Re: Odd time outs and queue growth

From: (no name) (no email)
Date: Fri Feb 27 2004 - 12:43:14 EST

Next message: (no name): "Re: virtual_alias_expansion_limit"
Previous message: Karthik Krishnamurthy: "Re: LMTP strips of '@domain' from virtual domains"
Maybe in reply to: Joshua E Warchol: "Odd time outs and queue growth"
Next in thread: Wietse Venema: "Re: Odd time outs and queue growth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 27 Feb 2004, Joshua E Warchol wrote:

> 11:57:21.893230 65.84.81.7.35091 > 128.146.216.42.smtp: S 4034433024:4034433024(0) win 5840 <mss 1460,sackOK,timestamp 129617169 0,nop,wscale 0> (DF)
> 11:57:21.939462 128.146.216.42.smtp > 65.84.81.7.35091: S 3511657393:3511657393(0) ack 4034433025 win 33304 <nop,nop,timestamp 1839401866 129617169,mss 1460,nop,wscale 1,nop,nop,sackOK> (DF)
> 11:57:21.939517 65.84.81.7.35091 > 128.146.216.42.smtp: . ack 1 win 5840 <nop,nop,timestamp 129617174 1839401866> (DF)

3-way handshake

> 11:57:21.990996 128.146.216.42.smtp > 65.84.81.7.35091: P 1:118(117) ack 1 win 33304 <nop,nop,timestamp 1839401872 129617174> (DF)

220 banner

> 11:57:21.991036 65.84.81.7.35091 > 128.146.216.42.smtp: . ack 118 win 5840 <nop,nop,timestamp 129617179 1839401872> (DF)
> 11:57:21.991358 65.84.81.7.35091 > 128.146.216.42.smtp: P 1:21(20) ack 118 win 5840 <nop,nop,timestamp 129617179 1839401872> (DF)

EHLO myname

> 11:57:22.037745 128.146.216.42.smtp > 65.84.81.7.35091: . ack 21 win 33304 <nop,nop,timestamp 1839401876 129617179> (DF)
> 11:57:22.040003 128.146.216.42.smtp > 65.84.81.7.35091: P 118:453(335) ack 21 win 33304 <nop,nop,timestamp 1839401876 129617179> (DF)

250-hostname
250-...
250-PIPELINING
250 ...

> 11:57:22.041933 65.84.81.7.35091 > 128.146.216.42.smtp: P 21:102(81) ack 453 win 6432 <nop,nop,timestamp 129617184 1839401876> (DF)

Pipelined transaction:
MAIL FROM:<sender><CRLF>RCPT TO:<rcpt><CRLF>DATA<CRLF>

> 11:57:22.088087 128.146.216.42.smtp > 65.84.81.7.35091: . ack 102 win 33304 <nop,nop,timestamp 1839401881 129617184> (DF)
> 11:57:22.192328 128.146.216.42.smtp > 65.84.81.7.35091: P 453:488(35) ack 102 win 33304 <nop,nop,timestamp 1839401892 129617184> (DF)

250 OK <sender>

> 11:57:22.205844 128.146.216.42.smtp > 65.84.81.7.35091: P 488:520(32) ack 102 win 33304 <nop,nop,timestamp 1839401893 129617184> (DF)

250 OK <recipient>

> 11:57:22.224464 65.84.81.7.35091 > 128.146.216.42.smtp: . ack 520 win 6432 <nop,nop,timestamp 129617203 1839401892> (DF)
>

TCP ACK of all responses.

> 11:59:22.244354 65.84.81.7.35091 > 128.146.216.42.smtp: F 102:102(0) ack 520 win 6432 <nop,nop,timestamp 129629204 1839401892> (DF)
> 11:59:22.290535 128.146.216.42.smtp > 65.84.81.7.35091: R 3511657913:3511657913(0) win 0 (DF)
>

After 2 minutes delay FIN/RST. The "DATA" OK was lost, no TCP
retransmission and remote machine able to send back RST in 46ms, so
network looks OK. Looks like a broken firewall somewhere. No DNS lookup
delay.

-- 
	Viktor.

Next message: (no name): "Re: virtual_alias_expansion_limit"
Previous message: Karthik Krishnamurthy: "Re: LMTP strips of '@domain' from virtual domains"
Maybe in reply to: Joshua E Warchol: "Odd time outs and queue growth"
Next in thread: Wietse Venema: "Re: Odd time outs and queue growth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs