Interesting TCP issue
Steve Watt
steve at Watt.COM
Mon Jan 1 23:50:00 PST 2007
In <20070102013337.26CA513C44B at mx1.freebsd.org>, david at madole.net wrote:
>> From Steve Watt on Monday, January 01, 2007 4:37 PM
>>
>> # tcpdump -vv -s 1500 -i dc0 -X net 213.244.128.0/18
[ snip ]
>> Interesting. I presume it has something to do with the
>> idiotically small window the remote server is advertising. So I
>> set net.inet.tcp.minmss down to 46, and that resulted in a RST
>> being spit back to skype's server when its retransmit happened.
>
>Are you sure the window is really that small and that window scaling was not
>negotiated at the start of the connection? The initial packets are not captured
>here so I can't tell.
>
>Is it possible to get a really complete capture of a session including the initial
>handshake?
Good point. Here's the full capture from a different session. Same
tcpdump flags. My FreeBSD box (a.k.a. wattres.watt.com) said wscale 1,
so that's (if I remember my TCP correctly) what gets used.
Note after the ACK from share.skype.net, my machine doesn't ACK the segment
with the EHLO in it, so we get retransmits. At the application level, I
can see that sendmail got the EHLO, because the milter cb_helo callback
happened. I wasn't at the box when this particular connection attempt
happened, so I couldn't see the Send Q in netstat, but this is exactly
the same appearance as the snippet I showed earlier, so I'm presuming a
similar failure occurred.
Very strange behavior.
22:44:17.578821 IP (tos 0x20, ttl 58, id 56305, offset 0, flags [DF], proto: TCP (6), length: 60) share.skype.net.59816 > wattres.watt.com.smtp: S, cksum 0xf0c3 (correct), 1414414327:1414414327(0) win 5840 <mss 1460,sackOK,timestamp 2520376326 0,nop,wscale 7>
0x0000: 4520 003c dbf1 4000 3a06 1c86 d5f4 aa50 E..<.. at .:......P
0x0010: 425d 8582 e9a8 0019 544e 3ff7 0000 0000 B]......TN?.....
0x0020: a002 16d0 f0c3 0000 0204 05b4 0402 080a ................
0x0030: 9639 e406 0000 0000 0103 0307 .9..........
22:44:17.578958 IP (tos 0x0, ttl 64, id 30930, offset 0, flags [DF], proto: TCP (6), length: 64) wattres.watt.com.smtp > share.skype.net.59816: S, cksum 0xb1c9 (correct), 1236670735:1236670735(0) ack 1414414328 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 554156269 2520376326,sackOK,eol>
0x0000: 4500 0040 78d2 4000 4006 79c1 425d 8582 E.. at x.@. at .y.B]..
0x0010: d5f4 aa50 0019 e9a8 49b6 190f 544e 3ff8 ...P....I...TN?.
0x0020: b012 ffff b1c9 0000 0204 05b4 0103 0301 ................
0x0030: 0101 080a 2107 c0ed 9639 e406 0402 0000 ....!....9......
22:44:17.742243 IP (tos 0x20, ttl 58, id 56306, offset 0, flags [DF], proto: TCP (6), length: 52) share.skype.net.59816 > wattres.watt.com.smtp: ., cksum 0xf13d (correct), 1:1(0) ack 1 win 46 <nop,nop,timestamp 2520376367 554156269>
0x0000: 4520 0034 dbf2 4000 3a06 1c8d d5f4 aa50 E..4.. at .:......P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1910 B]......TN?.I...
0x0020: 8010 002e f13d 0000 0101 080a 9639 e42f .....=.......9./
0x0030: 2107 c0ed !...
22:44:17.785110 IP (tos 0x0, ttl 64, id 30938, offset 0, flags [DF], proto: TCP (6), length: 64) wattres.watt.com.57166 > share.skype.net.auth: S, cksum 0x6899 (correct), 2124104998:2124104998(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 554156474 0,sackOK,eol>
0x0000: 4500 0040 78da 4000 4006 79b9 425d 8582 E.. at x.@. at .y.B]..
0x0010: d5f4 aa50 df4e 0071 7e9b 4526 0000 0000 ...P.N.q~.E&....
0x0020: b002 ffff 6899 0000 0204 05b4 0103 0301 ....h...........
0x0030: 0101 080a 2107 c1ba 0000 0000 0402 0000 ....!...........
22:44:17.947113 IP (tos 0x20, ttl 58, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) share.skype.net.auth > wattres.watt.com.57166: R, cksum 0xc429 (correct), 0:0(0) ack 2124104999 win 0
0x0000: 4520 0028 0000 4000 3a06 f88b d5f4 aa50 E..(.. at .:......P
0x0010: 425d 8582 0071 df4e 0000 0000 7e9b 4527 B]...q.N....~.E'
0x0020: 5014 0000 c429 0000 0000 0000 0000 P....)........
22:44:17.952929 IP (tos 0x0, ttl 64, id 30939, offset 0, flags [DF], proto: TCP (6), length: 98) wattres.watt.com.smtp > share.skype.net.59816: ., cksum 0x3baf (correct), 1:47(46) ack 1 win 33304 <nop,nop,timestamp 554156642 2520376367>
0x0000: 4500 0062 78db 4000 4006 7996 425d 8582 E..bx. at .@.y.B]..
0x0010: d5f4 aa50 0019 e9a8 49b6 1910 544e 3ff8 ...P....I...TN?.
0x0020: 8010 8218 3baf 0000 0101 080a 2107 c262 ....;.......!..b
0x0030: 9639 e42f 3232 3020 7761 7474 7265 732e .9./220.wattres.
0x0040: 7761 7474 2e63 6f6d 2045 534d 5450 2053 watt.com.ESMTP.S
0x0050: 656e 646d 6169 6c20 382e 3133 2e38 2f38 endmail.8.13.8/8
0x0060: 2e31 .1
22:44:18.115814 IP (tos 0x20, ttl 58, id 56307, offset 0, flags [DF], proto: TCP (6), length: 52) share.skype.net.59816 > wattres.watt.com.smtp: ., cksum 0xef3d (correct), 1:1(0) ack 47 win 46 <nop,nop,timestamp 2520376460 554156642>
0x0000: 4520 0034 dbf3 4000 3a06 1c8c d5f4 aa50 E..4.. at .:......P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 193e B]......TN?.I..>
0x0020: 8010 002e ef3d 0000 0101 080a 9639 e48c .....=.......9..
0x0030: 2107 c262 !..b
22:44:18.115887 IP (tos 0x0, ttl 64, id 30940, offset 0, flags [DF], proto: TCP (6), length: 95) wattres.watt.com.smtp > share.skype.net.59816: P, cksum 0xbd09 (correct), 47:90(43) ack 1 win 33304 <nop,nop,timestamp 554156806 2520376460>
0x0000: 4500 005f 78dc 4000 4006 7998 425d 8582 E.._x. at .@.y.B]..
0x0010: d5f4 aa50 0019 e9a8 49b6 193e 544e 3ff8 ...P....I..>TN?.
0x0020: 8018 8218 bd09 0000 0101 080a 2107 c306 ............!...
0x0030: 9639 e48c 332e 383b 204d 6f6e 2c20 3120 .9..3.8;.Mon,.1.
0x0040: 4a61 6e20 3230 3037 2032 323a 3434 3a31 Jan.2007.22:44:1
0x0050: 3720 2d30 3830 3020 2850 5354 290d 0a 7.-0800.(PST)..
22:44:18.279234 IP (tos 0x20, ttl 58, id 56308, offset 0, flags [DF], proto: TCP (6), length: 52) share.skype.net.59816 > wattres.watt.com.smtp: ., cksum 0xee45 (correct), 1:1(0) ack 90 win 46 <nop,nop,timestamp 2520376501 554156806>
0x0000: 4520 0034 dbf4 4000 3a06 1c8b d5f4 aa50 E..4.. at .:......P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8010 002e ee45 0000 0101 080a 9639 e4b5 .....E.......9..
0x0030: 2107 c306 !...
22:44:18.280331 IP (tos 0x20, ttl 58, id 56309, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0xb617 (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520376501 554156806>
0x0000: 4520 004a dbf5 4000 3a06 1c74 d5f4 aa50 E..J.. at .:..t...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e b617 0000 0101 080a 9639 e4b5 .............9..
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:44:18.768992 IP (tos 0x20, ttl 58, id 56310, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0xb59c (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520376624 554156806>
0x0000: 4520 004a dbf6 4000 3a06 1c73 d5f4 aa50 E..J.. at .:..s...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e b59c 0000 0101 080a 9639 e530 .............9.0
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:44:19.754563 IP (tos 0x20, ttl 58, id 56311, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0xb4a6 (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520376870 554156806>
0x0000: 4520 004a dbf7 4000 3a06 1c72 d5f4 aa50 E..J.. at .:..r...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e b4a6 0000 0101 080a 9639 e626 .............9.&
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:44:21.722186 IP (tos 0x20, ttl 58, id 56312, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0xb2ba (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520377362 554156806>
0x0000: 4520 004a dbf8 4000 3a06 1c71 d5f4 aa50 E..J.. at .:..q...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e b2ba 0000 0101 080a 9639 e812 .............9..
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:44:25.659767 IP (tos 0x20, ttl 58, id 56313, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0xaee2 (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520378346 554156806>
0x0000: 4520 004a dbf9 4000 3a06 1c70 d5f4 aa50 E..J.. at .:..p...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e aee2 0000 0101 080a 9639 ebea .............9..
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:44:33.529821 IP (tos 0x20, ttl 58, id 56314, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0xa732 (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520380314 554156806>
0x0000: 4520 004a dbfa 4000 3a06 1c6f d5f4 aa50 E..J.. at .:..o...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e a732 0000 0101 080a 9639 f39a .....2.......9..
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:44:49.276106 IP (tos 0x20, ttl 58, id 56315, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0x97d2 (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520384250 554156806>
0x0000: 4520 004a dbfb 4000 3a06 1c6e d5f4 aa50 E..J.. at .:..n...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e 97d2 0000 0101 080a 963a 02fa .............:..
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:45:20.765784 IP (tos 0x20, ttl 58, id 56316, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0x7912 (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520392122 554156806>
0x0000: 4520 004a dbfc 4000 3a06 1c6d d5f4 aa50 E..J.. at .:..m...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e 7912 0000 0101 080a 963a 21ba ....y........:!.
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:46:23.742617 IP (tos 0x20, ttl 58, id 56317, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0x3b92 (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520407866 554156806>
0x0000: 4520 004a dbfd 4000 3a06 1c6c d5f4 aa50 E..J.. at .:..l...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e 3b92 0000 0101 080a 963a 5f3a ....;........:_:
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:48:23.747790 IP (tos 0x20, ttl 58, id 56318, offset 0, flags [DF], proto: TCP (6), length: 74) share.skype.net.59816 > wattres.watt.com.smtp: P, cksum 0xc661 (correct), 1:23(22) ack 90 win 46 <nop,nop,timestamp 2520437866 554156806>
0x0000: 4520 004a dbfe 4000 3a06 1c6b d5f4 aa50 E..J.. at .:..k...P
0x0010: 425d 8582 e9a8 0019 544e 3ff8 49b6 1969 B]......TN?.I..i
0x0020: 8018 002e c661 0000 0101 080a 963a d46a .....a.......:.j
0x0030: 2107 c306 4548 4c4f 2073 6861 7265 2e73 !...EHLO.share.s
0x0040: 6b79 7065 2e6e 6574 0d0a kype.net..
22:49:18.322070 IP (tos 0x20, ttl 58, id 56319, offset 0, flags [DF], proto: TCP (6), length: 52) share.skype.net.59816 > wattres.watt.com.smtp: F, cksum 0xc92d (correct), 23:23(0) ack 90 win 46 <nop,nop,timestamp 2520451509 554156806>
0x0000: 4520 0034 dbff 4000 3a06 1c80 d5f4 aa50 E..4.. at .:......P
0x0010: 425d 8582 e9a8 0019 544e 400e 49b6 1969 B]......TN at .I..i
0x0020: 8011 002e c92d 0000 0101 080a 963b 09b5 .....-.......;..
0x0030: 2107 c306 !...
--
Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.5" / 37N 20' 15.3"
Internet: steve @ Watt.COM Whois: SW32-ARIN
Free time? There's no such thing. It just comes in varying prices...
More information about the freebsd-hackers
mailing list