-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
Today while I was diagnosing a FTP problem which turned out to be EPSV
issue I
found some very interesting things in the tcpdumps.
From what I understand from the trace, after a few retransmits, the
client side
sends FIN/ACK to close the connection, and receives ACK.
But while waiting for the remote side to send it's FIN/ACK to be
ACK'ed, it continues
to send the retransmits that it did before the first FIN/ACK, but they
are now truncated.
Here is the exported trace from Wireshark. I can also send it in
tcpdump output format if someone prefers it.
10.10.0.10 is the client IP.
10.20.0.20 is the server IP.
Look for the "Destination Unreachable" messages generated by the
broken retransmits.
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 47, Ack: 248, Len: 0
No. Time Source Destination
Protocol Info
23 11.930506 10.10.0.10 10.20.0.20 FTP
Request: EPSV
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 47, Ack: 248, Len: 6
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
24 11.987691 10.20.0.20 10.10.0.10 FTP
Response: 229 Entering Extended Passive Mode (|||59364|)
Internet Protocol, Src: 10.20.0.20 (10.20.0.20), Dst: 10.10.0.10
(10.10.0.10)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 65073
(65073), Seq: 248, Ack: 53, Len: 48
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
25 11.987770 10.10.0.10 10.20.0.20 TCP
62552 > 59364 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=3 TSV=2276550531
TSER=0
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 62552 (62552), Dst Port:
59364 (59364), Seq: 0, Len: 0
No. Time Source Destination
Protocol Info
26 12.087485 10.10.0.10 10.20.0.20 TCP
65073 > ftp [ACK] Seq=53 Ack=296 Win=66608 Len=0 TSV=2276550631
TSER=3200765949
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 0
No. Time Source Destination
Protocol Info
27 14.987564 10.10.0.10 10.20.0.20 TCP
62552 > 59364 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=3 TSV=2276553531
TSER=0
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 62552 (62552), Dst Port:
59364 (59364), Seq: 0, Len: 0
No. Time Source Destination
Protocol Info
28 18.187647 10.10.0.10 10.20.0.20 TCP
62552 > 59364 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=3 TSV=2276556731
TSER=0
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 62552 (62552), Dst Port:
59364 (59364), Seq: 0, Len: 0
No. Time Source Destination
Protocol Info
29 21.387724 10.10.0.10 10.20.0.20 TCP
62552 > 59364 [SYN] Seq=0 Win=65535 Len=0 MSS=1460
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 62552 (62552), Dst Port:
59364 (59364), Seq: 0, Len: 0
No. Time Source Destination
Protocol Info
30 24.587802 10.10.0.10 10.20.0.20 TCP
62552 > 59364 [SYN] Seq=0 Win=65535 Len=0 MSS=1460
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 62552 (62552), Dst Port:
59364 (59364), Seq: 0, Len: 0
No. Time Source Destination
Protocol Info
31 27.787885 10.10.0.10 10.20.0.20 TCP
62552 > 59364 [SYN] Seq=0 Win=65535 Len=0 MSS=1460
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 62552 (62552), Dst Port:
59364 (59364), Seq: 0, Len: 0
No. Time Source Destination
Protocol Info
32 33.988042 10.10.0.10 10.20.0.20 TCP
62552 > 59364 [SYN] Seq=0 Win=65535 Len=0 MSS=1460
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 62552 (62552), Dst Port:
59364 (59364), Seq: 0, Len: 0
No. Time Source Destination
Protocol Info
33 46.188343 10.10.0.10 10.20.0.20 TCP
62552 > 59364 [SYN] Seq=0 Win=65535 Len=0 MSS=1460
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 62552 (62552), Dst Port:
59364 (59364), Seq: 0, Len: 0
No. Time Source Destination
Protocol Info
34 70.388952 10.10.0.10 10.20.0.20 TCP
62552 > 59364 [SYN] Seq=0 Win=65535 Len=0 MSS=1460
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 62552 (62552), Dst Port:
59364 (59364), Seq: 0, Len: 0
No. Time Source Destination
Protocol Info
35 86.989453 10.10.0.10 10.20.0.20 FTP
Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
36 87.287370 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
37 87.683379 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
38 88.275395 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
39 89.259423 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
40 91.027467 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
41 92.859511 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
42 96.323600 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
43 103.051770 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
44 116.308102 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
45 142.620762 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: EPRT |1|10.10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 53, Ack: 296, Len: 31
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
46 146.991908 10.10.0.10 10.20.0.20 TCP
65073 > ftp [FIN, ACK] Seq=84 Ack=296 Win=66608 Len=0 TSV=2276685532
TSER=3200765949
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 84, Ack: 296, Len: 0
No. Time Source Destination
Protocol Info
47 147.049585 10.20.0.20 10.10.0.10 TCP ftp
> 65073 [ACK] Seq=296 Ack=65 Win=5792 Len=0 TSV=3200901032
TSER=2276550631 SLE=72 SRE=73
Internet Protocol, Src: 10.20.0.20 (10.20.0.20), Dst: 10.10.0.10
(10.10.0.10)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 65073
(65073), Seq: 296, Ack: 65, Len: 0
No. Time Source Destination
Protocol Info
48 211.050479 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: 10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 65, Ack: 296, Len: 19
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
49 211.118136 10.20.0.20 10.10.0.10 ICMP
Destination unreachable (Host administratively prohibited)
Internet Protocol, Src: 10.20.0.20 (10.20.0.20), Dst: 10.10.0.10
(10.10.0.10)
Internet Control Message Protocol
No. Time Source Destination
Protocol Info
50 275.052084 10.10.0.10 10.20.0.20 FTP
[TCP Retransmission] Request: 10.0.10|49610|
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 65, Ack: 296, Len: 19
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
51 275.105225 10.20.0.20 10.10.0.10 ICMP
Destination unreachable (Host administratively prohibited)
Internet Protocol, Src: 10.20.0.20 (10.20.0.20), Dst: 10.10.0.10
(10.10.0.10)
Internet Control Message Protocol
No. Time Source Destination
Protocol Info
52 299.988028 10.20.0.20 10.10.0.10 FTP
Response: 421 No Transfer Timeout (300 seconds): closing control
connection.
Internet Protocol, Src: 10.20.0.20 (10.20.0.20), Dst: 10.10.0.10
(10.10.0.10)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 65073
(65073), Seq: 296, Ack: 65, Len: 68
File Transfer Protocol (FTP)
No. Time Source Destination
Protocol Info
53 299.988051 10.10.0.10 10.20.0.20 TCP
65073 > ftp [RST] Seq=65 Win=0 Len=0
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 65, Len: 0
No. Time Source Destination
Protocol Info
54 299.988053 10.20.0.20 10.10.0.10 TCP ftp
> 65073 [FIN, ACK] Seq=364 Ack=65 Win=5792 Len=0 TSV=3201053996
TSER=2276550631 SLE=72 SRE=73
Internet Protocol, Src: 10.20.0.20 (10.20.0.20), Dst: 10.10.0.10
(10.10.0.10)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: 65073
(65073), Seq: 364, Ack: 65, Len: 0
No. Time Source Destination
Protocol Info
55 299.988060 10.10.0.10 10.20.0.20 TCP
65073 > ftp [RST] Seq=65 Win=0 Len=0
Internet Protocol, Src: 10.10.0.10 (10.10.0.10), Dst: 10.20.0.20
(10.20.0.20)
Transmission Control Protocol, Src Port: 65073 (65073), Dst Port: ftp
(21), Seq: 65, Len: 0
No. Time Source Destination
Protocol Info
56 300.041497 10.20.0.20 10.10.0.10 ICMP
Destination unreachable (Host administratively prohibited)
- --
Regards,
Nikolay Denev
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iEYEARECAAYFAkqSpVgACgkQHNAJ/fLbfrmTHwCfUcgiwrc1VsWB3Om627VDqTx9
bzwAoJrlsZCOqiZ99QWHoGkvSYpuDbmr
=0VLB
-----END PGP SIGNATURE-----
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"
