Re: [Courier-imap] Intermittant connection problems from Windows machines

Brian Candler Fri, 29 Jun 2007 12:35:59 -0700

On Fri, Jun 29, 2007 at 03:28:20PM +0100, Adrian wrote:
> Just a quick update, I have gone through the tcpdump files from yesterday 
> afternoon and overnight (server only, I haven't tried on the Windows clients 
> yet).
> 
> Filtering on TCP RST <-- I have not found more that 2 or 3 instances for 
> clients on the LAN. I'm still monitoring today so we'll see what comes out of 
> that.


OK. Well there are several ways the session might be dropped:

(1) SYN and RST.

The connection was never accept()ed. Typically this means that nothing is
listening on that port. Using telnet you'd see:

$ telnet localhost 9999
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

And the corresponding tcpdump is:

20:25:06.744967 IP 127.0.0.1.42154 > 127.0.0.1.9999: S 2922889118:2922889118(0) 
win 32767 <mss 16396,sackOK,timestamp 42993196 0,nop,wscale 2>
20:25:06.777456 IP 127.0.0.1.9999 > 127.0.0.1.42154: R 0:0(0) ack 2922889119 
win 0


(2) The connection is setup (SYN, SYN ACK, ACK) but then immediately torn
down (FIN exchange)

$ telnet localhost 9999
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

And the corresponding tcpdump is:

20:26:52.874376 IP 127.0.0.1.42158 > 127.0.0.1.9999: S 3026007169:3026007169(0) 
win 32767 <mss 16396,sackOK,timestamp 43019728 0,nop,wscale 2>
20:26:52.874449 IP 127.0.0.1.9999 > 127.0.0.1.42158: S 3027683545:3027683545(0) 
ack 3026007170 win 32767 <mss 16396,sackOK,timestamp 43019728 
43019728,nop,wscale 2>
20:26:52.874484 IP 127.0.0.1.42158 > 127.0.0.1.9999: . ack 1 win 8192 
<nop,nop,timestamp 43019728 43019728>
20:26:54.709609 IP 127.0.0.1.9999 > 127.0.0.1.42158: F 1:1(0) ack 1 win 8192 
<nop,nop,timestamp 43020187 43019728>
20:26:54.710186 IP 127.0.0.1.42158 > 127.0.0.1.9999: F 1:1(0) ack 2 win 8192 
<nop,nop,timestamp 43020187 43020187>
20:26:54.710222 IP 127.0.0.1.9999 > 127.0.0.1.42158: . ack 2 win 8192 
<nop,nop,timestamp 43020187 43020187>

This would be the case if the daemon accepts the connection, but then
decides that it won't handle it (e.g. it doesn't like the source IP address,
or it has too many concurrent connections)


(3) The connection is setup, a response is immediately generated by the
daemon, and the connection is torn down.

$ telnet localhost 9999
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* ERR go away
Connection closed by foreign host.

This is like case (2), but with some data sent back before the FIN exchange.

Here's tcpdump with -X option:

20:29:23.820762 IP 127.0.0.1.41617 > 127.0.0.1.9999: S 3200322966:3200322966(0) 
win 32767 <mss 16396,sackOK,timestamp 43057464 0,nop,wscale 2>
        0x0000:  4510 003c 0cae 4000 4006 2ffc 7f00 0001  E..<[EMAIL 
PROTECTED]@./.....
        0x0010:  7f00 0001 a291 270f bec1 0d96 0000 0000  ......'.........
        0x0020:  a002 7fff f5e9 0000 0204 400c 0402 080a  [EMAIL PROTECTED]
        0x0030:  0291 0138 0000 0000 0103 0302            ...8........
20:29:23.822005 IP 127.0.0.1.9999 > 127.0.0.1.41617: S 3190352600:3190352600(0) 
ack 3200322967 win 32767 <mss 16396,sackOK,timestamp 43057464 
43057464,nop,wscale 2>
        0x0000:  4500 003c 0000 4000 4006 3cba 7f00 0001  E..<[EMAIL 
PROTECTED]@.<.....
        0x0010:  7f00 0001 270f a291 be28 ead8 bec1 0d97  ....'....(......
        0x0020:  a012 7fff 490e 0000 0204 400c 0402 080a  [EMAIL PROTECTED]
        0x0030:  0291 0138 0291 0138 0103 0302            ...8...8....
20:29:23.822673 IP 127.0.0.1.41617 > 127.0.0.1.9999: . ack 1 win 8192 
<nop,nop,timestamp 43057465 43057464>
        0x0000:  4510 0034 0caf 4000 4006 3003 7f00 0001  [EMAIL 
PROTECTED]@.0.....
        0x0010:  7f00 0001 a291 270f bec1 0d97 be28 ead9  ......'......(..
        0x0020:  8010 2000 122c 0000 0101 080a 0291 0139  .....,.........9
        0x0030:  0291 0138                                ...8
20:29:27.122060 IP 127.0.0.1.9999 > 127.0.0.1.41617: P 1:15(14) ack 1 win 8192 
<nop,nop,timestamp 43058290 43057465>
        0x0000:  4500 0042 ebe0 4000 4006 50d3 7f00 0001  [EMAIL 
PROTECTED]@.P.....
        0x0010:  7f00 0001 270f a291 be28 ead9 bec1 0d97  ....'....(......
        0x0020:  8018 2000 fe36 0000 0101 080a 0291 0472  .....6.........r
        0x0030:  0291 0139 2a20 4552 5220 676f 2061 7761  ...9*.ERR.go.awa
        0x0040:  790a                                     y.
20:29:27.122106 IP 127.0.0.1.41617 > 127.0.0.1.9999: . ack 15 win 8192 
<nop,nop,timestamp 43058290 43058290>
        0x0000:  4510 0034 0cb0 4000 4006 3002 7f00 0001  [EMAIL 
PROTECTED]@.0.....
        0x0010:  7f00 0001 a291 270f bec1 0d97 be28 eae7  ......'......(..
        0x0020:  8010 2000 0bab 0000 0101 080a 0291 0472  ...............r
        0x0030:  0291 0472                                ...r
20:29:27.666769 IP 127.0.0.1.9999 > 127.0.0.1.41617: F 15:15(0) ack 1 win 8192 
<nop,nop,timestamp 43058426 43058290>
        0x0000:  4500 0034 ebe1 4000 4006 50e0 7f00 0001  [EMAIL 
PROTECTED]@.P.....
        0x0010:  7f00 0001 270f a291 be28 eae7 bec1 0d97  ....'....(......
        0x0020:  8011 2000 0b22 0000 0101 080a 0291 04fa  ....."..........
        0x0030:  0291 0472                                ...r
20:29:27.667479 IP 127.0.0.1.41617 > 127.0.0.1.9999: F 1:1(0) ack 16 win 8192 
<nop,nop,timestamp 43058426 43058426>
        0x0000:  4510 0034 0cb1 4000 4006 3001 7f00 0001  [EMAIL 
PROTECTED]@.0.....
        0x0010:  7f00 0001 a291 270f bec1 0d97 be28 eae8  ......'......(..
        0x0020:  8011 2000 0a99 0000 0101 080a 0291 04fa  ................
        0x0030:  0291 04fa                                ....
20:29:27.667512 IP 127.0.0.1.9999 > 127.0.0.1.41617: . ack 2 win 8192 
<nop,nop,timestamp 43058426 43058426>
        0x0000:  4500 0034 ebe2 4000 4006 50df 7f00 0001  [EMAIL 
PROTECTED]@.P.....
        0x0010:  7f00 0001 270f a291 be28 eae8 bec1 0d98  ....'....(......
        0x0020:  8010 2000 0a99 0000 0101 080a 0291 04fa  ................
        0x0030:  0291 04fa                                ....


(4) The connection is set up, a normal IMAP exchange starts to take place,
but something goes wrong later on (e.g. client tries to authenticate, and
server rejects the authentication request)


Using your tcpdump info, if you know which client suffered the problem and
at what time, you can find which of these scenarios applies to you.

Note that you can filter the tcpdump output when reading it, e.g.

    tcpdump -r mylog.pcap -nX host 1.2.3.4

If you can replicate the problem using telnet to port 143 on the command
line, then seeing *exactly* what response you get back will also distinguish
these cases. So if it happens again, copy-paste it into an E-mail.

> I also had an epiphany yesterday evening which was that by default Ubuntu ( 
> and I believe most mainstream distros do the same ) has IPv6 activated 
> however I seem to remember reading somewhere ( can't remember where or when, 
> that's old age for you! ;) ) that Windows didn't play that well with IPv6.

Unless your clients are connecting to (say) imap.example.com *and* you have
IPv6 address records in your DNS for this name, then the IPv6 stack won't
take part at all.

Regards,

Brian.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap

Re: [Courier-imap] Intermittant connection problems from Windows machines

Reply via email to