Odd sequence....

[Rogier Wolff]

Hi,

I just caught a TCP dump that looks kind of funny to me:

 1 16:58:19.895993 bwww.ssh > 14dyn184.61101: . 864:864(0) ack 816   
 2 16:58:19.909331 14dyn184.61101 > bwww.ssh: P 816:836(20) ack 784   
 3 16:58:19.915995 bwww.ssh > 14dyn184.61101: P 784:824(40) ack 816   
 4 16:58:19.929933 14dyn184.61101 > bwww.ssh: . 836:836(0) ack 864   
 5 16:58:20.090871 14dyn184.61101 > bwww.ssh: P 836:856(20) ack 864   
 6 16:58:20.136009 bwww.ssh > 14dyn184.61101: P 864:884(20) ack 836   
 7 16:58:20.149553 14dyn184.61101 > bwww.ssh: . 856:856(0) ack 884   
 8 16:58:20.155974 bwww.ssh > 14dyn184.61101: P 884:904(20) ack 836   
 9 16:58:20.169551 14dyn184.61101 > bwww.ssh: . 856:856(0) ack 904   
10 16:58:20.315990 bwww.ssh > 14dyn184.61101: . 904:904(0) ack 856   
11 16:58:20.316002 bwww.ssh > 14dyn184.61101: P 904:924(20) ack 856   
12 16:58:20.329548 14dyn184.61101 > bwww.ssh: . 856:856(0) ack 924   
13 16:58:40.477658 14dyn184.61101 > bwww.ssh: P 856:876(20) ack 924   
14 16:58:40.744978 bwww.ssh > 14dyn184.61101: . 1696:1696(0) ack 876   
15 16:59:19.536500 14dyn184.61101 > bwww.ssh: P 876:896(20) ack 924   
16 16:59:19.803107 bwww.ssh > 14dyn184.61101: . 1696:1696(0) ack 896  

(all packets had win 32120 (DF) [tos 0x10], which is not show above). 


If I'm not mistaken, packet 4, is the one that messes things up:
it acknowledges 40 bytes it hasn't recieved. 

After 20 seconds of patience (*), at 16:58:40 I type another "return"
to try and get things moving again. At that moment bwww, sends a
packet indicating that we've missed 864-1696. Rosie then doesn't react
and acks whatever it HAS recieved, to try to tempt bwww to perform a
fast(!)-retransmit.

                                Roger. 


Machines involved:
   rosie: 2.0.36 doing the ssh. (has been ssh-ing into bwww for a year
          now with no problems, but until today had the PPP link itself)
   abra:  2.2.15 running the tcpdump (on the ppp link), doing masquerading
   bwww:  2.2.13 target of the ssh session. 

(Yes, rosie is on its way to the scrapyard). 


(*) You see me typing the last part of "tail -f
/var/log/messages<enter>" and hit enter. I seem to be typing
characters at 200ms intervals. (5 cps, 300 characters per minutes,
sounds about right :-).


-- 
** [EMAIL PROTECTED] ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
*       Common sense is the collection of                                *
******  prejudices acquired by age eighteen.   -- Albert Einstein ********
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]