Ask Your Question

Revision history [back]

End device goes offline randomly

Hello,

Currently we are having issues with a surtain type of end device that goes offline at random times and doesn't restore itself. The device in question is an LCD display that receives data through a serial connection, but also communicates with a webservice on a server on a remote location.

We have a lot of these devices in several locations and so far it seems that most if not all are having the same issues. The supplier isn't really cooperating in resolving the issue. He blames the network.

So, I installed a wireshark on the server and monitored the traffic until one of the LCD displays went offline (offline = no ICMP reply & monitored with Zabbix)

Now, i must admit i am not to knowledgeable when it comes to wireshark and this kind of detail. I am commited to learning this stuff over though!

This is the result i got from wireshark

74 11.851065 172.31.100.10 10.11.12.13 TLSv1 688 Application Data, Application Data 75 11.851827 10.11.12.13 172.31.100.10 TLSv1 1632 Application Data, Application Data 76 11.868948 172.31.100.10 10.11.12.13 TCP 60 49226 → 447 [ACK] Seq=635 Ack=1579 Win=68 Len=0 77 11.893959 172.31.100.10 10.11.12.13 TLSv1 752 Application Data, Application Data 78 11.905349 10.11.12.13 172.31.100.10 TLSv1 736 Application Data, Application Data 80 12.275970 10.11.12.13 172.31.100.10 TCP 736 [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682 81 12.838750 10.11.12.13 172.31.100.10 TCP 736 [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682 82 13.869762 10.11.12.13 172.31.100.10 TCP 736 [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682 102 15.916615 10.11.12.13 172.31.100.10 TCP 590 [TCP Retransmission] 447 → 49226 [ACK] Seq=1579 Ack=1333 Win=1025 Len=536 106 17.963494 10.11.12.13 172.31.100.10 TCP 590 [TCP Retransmission] 447 → 49226 [ACK] Seq=1579 Ack=1333 Win=1025 Len=536 114 20.010427 10.11.12.13 172.31.100.10 TCP 736 [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682 138 24.088593 10.11.12.13 172.31.100.10 TCP 736 [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682 145 26.416761 10.11.12.13 172.31.100.10 TCP 54 447 → 49226 [RST, ACK] Seq=2261 Ack=1333 Win=0 Len=0 242 42.676776 10.11.12.13 172.31.100.10 TCP 54 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0 244 42.979161 10.11.12.13 172.31.100.10 TCP 54 [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0 245 43.588594 10.11.12.13 172.31.100.10 TCP 54 [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0 252 44.791732 10.11.12.13 172.31.100.10 TCP 54 [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0 259 47.197890 10.11.12.13 172.31.100.10 TCP 54 [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0 330 52.010420 10.11.12.13 172.31.100.10 TCP 54 [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0 381 61.619789 10.11.12.13 172.31.100.10 TCP 54 3005 → 49158 [RST, ACK] Seq=2 Ack=1 Win=0 Len=0

Could someone translate this for me in to layman's terms?

So far we found out that at first the display communicates over port 3005 with the server. Shortly after that, it starts communicating over port 447 (webservice)

click to hide/show revision 2
None

updated 2021-09-16 15:34:17 +0000

grahamb gravatar image

End device goes offline randomly

Hello,

Currently we are having issues with a surtain type of end device that goes offline at random times and doesn't restore itself. The device in question is an LCD display that receives data through a serial connection, but also communicates with a webservice on a server on a remote location.

We have a lot of these devices in several locations and so far it seems that most if not all are having the same issues. The supplier isn't really cooperating in resolving the issue. He blames the network.

So, I installed a wireshark on the server and monitored the traffic until one of the LCD displays went offline (offline = no ICMP reply & monitored with Zabbix)

Now, i must admit i am not to knowledgeable when it comes to wireshark and this kind of detail. I am commited to learning this stuff over though!

This is the result i got from wireshark

74  11.851065   172.31.100.10   10.11.12.13     TLSv1   688     Application Data, Application Data
75  11.851827   10.11.12.13     172.31.100.10   TLSv1   1632    Application Data, Application Data
76  11.868948   172.31.100.10   10.11.12.13     TCP     60      49226 → 447 [ACK] Seq=635 Ack=1579 Win=68 Len=0
77  11.893959   172.31.100.10   10.11.12.13     TLSv1   752     Application Data, Application Data
78  11.905349   10.11.12.13     172.31.100.10   TLSv1   736     Application Data, Application Data
80  12.275970   10.11.12.13     172.31.100.10   TCP     736     [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682
81  12.838750   10.11.12.13     172.31.100.10   TCP     736     [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682
82  13.869762   10.11.12.13     172.31.100.10   TCP     736     [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682
102 15.916615   10.11.12.13     172.31.100.10   TCP     590     [TCP Retransmission] 447 → 49226 [ACK] Seq=1579 Ack=1333 Win=1025 Len=536
106 17.963494   10.11.12.13     172.31.100.10   TCP     590     [TCP Retransmission] 447 → 49226 [ACK] Seq=1579 Ack=1333 Win=1025 Len=536
114 20.010427   10.11.12.13     172.31.100.10   TCP     736     [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682
138 24.088593   10.11.12.13     172.31.100.10   TCP     736     [TCP Retransmission] 447 → 49226 [PSH, ACK] Seq=1579 Ack=1333 Win=1025 Len=682
145 26.416761   10.11.12.13     172.31.100.10   TCP     54      447 → 49226 [RST, ACK] Seq=2261 Ack=1333 Win=0 Len=0
242 42.676776   10.11.12.13     172.31.100.10   TCP     54      3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0
244 42.979161   10.11.12.13     172.31.100.10   TCP     54      [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0
245 43.588594   10.11.12.13     172.31.100.10   TCP     54      [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0
252 44.791732   10.11.12.13     172.31.100.10   TCP     54      [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0
259 47.197890   10.11.12.13     172.31.100.10   TCP     54      [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0
330 52.010420   10.11.12.13     172.31.100.10   TCP     54      [TCP Retransmission] 3005 → 49158 [FIN, ACK] Seq=1 Ack=1 Win=1024 Len=0
381 61.619789   10.11.12.13     172.31.100.10   TCP     54      3005 → 49158 [RST, ACK] Seq=2 Ack=1 Win=0 Len=0
Len=0

Could someone translate this for me in to layman's terms?

So far we found out that at first the display communicates over port 3005 with the server. Shortly after that, it starts communicating over port 447 (webservice)

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2