Tough problem! TCP reset issue

Hi,

Encounter some problem with my Server. To understand this require good
knowledge in TCP/IP Segment and 3-way handshakes

Here is the sequence of 3-way handshakes:

1) Host B --> Host A, src port:1878 dst port: 2000
[SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460

2) Host A --> Host B, src port: 2000, dst port: 1878
[SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=536

3) Host B --> Host A,
[TCP ZeroWindow] src port:1878 dst port:2000 [RST]
Seq=1 Ack=1576600895 Win=0 Len=0

More information:

1) Host B has not problem connecting to Host A all the while.

2) When Host C starts to download file from Host A, Host B gets connection
error

3) In packets debugging, it shows Host B send RST packets to Host A to
terminate the connection.

4) The TCP 3-way handshakes are not able to establish at all. SYN-ACK can
not be acknowledged by Host B.

Hope anyone can help,

Andy

Andy Low <spider@bgp5.net_remove_> wrote:

Please give us more information as to the IP addresses, topology,
operating systems and versions.

Also, are you using any firewall rules on any machines (use iptables -L
to make sure.)

Do you have ECN turned on? From www.kernel.org front page.

``Please note that kernel.org uses Explicit Congestion Notification
(ECN), as defined in RFC 3168. Some broken firewalls or gateways may
have problem connecting to ECN-enabled servers. Please contact your
firewall or gateway vendor for necessary updates.''

> Here is the sequence of 3-way handshakes:
>
> 1) Host B --> Host A, src port:1878 dst port: 2000
> [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460
>
> 2) Host A --> Host B, src port: 2000, dst port: 1878
> [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=536
>
> 3) Host B --> Host A,
> [TCP ZeroWindow] src port:1878 dst port:2000 [RST]
> Seq=1 Ack=1576600895 Win=0 Len=0

Is this what actually happens in your network?

--
Cameron Kerr
cameron.kerr@paradise.net.nz : http://nzgeeks.org/cameron/
Empowered by Perl!

Hi Cameron,

We have firewalls in between, but the firewall has nothing to do with it.
From the 3 way handshakes it clearly shows that the communication is between
Host A and Host B and not with the firewall. The firewall also did not do
any NAT or PAT or translating or modifing the packet.

I have also checked the SYN-ACK packet from Host A, the CWR or ECN is not
set. So that's not the issue. I have also read up RFC3360 pertaining to TCP
reset, still it doesn;t help.

I suspect that the SYN packet source port initiated by Host B is dropped.
That's why whenever Host B receive Host A SYN+ACK packet, it does not know
how to react and reply a RST.

Regards,

Andy

"Cameron Kerr" <cameron.kerr@paradise.net.nz> wrote in message
news:403ffe4a@news.maxnet.co.nz...
> Andy Low <spider@bgp5.net_remove_> wrote:
>
> Please give us more information as to the IP addresses, topology,
> operating systems and versions.
>
> Also, are you using any firewall rules on any machines (use iptables -L
> to make sure.)
>
> Do you have ECN turned on? From www.kernel.org front page.
>
> ``Please note that kernel.org uses Explicit Congestion Notification
> (ECN), as defined in RFC 3168. Some broken firewalls or gateways may
> have problem connecting to ECN-enabled servers. Please contact your
> firewall or gateway vendor for necessary updates.''
>
> > Here is the sequence of 3-way handshakes:
> >
> > 1) Host B --> Host A, src port:1878 dst port: 2000
> > [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460
> >
> > 2) Host A --> Host B, src port: 2000, dst port: 1878
> > [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=536
> >
> > 3) Host B --> Host A,
> > [TCP ZeroWindow] src port:1878 dst port:2000 [RST]
> > Seq=1 Ack=1576600895 Win=0 Len=0
>
> Is this what actually happens in your network?
>
> --
> Cameron Kerr
> cameron.kerr@paradise.net.nz : http://nzgeeks.org/cameron/
> Empowered by Perl!