From owner-freebsd-net@FreeBSD.ORG Fri May 13 20:22:47 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 68AF91065675 for ; Fri, 13 May 2011 20:22:47 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id F349F8FC2A for ; Fri, 13 May 2011 20:22:46 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1QKyeG-0005yt-6W for freebsd-net@freebsd.org; Fri, 13 May 2011 22:07:44 +0200 Received: from 192.75.139.248 ([192.75.139.248]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 13 May 2011 22:07:44 +0200 Received: from ivoras by 192.75.139.248 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 13 May 2011 22:07:44 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org From: Ivan Voras Date: Fri, 13 May 2011 16:07:31 -0400 Lines: 79 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 192.75.139.248 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 Subject: Spurious ACKs, ICMP unreachable? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2011 20:22:47 -0000 I'm seeing an an unusual problem at a remote machine; this machine is the FreeBSD server, and the client is a probably Windows machine (but I don't know the details yet). Something happens which causes FreeBSD to send ACKs to the client, and the client to send ICMP unreachable messages to the server. It is most likely a configuration error at the remote site but I have no idea how to verify this. A tcpdump sample is attached. Any ideas what to look into next? 18:56:02.711942 IP server.http > client.4732: Flags [.], ack 2110905191, win 0, length 0 E..(J...@.W..(.d.(.D.P.|....}..gP...lR.. 18:56:02.712009 IP server.http > client.elan: Flags [.], ack 2661379534, win 0, length 0 E..(J...@.V..(.d.(.D.P.b.(....m.P....... 18:56:02.712025 IP server.http > client.2402: Flags [.], ack 2197439003, win 0, length 0 E..(J...@.V..(.d.(.D.P b.m>5..B.P...@p.. 18:56:02.712064 IP server.http > client.3427: Flags [.], ack 1373214750, win 0, length 0 E..(K%..@.V..(.d.(.D.P^Mc_N..Q...P....... 18:56:02.712176 IP server.http > client.1893: Flags [.], ack 3549121877, win 0, length 0 E..(K...@.V..(.d.(.D.P.ee..G..MUP...~_.. 18:56:02.712304 IP server.http > client.atex_elmd: Flags [.], ack 2600295677, win 0, length 0 E..(Lq..@.UU.(.d.(.D.P.i.*.F..\.P...,... 18:56:02.713155 IP server.http > client.4732: Flags [.], ack 1, win 65535, length 0 E..(L.@.@..2.(.d.(.D.P.|....}..gP....... 18:56:02.713193 IP server.http > client.elan: Flags [.], ack 1, win 65535, length 0 E..(L.@.@....(.d.(.D.P.b.(....m.P....... 18:56:02.713206 IP server.http > client.2402: Flags [.], ack 1, win 65535, length 0 E..(L.@.@....(.d.(.D.P b.m>6..B.P....... 18:56:02.713452 IP server.http > client.3427: Flags [.], ack 1, win 65535, length 0 E..(L.@.@....(.d.(.D.P^Mc_N..Q...P....... 18:56:02.713937 IP server.http > client.1893: Flags [.], ack 1, win ovd65535, length 0 E..(M'@.@....(.d.(.D.P.ee..H..MUP....... 18:56:02.714436 IP server.http > client.atex_elmd: Flags [.], ack 1, win 65535, length 0 E..(M.@.@..P.(.d.(.D.P.i.*.G..\.P....... 18:56:05.723511 IP client > server: ICMP host client unreachable, length 48 E..D.8..?....(.D.(.d........E..(J...>.Y..(.d.(.D.P.|....}..gP...lR.. 18:56:05.723527 IP client > server: ICMP host client unreachable, length 48 E..D.9..?....(.D.(.d........E..(L.@.>..2.(.d.(.D.P.|....}..gP...lQ.. 18:56:07.712140 IP server.http > client.1859: Flags [.], ack 70891158, win 0, length 0 E..(N0..@.S..(.d.(.D.P.C.>S..9..P....... 18:56:07.712161 IP server.http > client.dict: Flags [.], ack 878675698, win 0, length 0 E..(NF..@.S..(.d.(.D.P D...:4_..P...g... 18:56:07.713390 IP server.http > client.1859: Flags [.], ack 1, win 65535, length 0 E..(O.@.@....(.d.(.D.P.C.>S..9..P....... 18:56:07.713459 IP server.http > client.dict: Flags [.], ack 1, win 65535, length 0 E..(O.@.@....(.d.(.D.P D...;4_..P....... 18:56:17.712207 IP server.http > client.3454: Flags [.], ack 119451926, win 0, length 0 E..(R...@.O..(.d.(.D.P^M~@.i.....P...f7.. 18:56:17.712354 IP server.http > client.2412: Flags [.], ack 4105579117, win 0, length 0 E..(R...@.N..(.d.(.D.P l......*mP....... 18:56:17.712448 IP server.http > client.3438: Flags [.], ack 1002884906, win 0, length 0 E..(SL..@.Nz.(.d.(.D.P^MnF.;.;..*P...;... 18:56:17.713764 IP server.http > client.3454: Flags [.], ack 1, win 65535, length 0 E..(S.@.@.^M..(.d.(.D.P^M~@.i.....P....... 18:56:17.714361 IP server.http > client.2412: Flags [.], ack 1, win 65535, length 0 E..(TY@.@.^M}.(.d.(.D.P l......*mP.......