Please help me diag a Qworst routing issue..
Michael March
mmarch at gmail.com
Fri Mar 7 12:14:03 MST 2008
Finally.. here is the filtered output of Wireshark... hmm:
No. Time Source Destination Protocol Info
705 2.277380 10.10.10.130 65.124.118.120 TCP
49639 > https [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=127113829
TSER=0 WS=7
Frame 705 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: Shuttle_45:33:01 (00:30:1b:45:33:01), Dst:
Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b)
Internet Protocol, Src: 10.10.10.130 (10.10.10.130), Dst:
65.124.118.120 (65.124.118.120)
Transmission Control Protocol, Src Port: 49639 (49639), Dst Port:
https (443), Seq: 0, Len: 0
No. Time Source Destination Protocol Info
741 2.389436 65.124.118.120 10.10.10.130 TCP
https > 49639 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460 WS=0
TSV=2325776133 TSER=127113829
Frame 741 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b), Dst:
Shuttle_45:33:01 (00:30:1b:45:33:01)
Internet Protocol, Src: 65.124.118.120 (65.124.118.120), Dst:
10.10.10.130 (10.10.10.130)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49639
(49639), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
742 2.389452 10.10.10.130 65.124.118.120 TCP
49639 > https [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=127113941
TSER=2325776133
Frame 742 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Shuttle_45:33:01 (00:30:1b:45:33:01), Dst:
Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b)
Internet Protocol, Src: 10.10.10.130 (10.10.10.130), Dst:
65.124.118.120 (65.124.118.120)
Transmission Control Protocol, Src Port: 49639 (49639), Dst Port:
https (443), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
743 2.389751 10.10.10.130 65.124.118.120 SSLv2
Client Hello
Frame 743 (199 bytes on wire, 199 bytes captured)
Ethernet II, Src: Shuttle_45:33:01 (00:30:1b:45:33:01), Dst:
Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b)
Internet Protocol, Src: 10.10.10.130 (10.10.10.130), Dst:
65.124.118.120 (65.124.118.120)
Transmission Control Protocol, Src Port: 49639 (49639), Dst Port:
https (443), Seq: 1, Ack: 1, Len: 133
Secure Socket Layer
No. Time Source Destination Protocol Info
849 2.724945 10.10.10.130 65.124.118.120 SSLv2
[TCP Retransmission] Client Hello
Frame 849 (199 bytes on wire, 199 bytes captured)
Ethernet II, Src: Shuttle_45:33:01 (00:30:1b:45:33:01), Dst:
Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b)
Internet Protocol, Src: 10.10.10.130 (10.10.10.130), Dst:
65.124.118.120 (65.124.118.120)
Transmission Control Protocol, Src Port: 49639 (49639), Dst Port:
https (443), Seq: 1, Ack: 1, Len: 133
Secure Socket Layer
No. Time Source Destination Protocol Info
875 2.808976 65.124.118.120 10.10.10.130 SSL
[TCP Previous segment lost] Continuation Data
Frame 875 (822 bytes on wire, 822 bytes captured)
Ethernet II, Src: Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b), Dst:
Shuttle_45:33:01 (00:30:1b:45:33:01)
Internet Protocol, Src: 65.124.118.120 (65.124.118.120), Dst:
10.10.10.130 (10.10.10.130)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49639
(49639), Seq: 1449, Ack: 134, Len: 756
Secure Socket Layer
No. Time Source Destination Protocol Info
876 2.809004 10.10.10.130 65.124.118.120 TCP
[TCP Dup ACK 849#1] 49639 > https [ACK] Seq=134 Ack=1 Win=5888 Len=0
TSV=127114361 TSER=2325776133 SLE=1449 SRE=2205
Frame 876 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: Shuttle_45:33:01 (00:30:1b:45:33:01), Dst:
Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b)
Internet Protocol, Src: 10.10.10.130 (10.10.10.130), Dst:
65.124.118.120 (65.124.118.120)
Transmission Control Protocol, Src Port: 49639 (49639), Dst Port:
https (443), Seq: 134, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
888 2.832684 65.124.118.120 10.10.10.130 TCP
[TCP Window Update] https > 49639 [ACK] Seq=2205 Ack=134 Win=8192
Len=0
Frame 888 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b), Dst:
Shuttle_45:33:01 (00:30:1b:45:33:01)
Internet Protocol, Src: 65.124.118.120 (65.124.118.120), Dst:
10.10.10.130 (10.10.10.130)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49639
(49639), Seq: 2205, Ack: 134, Len: 0
No. Time Source Destination Protocol Info
1870 6.091044 10.10.10.130 65.124.118.120 TCP
49636 > https [FIN, ACK] Seq=1 Ack=1 Win=46 Len=0 TSV=127117643
TSER=2325736997 SLE=1449 SRE=2205
Frame 1870 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: Shuttle_45:33:01 (00:30:1b:45:33:01), Dst:
Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b)
Internet Protocol, Src: 10.10.10.130 (10.10.10.130), Dst:
65.124.118.120 (65.124.118.120)
Transmission Control Protocol, Src Port: 49636 (49636), Dst Port:
https (443), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
12607 47.305779 10.10.10.130 65.124.118.120 TCP
49636 > https [FIN, ACK] Seq=1 Ack=1 Win=46 Len=0 TSV=127158859
TSER=2325736997 SLE=1449 SRE=2205
Frame 12607 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: Shuttle_45:33:01 (00:30:1b:45:33:01), Dst:
Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b)
Internet Protocol, Src: 10.10.10.130 (10.10.10.130), Dst:
65.124.118.120 (65.124.118.120)
Transmission Control Protocol, Src Port: 49636 (49636), Dst Port:
https (443), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
51252 262.269078 65.124.118.120 10.10.10.130 TCP
https > 49639 [RST, ACK] Seq=2205 Ack=134 Win=4513 Len=0
Frame 51252 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_cc:bd:0b (00:1d:7e:cc:bd:0b), Dst:
Shuttle_45:33:01 (00:30:1b:45:33:01)
Internet Protocol, Src: 65.124.118.120 (65.124.118.120), Dst:
10.10.10.130 (10.10.10.130)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49639
(49639), Seq: 2205, Ack: 134, Len: 0
On Fri, Mar 7, 2008 at 11:26 AM, Michael March <mmarch at gmail.com> wrote:
> <mbydalek at compunetconsulting.com> wrote:
> >
> > No, you're not in the same block =/ Also, you labeled this as a "routing"
> > issue .. are you so sure? It seems you can reach the server successfully.
> >
> > Have you used tools such as traceroute (or tracepath), nmap, etc. to make
> > sure you're getting to their servers (in)correctly?
>
> nmap output:
> root at pbx:/etc/asterisk $ nmap -v -P0 netconnect1.paymentech.net
>
> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-03-07 11:19 MST
> DNS resolution of 1 IPs took 0.62s.
> Initiating SYN Stealth Scan against netconnect1.paymentech.net (65.124.118.120)
> Discovered open port 443/tcp on 65.124.118.120
> SYN Stealth Scan Timing: About 49.40% done; ETC: 11:20 (0:00:30 remaining)
> The SYN Stealth Scan took 58.85s to scan 1680 total ports.
> Host netconnect1.paymentech.net (65.124.118.120) appears to be up ... good.
> Interesting ports on netconnect1.paymentech.net (65.124.118.120):
> Not shown: 1678 filtered ports
> PORT STATE SERVICE
> 80/tcp closed http
> 443/tcp open https
>
> Nmap finished: 1 IP address (1 host up) scanned in 59.587 seconds
> Raw packets sent: 3369 (148.236KB) | Rcvd: 12 (552B)
> root at pbx:/etc/asterisk $
>
>
>
> >Perhaps it could be
> > tpaymentech blocking you for some reason. Have you contacted them?
>
> Yeah.. I tried WireShark last night.. only to see what hosts it was
> trying to hit.. I wish I looked a little more carefully..
>
> I'll try to run it again remotely..
>
>
> > The best thing to do would be to fire up wireshark and see what's going on.
> > Maybe you're never receiving an ACK back? Basically the goal would be find
> > out where it's breaking down and go from there.
> >
> > Just some thoughts =)
>
>
> Great thoughts.. thanks!
>
More information about the PLUG-discuss
mailing list