Ask Your Question
0

Established TCP Communication terminates without any clue

asked 2023-11-15 02:09:20 +0000

sjose1x gravatar image

I'm not able to understand what might be the reason for a lost TCP Communication over RPC between a CentOS 7 and Windows 2019 Server.

From the Wireshark(see images below) I could see that the TCP Communication is established, and RemoteCreateInstance Response is not reaching its destination.

CentOS 7 - 172.18.19.140

Windows 2019 - 172.18.33.168

See the Wireshark images: https://stackoverflow.com/questions/7...

What could be the reason for it..?

Where should I investigate ?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-11-15 03:22:51 +0000

Jim Young gravatar image

There appears to be a middle box somewhere between the two systems messing with some of the TCP options and perhaps dropping certain packets.

From the limited info available from the two packetlist snapshots we can see that the initial SYN sent by the client (frame 1) had a length of 76 but when received by the server (frame 576) had a length of 74. The client advertised support for SACK but the option appears to be missing when the packet arrives at the server.

The server sent its SYN/ACK packet (frame 577) advertising MSS of 1460. But when this packet was received by the client (frame 2) the MSS value has been reduced to 1300.

The server sent its RemoteCreateInstance response as frame 594 (length 1030) which was apparently never made it to the client. I would look for a middle box as the likely source for this packet loss.

edit flag offensive delete link more

Comments

On top of that, the images are of different sessions (seen by the TCP port numbers and also the TCP timestamp values), so the analysis of @Jim Young might be wrong (although I do think he is on the right track).

Please provide the pcap files for us to be able to help you out, here is a tutorial

SYN-bit gravatar imageSYN-bit ( 2023-11-16 10:41:10 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2023-11-15 02:09:20 +0000

Seen: 62 times

Last updated: Nov 15 '23

Related questions

how to measure network and server latency

Why am I not seeing unique traffic

Detect network issue

Gateway keeps flooding the network with arp requests

How to exclude "network cards" packets?

How to correct Mobile Network Code

Microsoft Network Monitor cap file can be opened by Wireshark but save as function is disabled

How to distribute access? USB [closed]

How would I know if the bandwidth of the network traffic has an issue?

How can we use Wireshark to sniff data from WiFi based IoT device to AWS S3?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2