Les Forums

Les forums sont fermés. Ils restent présent pour consultation et archivage.
Vous pouvez désormais poser vos questions directement dans les commentaires en bas de chaque page du site.
Alors n'hésitez pas à participer

TCP erreur : window size

Bonjour,
j'ai des problèmes avec les connexions TCP sur un serveur solaris.
Ce problème ne se produit que pour un seul peer.
les connexions restent en ESTABLISHED, elle ne se ferment jamais.
J'ai fait une capture de trame.
Le three way handshake pour initier la connexion se passe bien (paquet 119,120,121).
Juste après le client distant envoie un segment "window update" (paquet 122) marqué en erreur par ethereal, bien que je n'ai pas pu trouver l'erreur.
après cela le serveur se contente de renvoyer le même paquet de syn-ack ( numéro 120) , sans le flag syn.
et le client renvoie le premier paquet data indéfiniment (numéro 124 ).

paquet 119 :
[code:1:59d6723c08]
No. Time Source Destination Protocol Info
119 1015.339625 217.70.85.68 10.3.0.11 TCP 7341 > https [SYN] Seq=0 Len=0 MSS=1380 WS=0 TSV=540817 TSER=0

Frame 119 (74 bytes on wire, 74 bytes captured)
Arrival Time: Apr 14, 2008 13:59:20.565969000
Time delta from previous packet: 1015.339625000 seconds
Time since reference or first frame: 1015.339625000 seconds
Frame Number: 119
Packet Length: 74 bytes
Capture Length: 74 bytes
Protocols in frame: eth:ip:tcp
Coloring Rule Name: TCP SYN/FIN
Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1
Ethernet II, Src: Radware_21:56:00 (00:03:b2:21:56:00), Dst: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Destination: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Source: Radware_21:56:00 (00:03:b2:21:56:00)
Type: IP (0x0800)
Internet Protocol, Src: 217.70.85.68 (217.70.85.68), Dst: 10.3.0.11 (10.3.0.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x27ca (10186)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (0x06)
Header checksum: 0x205a [correct]
Source: 217.70.85.68 (217.70.85.68)
Destination: 10.3.0.11 (10.3.0.11)
Transmission Control Protocol, Src Port: 7341 (7341), Dst Port: https (443), Seq: 0, Len: 0
Source port: 7341 (7341)
Destination port: https (443)
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x9617 [validation disabled]
Options: (20 bytes)
Maximum segment size: 1380 bytes
NOP
Window scale: 0 (multiply by 1)
NOP
NOP
Time stamp: tsval 540817, tsecr 0
[/code:1:59d6723c08]

paquet 120
[code:1:59d6723c08]
No. Time Source Destination Protocol Info
120 1015.339680 10.3.0.11 217.70.85.68 TCP https > 7341 [SYN, ACK] Seq=0 Ack=1 Win=49248 Len=0 TSV=1088584284 TSER=540817 MSS=1460 WS=0

Frame 120 (74 bytes on wire, 74 bytes captured)
Arrival Time: Apr 14, 2008 13:59:20.566024000
Time delta from previous packet: 0.000055000 seconds
Time since reference or first frame: 1015.339680000 seconds
Frame Number: 120
Packet Length: 74 bytes
Capture Length: 74 bytes
Protocols in frame: eth:ip:tcp
Coloring Rule Name: TCP SYN/FIN
Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1
Ethernet II, Src: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9), Dst: Radware_21:56:00 (00:03:b2:21:56:00)
Destination: Radware_21:56:00 (00:03:b2:21:56:00)
Source: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Type: IP (0x0800)
Internet Protocol, Src: 10.3.0.11 (10.3.0.11), Dst: 217.70.85.68 (217.70.85.68)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x1deb (7659)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 60
Protocol: TCP (0x06)
Header checksum: 0xe838 [correct]
Source: 10.3.0.11 (10.3.0.11)
Destination: 217.70.85.68 (217.70.85.68)
Transmission Control Protocol, Src Port: https (443), Dst Port: 7341 (7341), Seq: 0, Ack: 1, Len: 0
Source port: https (443)
Destination port: 7341 (7341)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 40 bytes
Flags: 0x0012 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 49248
Checksum: 0x38c7 [validation disabled]
Options: (20 bytes)
NOP
NOP
Time stamp: tsval 1088584284, tsecr 540817
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
[/code:1:59d6723c08]

paquet 121
[code:1:59d6723c08]
No. Time Source Destination Protocol Info
121 1015.345225 217.70.85.68 10.3.0.11 TCP 7341 > https [ACK] Seq=1 Ack=1 Win=49248 Len=0 TSV=1088584284 TSER=540817 MSS=1460 WS=0

Frame 121 (74 bytes on wire, 74 bytes captured)
Arrival Time: Apr 14, 2008 13:59:20.571569000
Time delta from previous packet: 0.005545000 seconds
Time since reference or first frame: 1015.345225000 seconds
Frame Number: 121
Packet Length: 74 bytes
Capture Length: 74 bytes
Protocols in frame: eth:ip:tcp
Coloring Rule Name: TCP
Coloring Rule String: tcp
Ethernet II, Src: Radware_21:56:00 (00:03:b2:21:56:00), Dst: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Destination: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Source: Radware_21:56:00 (00:03:b2:21:56:00)
Type: IP (0x0800)
Internet Protocol, Src: 217.70.85.68 (217.70.85.68), Dst: 10.3.0.11 (10.3.0.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x1deb (7659)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: TCP (0x06)
Header checksum: 0xf338 [correct]
Source: 217.70.85.68 (217.70.85.68)
Destination: 10.3.0.11 (10.3.0.11)
Transmission Control Protocol, Src Port: 7341 (7341), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
Source port: 7341 (7341)
Destination port: https (443)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 40 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 49248
Checksum: 0x67fd [validation disabled]
Options: (20 bytes)
NOP
NOP
Time stamp: tsval 1088584284, tsecr 540817
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
[/code:1:59d6723c08]

paquet 122
[code:1:59d6723c08]
No. Time Source Destination Protocol Info
122 1015.345268 217.70.85.68 10.3.0.11 TCP [TCP Window Update] 7341 > https [ACK] Seq=1 Ack=1 Win=65535 Len=0 TSV=540817 TSER=1088584284

Frame 122 (66 bytes on wire, 66 bytes captured)
Arrival Time: Apr 14, 2008 13:59:20.571612000
Time delta from previous packet: 0.000043000 seconds
Time since reference or first frame: 1015.345268000 seconds
Frame Number: 122
Packet Length: 66 bytes
Capture Length: 66 bytes
Protocols in frame: eth:ip:tcp
Coloring Rule Name: Bad TCP
Coloring Rule String: tcp.analysis.flags
Ethernet II, Src: Radware_21:56:00 (00:03:b2:21:56:00), Dst: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Destination: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Source: Radware_21:56:00 (00:03:b2:21:56:00)
Type: IP (0x0800)
Internet Protocol, Src: 217.70.85.68 (217.70.85.68), Dst: 10.3.0.11 (10.3.0.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x27cb (10187)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (0x06)
Header checksum: 0x2061 [correct]
Source: 217.70.85.68 (217.70.85.68)
Destination: 10.3.0.11 (10.3.0.11)
Transmission Control Protocol, Src Port: 7341 (7341), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
Source port: 7341 (7341)
Destination port: https (443)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x5421 [validation disabled]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 540817, tsecr 1088584284
SEQ/ACK analysis
TCP Analysis Flags
This is a tcp window update
[/code:1:59d6723c08]
paquet 123
[code:1:59d6723c08]
No. Time Source Destination Protocol Info
123 1015.345311 10.3.0.11 217.70.85.68 TCP [TCP Dup ACK 120#1] https > 7341 [ACK] Seq=1 Ack=1 Win=49248 Len=0 TSV=1088584284 TSER=1088584284

Frame 123 (66 bytes on wire, 66 bytes captured)
Arrival Time: Apr 14, 2008 13:59:20.571655000
Time delta from previous packet: 0.000043000 seconds
Time since reference or first frame: 1015.345311000 seconds
Frame Number: 123
Packet Length: 66 bytes
Capture Length: 66 bytes
Protocols in frame: eth:ip:tcp
Coloring Rule Name: Bad TCP
Coloring Rule String: tcp.analysis.flags
Ethernet II, Src: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9), Dst: Radware_21:56:00 (00:03:b2:21:56:00)
Destination: Radware_21:56:00 (00:03:b2:21:56:00)
Source: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Type: IP (0x0800)
Internet Protocol, Src: 10.3.0.11 (10.3.0.11), Dst: 217.70.85.68 (217.70.85.68)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x1dec (7660)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 60
Protocol: TCP (0x06)
Header checksum: 0xe83f [correct]
Source: 10.3.0.11 (10.3.0.11)
Destination: 217.70.85.68 (217.70.85.68)
Transmission Control Protocol, Src Port: https (443), Dst Port: 7341 (7341), Seq: 1, Ack: 1, Len: 0
Source port: https (443)
Destination port: 7341 (7341)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 49248
Checksum: 0x38bf [validation disabled]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1088584284, tsecr 1088584284
SEQ/ACK analysis
TCP Analysis Flags
This is a TCP duplicate ack
Duplicate ACK #: 1
Duplicate to the ACK in frame: 120

[/code:1:59d6723c08]

paquet 124
[code:1:59d6723c08]

No. Time Source Destination Protocol Info
124 1015.345394 217.70.85.68 10.3.0.11 TLS Client Hello
Frame 124 (176 bytes on wire, 176 bytes captured)
Arrival Time: Apr 14, 2008 13:59:20.571738000
Time delta from previous packet: 0.000083000 seconds
Time since reference or first frame: 1015.345394000 seconds
Frame Number: 124
Packet Length: 176 bytes
Capture Length: 176 bytes
Protocols in frame: eth:ip:tcp:ssl
Coloring Rule Name: TCP
Coloring Rule String: tcp
Ethernet II, Src: Radware_21:56:00 (00:03:b2:21:56:00), Dst: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Destination: Fujitsu_f3:95:e9 (00:0b:5d:f3:95:e9)
Source: Radware_21:56:00 (00:03:b2:21:56:00)
Type: IP (0x0800)
Internet Protocol, Src: 217.70.85.68 (217.70.85.68), Dst: 10.3.0.11 (10.3.0.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 162
Identification: 0x27cc (10188)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (0x06)
Header checksum: 0x1ff2 [correct]
Source: 217.70.85.68 (217.70.85.68)
Destination: 10.3.0.11 (10.3.0.11)
Transmission Control Protocol, Src Port: 7341 (7341), Dst Port: https (443), Seq: 1, Ack: 1, Len: 110
Source port: 7341 (7341)
Destination port: https (443)
Sequence number: 1 (relative sequence number)
Next sequence number: 111 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x0e96 [validation disabled]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 540817, tsecr 1088584284
Secure Socket Layer

[/code:1:59d6723c08]

Ce paquet [i:59d6723c08]tcp window update est-il valide ?
Quelqu'un a-t-il une idée ?
Merci d'avance à ceux qui prendrons le temps d'étudier ce cas.

Salut
Ton cas est intéressant mais je n'ai (à 1ère vue) pas trouvé.

As tu la trace ethereal original ? pour me l'envoyer, ainsi je pourrai mieux analyser avec wireshark.

La trace 124 dit:
[code:1:7facd1837d] Sequence number: 1 (relative sequence number)
Next sequence number: 111 (relative sequence number)
Acknowledgement number: 1 (relative ack number) [/code:1:7facd1837d]

C'est peut-être une piste à creuser le «Next sequence» ???

Pas facile de savoir sans plus d"éléments.
Tes autres hôtes, ceux avec qui le serveur fonctionnent, ont-ils cette information si tu analyses leurs paquets ?

Tes autres hôtes sont-ils sur le même réseau privé 10.0.0.0 ?

Et enfin, tentes-tu de te connecter à ce serveur simultanément avec plusieurs hôtes ? Je demande cela au cas où ton nat ne taperait pas dans les gamelles. À moins que cela ne soit un proxy-web ???

Tes hôtes sont-ils semblables en confguration ?
- même réseau
- traversent le même nat
- passent au travers d'un proxy web
- etc...

cordialement
nono

Merci pour ta réponse et désolé pour la mienne, un peu tardive.
Je me suis peut être mal exprimé : le serveur est de mon coté.( 10.3.0.11 )
et le client est le 217.70.85.68.
Nous n'avons eu aucun problème avec les autres clients.
De notre coté ce serveur est redondé avec du load balancing et le même problème est apparu sur les deux serveur.
Cependant le problème s'est réglé côté client.
Il semble que ce soit leur proxy qui cafouillait car, en le bypassant, le problème à disparu.
Pourtant je ne m'explique pas ce qui provoque l'erreur, ni même ou elle se trouve...
Les mystères de l'informatique.
Merci encore.

FRAMEIP.COM

Partage des connaissances du monde TCP/IP

Les Forums

TCP erreur : window size