Hi all, newbie here so sorry in advance. I have a Java server serving Android devices via TCP sockets. All seems well enough until at some uncertain point all attempts to open a new TCP socket to the server fail on timeout. I have a .pcapng capture I recorded using WireShark, but all my attempts to investigate what it implies have been for naught. I will appreciate any insight you can give me, even if it's just a piece of the puzzle. The link to the .pcapng file: here Edit: So sorry I meant to write this and forgot: please filter by tcp.port==8888 The server ip is: 79.179.133.193 asked 04 Nov '15, 13:55  Nom1fan edited 04 Nov '15, 14:21 |
2 Answers:
Well as you can see at the picture: answered 04 Nov '15, 14:41  Christian_R edited 04 Nov '15, 14:43 I am not sure I understand. The server is 10.0.0.1 I think because I ran the WireShark on the server itself. And on the DHCP of the server itself its internal ip is defined as 10.0.0.1. The external ip is 79.179.133.193. This is the definition on the router config: Server's MAC Address | Static internal ip -------------------- ------------------ 80:1F:02:00:40:6F 10.0.0.1 Not sure if this can affect anything or not but I thought I should mention it anyway. Also consider everything can work well for a day or even days and then suddenly this happens. So what can possibly cause this? Thanks again! (04 Nov '15, 22:24) Nom1fan So you also setup NAT with port forwarding? (04 Nov '15, 22:47) Jaap ♦ I have port forwarding rule for port tcp 8888 if that is what you mean. As I said it works for a long time at first (I believe if there wasn't a port forwarding rule it would have been blocked by the router and never work in the first place). (05 Nov '15, 00:42) Nom1fan Please check the firewall on 10.0.0.1. Looks like it blocks connection attempts to port 8888. And no: The argument, that it worked yesterday does not count ;-)) (05 Nov '15, 01:19) Kurt Knochner ♦ I don't mean "yesterday" :) I mean even if I just restart the server it works again! On windows firewall I have both inbound and outbound rules allowing 8888 and as I said also on the router config I have port forwarding for 8888. So why is this happening? :(( (05 Nov '15, 09:11) Nom1fan Can You upload a good try? (05 Nov '15, 09:26) Christian_R Sure thing, here it is: Good try (06 Nov '15, 03:06) Nom1fan In the BAD try an EXTERNAL IP SRC is used with the MAC SRC: DLink... In the GOOD try an INTERNAL IP SRC is used with the MAC SRC: DLink... (same Mac as at the bad try) (06 Nov '15, 04:11) Christian_R So from what I understand, between the good and the bad tries the server's ip seems different? Once (bad) it appears as external ip (5.29.242.61) and the other (good) it appears as internal ip (10.0.0.138)? Are you sure this can be the cause of the problem? here is another link to a good try, which I believe the server's ip seems external: 2nd good try P.S Not sure if this is related but I am using a dns client (DUC) on my server to map my server's ip to a constant host. (06 Nov '15, 06:58) Nom1fan In the second trace I can see the same addresses like yesterday. But today they work. DNS should have nothing to do with it. - If you took the trace at the server, then I would check the logs of the server. - check fw config - and as @Kurt mentioned is there another adapter or WI-FI adapter at the system? (06 Nov '15, 10:08) Christian_R I have only one router so only one wi-fi adapter, nothing else. (06 Nov '15, 11:39) Nom1fan Hm I what I meant was: Is there only one NIC at the server? If yes then it is O.K. Maybe it is the Firewall software at the server? (06 Nov '15, 12:16) Christian_R showing 5 of 12 show 7 more comments |
O.K. I repeat my advice ;-))
Please take a look at the pcap file tcp_retrans.pcapng and apply the following filter.
You will see, that ALL connections (from the internet and the local network) to 10.0.0.1 are being 'dropped' (SYN resend). There are some TCP RESETs for port 80 and 443, but not for any other port. I see the following possible reasons for that behavior. Most likeley reason at the top!
Please disable the Windows Firewall for a test or any other security software installed on 10.0.0.1 (like AV, VPN client, Endpoint Security, etc.). Most likely the problem will then be gone. Regards answered 06 Nov '15, 09:30  Kurt Knochner ♦ Hi Kurt, Thanks a lot for the detailed response! I extremely appreciate your help! I will try to reproduce the issue and then try to disable Windows Firewall, AV, etc one by one to see which is the culprit. (06 Nov '15, 11:36) Nom1fan |
Can you tell us the following infos: Server IP ?, Server Port ?
Edited into my question. Thanks!