Re: Strange TCP behaviour
From: Alan J. McFarlane (alanjmcf_at_yahoo.com.INVALID)
Date: 05/28/04
- Next message: Richard L. Hamilton: "solaris download CD labels - what Avery P/N?"
- Previous message: Daniel Rychcik: "Re: Tapes stuck in drives"
- In reply to: Bruno De Graef: "Strange TCP behaviour"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 28 May 2004 11:58:17 +0100
Bruno De Graef <degraefb@hotmail.com> wrote:
[...]
> However since 2 weeks clients are complaining from timeouts from time
> to time in the browser, where they need to refresh there page. After
> having sniffed the network - client / server / switch - ( because
> nothing was showing up in log files ) we found the following strange
> behaviour in the TCP session.
>
> 1. Client SYN => Server
> 2. Server ACK => Client ????????
[...]
> As you can see the tree-way handshake is disturbed by the server
> sending and ACK to the client with a higher packet number on the
> intial SYN request.
>
Is the difference between 2.'s ACK value and 1's SEQ value one
million (1000000)?
Do you have a Raptor firewall, and has someone enabled "Enable SYN Flood
Protection" option? If so turn it off and make it a rule never to turn it
back on.
> We are completely lost on the issue. Even our Telecom guys can't
> explain the behaviour. Therefore we would like some advise on how to
> explain the behaviour.
>
> Please find here a description on our architecture :
> < Server 1 > - <SWITCH> - <Loadbalancer > - <Firewall> - <VPN> - <NAT
> Firewall> - <Switch> - <Client PC>
-- Alan J. McFarlane http://homepage.ntlworld.com/alanjmcf/ Please follow-up in the newsgroup for the benefit of all.
- Next message: Richard L. Hamilton: "solaris download CD labels - what Avery P/N?"
- Previous message: Daniel Rychcik: "Re: Tapes stuck in drives"
- In reply to: Bruno De Graef: "Strange TCP behaviour"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
