Re: question about 3sec timeouts with tcp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have made another test:
Between the client and the server I installed a router (just another linux box forwarding the packets). On all three machines I have made a tcpdump during the connection problem. On the client and the server the tcpdump remains the same as the first tcpdump I ever posted: 

tcpdump client (IP 192.168.1.99):
13:02:37.988210 IP 192.168.1.99.54323 > 192.168.1.1.3306: S 3008255179:3008255179(0) win 5840 <mss 1460,sackOK,timestamp 16259224 0,nop,wscale 6> 13:02:40.988069 IP 192.168.1.99.54323 > 192.168.1.1.3306: S 3008255179:3008255179(0) win 5840 <mss 1460,sackOK,timestamp 16262224 0,nop,wscale 6> 13:02:40.990174 IP 192.168.1.1.3306 > 192.168.1.99.54323: S 2908931182:2908931182(0) ack 3008255180 win 5792 <mss 1460,sackOK,timestamp 1469966 16259224,nop,wscale 7> 13:02:40.990267 IP 192.168.1.99.54323 > 192.168.1.1.3306: . ack 1 win 92 <nop,nop,timestamp 16262226 1469966> 13:02:40.990647 IP 192.168.1.99.54323 > 192.168.1.1.3306: F 1:1(0) ack 1 win 92 <nop,nop,timestamp 16262226 1469966> 13:02:40.992277 IP 192.168.1.1.3306 > 192.168.1.99.54323: F 1:1(0) ack 2 win 46 <nop,nop,timestamp 1469966 16262226> 13:02:40.992304 IP 192.168.1.99.54323 > 192.168.1.1.3306: . ack 2 win 92 <nop,nop,timestamp 16262228 1469966> 

tcpdump server (IP 192.168.1.1):
13:02:38.006264 IP 192.168.1.99.54323 > 192.168.1.1.3306: S 3008255179:3008255179(0) win 5840 <mss 1460,sackOK,timestamp 16259224 0,nop,wscale 6> 13:02:38.006272 IP 192.168.1.1.3306 > 192.168.1.99.54323: S 2908931182:2908931182(0) ack 3008255180 win 5792 <mss 1460,sackOK,timestamp 1469666 16259224,nop,wscale 7> 13:02:41.006512 IP 192.168.1.99.54323 > 192.168.1.1.3306: S 3008255179:3008255179(0) win 5840 <mss 1460,sackOK,timestamp 16262224 0,nop,wscale 6> 13:02:41.006518 IP 192.168.1.1.3306 > 192.168.1.99.54323: S 2908931182:2908931182(0) ack 3008255180 win 5792 <mss 1460,sackOK,timestamp 1469966 16259224,nop,wscale 7> 13:02:41.008521 IP 192.168.1.99.54323 > 192.168.1.1.3306: . ack 1 win 92 <nop,nop,timestamp 16262226 1469966> 13:02:41.008539 IP 192.168.1.99.54323 > 192.168.1.1.3306: F 1:1(0) ack 1 win 92 <nop,nop,timestamp 16262226 1469966> 13:02:41.008565 IP 192.168.1.1.3306 > 192.168.1.99.54323: F 1:1(0) ack 2 win 46 <nop,nop,timestamp 1469966 16262226> 13:02:41.010531 IP 192.168.1.99.54323 > 192.168.1.1.3306: . ack 2 win 92 <nop,nop,timestamp 16262228 1469966>
However on the router you can see that the SYN/ACK packet actually leaves the server (because you can see it on the router) but never reaches the client (to be correctly: never reaches the tcpdump on the client): 

tcpdump router:
13:02:37.928903 IP 192.168.1.99.54323 > 192.168.1.1.3306: S 3008255179:3008255179(0) win 5840 <mss 1460,sackOK,timestamp 16259224 0,nop,wscale 6> 13:02:37.928905 IP 192.168.1.99.54323 > 192.168.1.1.3306: S 3008255179:3008255179(0) win 5840 <mss 1460,sackOK,timestamp 16259224 0,nop,wscale 6> 13:02:37.929902 IP 192.168.1.1.3306 > 192.168.1.99.54323: S 2908931182:2908931182(0) ack 3008255180 win 5792 <mss 1460,sackOK,timestamp 1469666 16259224,nop,wscale 7> 13:02:37.929903 IP 192.168.1.1.3306 > 192.168.1.99.54323: S 2908931182:2908931182(0) ack 3008255180 win 5792 <mss 1460,sackOK,timestamp 1469666 16259224,nop,wscale 7> 13:02:40.928557 IP 192.168.1.99.54323 > 192.168.1.1.3306: S 3008255179:3008255179(0) win 5840 <mss 1460,sackOK,timestamp 16262224 0,nop,wscale 6> 13:02:40.928561 IP 192.168.1.99.54323 > 192.168.1.1.3306: S 3008255179:3008255179(0) win 5840 <mss 1460,sackOK,timestamp 16262224 0,nop,wscale 6> 13:02:40.929557 IP 192.168.1.1.3306 > 192.168.1.99.54323: S 2908931182:2908931182(0) ack 3008255180 win 5792 <mss 1460,sackOK,timestamp 1469966 16259224,nop,wscale 7> 13:02:40.929560 IP 192.168.1.1.3306 > 192.168.1.99.54323: S 2908931182:2908931182(0) ack 3008255180 win 5792 <mss 1460,sackOK,timestamp 1469966 16259224,nop,wscale 7> 13:02:40.930557 IP 192.168.1.99.54323 > 192.168.1.1.3306: . ack 1 win 92 <nop,nop,timestamp 16262226 1469966> 13:02:40.930560 IP 192.168.1.99.54323 > 192.168.1.1.3306: . ack 1 win 92 <nop,nop,timestamp 16262226 1469966> 13:02:40.930568 IP 192.168.1.99.54323 > 192.168.1.1.3306: F 1:1(0) ack 1 win 92 <nop,nop,timestamp 16262226 1469966> 13:02:40.930570 IP 192.168.1.99.54323 > 192.168.1.1.3306: F 1:1(0) ack 1 win 92 <nop,nop,timestamp 16262226 1469966> 13:02:40.931561 IP 192.168.1.1.3306 > 192.168.1.99.54323: F 1:1(0) ack 2 win 46 <nop,nop,timestamp 1469966 16262226> 13:02:40.931562 IP 192.168.1.1.3306 > 192.168.1.99.54323: F 1:1(0) ack 2 win 46 <nop,nop,timestamp 1469966 16262226> 13:02:40.932560 IP 192.168.1.99.54323 > 192.168.1.1.3306: . ack 2 win 92 <nop,nop,timestamp 16262228 1469966> 13:02:40.932561 IP 192.168.1.99.54323 > 192.168.1.1.3306: . ack 2 win 92 <nop,nop,timestamp 16262228 1469966>
On the router you can see every packet twice because of the forward (the first time incoming and the second time outgoing). 

Possible conclusions:
1. It's definitely a client problem.
2. The packet gets lost or is dropped before the tcpdump will see it. Therefore the problem is even before this point (I don't know exactly where the tcpdump is sniffing). 

Hope this helps!

Kind regards,
Leo


--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux