 0,nop,wscale 6>
65: 09:09:25.823596 802.1Q vlan#726 P0 192.168.249.21.2052 > 192.168.249.69.731: S 1457523457:1457523457(0) ack 2228708691 win 5840 <mss 1380>
66: 09:09:25.823764 802.1Q vlan#726 P0 192.168.249.69.731 > 192.168.249.21.2052: . ack 1457523458 win 5840
67: 09:09:25.823794 802.1Q vlan#726 P0 192.168.249.69.731 > 192.168.249.21.2052: P 2228708691:2228708735(44) ack 1457523458 win 5840
68: 09:09:28.813388 802.1Q vlan#726 P0 192.168.249.69.731 > 192.168.249.21.2052: P 2228708691:2228708735(44) ack 1457523458 win 5840
69: 09:09:33.026732 802.1Q vlan#726 P0 192.168.249.21.2052 > 192.168.249.69.731: R 1457523458:1457523458(0) ack 2228708691 win 5840
The first three packets are three-way handshake and then 2 data packets but both are same packets and i think it is a repeated packet.
The last packet is TCP-Reset-Ack but i can't see TCP-Reset packet in capture, is it something to do with 2 repeated data packets or something else?
Thanks in advance for your help.
Regards,
Amjad Hashim.
07-17-2012 08:38 AM
Hi Bro
From the captures, it seems that 192.168.249.21 is sending the RESET? Who is 192.168.249.21? a client or the server?
07-17-2012 09:35 AM
Hi Ramraj,
Thanks for reply, .69 is a server and .21 is backup appliance. If u read carefully you will find that it is Reset ACK packet rather than Reset.
The problem is i could not see the reset packet at all and Reset ACK comes in, don't know what is going on.
I am struggling with it for a while and need to resolve it as soon as possible.
Regards,
07-17-2012 08:38 PM
Hi Bro
This is my understanding with regards to your above packet capture.
61: 192.168.249.69 sends SYN to 192.168.249.21
65: 192.168.249.21 sends SYN ACK to 192.168.249.69
66: 192.168.249.69 sends ACK to 192.168.249.21
67: 192.168.249.69 sends a PUSH to 192.168.249.21 (data/payload transfer)
68: 192.168.249.69 sends a PUSH to 192.168.249.21 (DUPLICATE PACKET BECAUSE 67 AND 68 IS THE SAME THING, same packet size!!)
69: 192.168.249.21 sends a RESET to 192.168.249.69
Note:
65: TCP Sequence Number = 1457523457
66: TCP Sequence Number = 1457523458
67: TCP Sequence Number = 1457523458
68: TCP Sequence Number = 1457523458
69: TCP Sequence Number = 1457523458
The question here should be why is your backup appliance sending a RESET to the server? I guess you'll need to check with the backup appliance vendor/principal on this. Just out of curiousity, if your backup appliance and the server were in the same network address, no Cisco ASA FW in between, will this work fine?
07-18-2012 02:57 AM
Hello Bro,
You are abosolutely right about duplicate packet, see the packet 69 below
69: 09:09:33.026732 802.1Q vlan#726 P0 192.168.249.21.2052 > 192.168.249.69.731: R 1457523458:1457523458(0) ack 2228708691 win 5840
It is reset-acknowledgement that .21 is sending, i was in touch with vendor and they said the same thing. I hope this will help understand the problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide