|
Hi all,
I have a problem where sometimes some long standing mp3 streaming
sessions over HTTP are terminated because the LVS-DR director sends an
"ICMP type 3 code 10 - host unreachable" packet to the client (which is
the source of the mp3 stream). When this happens the client stops
sending packets for 15 minutes 15 minutes (the TCP idle session timeout
of LVS?) before it reconnects on the same ports. The 15 minutes seems to
be related to the connection timing out of the LVS connection table.
When this happens the real servers are all fine, load is not heavy and
ldirectord is able to perform it's checks. In fact nothing shows in the
ldirectord.log so the real servers are all available.
This is quite a long post, I've tried to include all relevant details.
My setup: ISP router -> LVS Director -> Local switch -> Realserver[123]
-> ISP router
Directions I've looked into so far and questions I've asked myself:
----------------------------------------------
1. enabled "quiescent=yes" to maybe not terminate existing connection,
but this is not the problem I think because the real servers are all
available when this happens.
2. Where is this ICMP packet generated in linux/net/ipv4/ipvs/* source
files? Answer: nowhere!, at least not with type 3 code 10
3. Could it be that this ICMP packet is generated by some sort of
denial-of-service defense code that I'm unaware of?
4. Where is this specific ICMP packet (HOST_UNREACH_ANO) genererated in
the kernel?
Answer: net/ipv4/netfilter/ipt_REJECT.c:
send_unreach(*pskb, ICMP_HOST_ANO);
So it appears that netfilter (iptables?) is sending it. Why?
This could be due to the firewall rule:
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
But why is this sent on an existing, established and active connection?
Or is there some TCP timeout because the director only sees incoming
packets on the connection? Maybe this rings a bell with someone.
5. Maybe the client is not behaving correctly by not continuing to send
data after receiving ICMP host unreachable? TCP/IP Illustrated Vol1
[Stevens] says on page 317, 21.10 ICMP Errors:
"A received host unreachable or network unreachable is effectively
ignored, since these two errors are considered transient. ... It could
be that an intermediate router has gone down and it can take the routing
protocols a few minutes to stabilize on an alternative route.. During
this period either of these two ICMP errors can occur, but the must not
abort the connection. Instead, TCP keeps trying to send the data that
caused the error, although it may eventually time out."
Assuming attachments are not accepted by the list, I've included the TCP
trace (export from Ethereal) and setup/configuration information below.
The TCP trace has been merged in Ethereal by taking the .pcap file from
the director and the real server to which the session was connected. The
ICMP packet originates from the director and not from the real server.
If you need more details like the .pcap file of this incident, please
let me know. Any help would be very much appreciated.
Regards,
Klaas Jan Wierenga
----------------%< configuration details below
director # uname -a
Linux audioserver.nl 2.6.16.19 #1 SMP Fri Jun 2 11:17:54 CEST 2006 i686
i686 i386 GNU/Linux
director # cat /etc/redhat-release
Fedora Core release 4 (Stentz)
director # cat /etc/ha.d/conf/ldirectord.cf
checktimeout=20
checkinterval=10
autoreload=yes
quiescent=yes # changed from no to yes to attempt to fix the ICMP 3,10
problem (probably doesn't work)
#don't send log output to /var/log/messages, but to own file
#logfile="info"
logfile="/var/log/ldirectord.log"
virtual=62.148.187.200:80
real=10.0.9.133:8000 gate 1 ".me.html", "I am s02"
real=10.0.9.134:8000 gate 1 ".me.html", "I am s03"
real=10.0.9.135:8000 gate 1 ".me.html", "I am s04"
service=http
checkport=8000
protocol=tcp
scheduler=sed
checktype=5 # 5x connect, then negotiate
virtual=62.148.187.200:8000
real=10.0.9.133:8000 gate 1 ".me.html", "I am s02"
real=10.0.9.134:8000 gate 1 ".me.html", "I am s03"
real=10.0.9.135:8000 gate 1 ".me.html", "I am s04"
service=http
checkport=8000
protocol=tcp
scheduler=sed
checktype=5 # 5x connect, then negotiate
director # /sbin/ipvsadm -l --timeout
Timeout (tcp tcpfin udp): 900 120 300
director # /sbin/iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:8000
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:9000
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:mysql
ACCEPT udp -- anywhere anywhere state NEW
udp dpts:datametrics:1647
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:pop3s
ACCEPT tcp -- 62-148-190-248-hosted-by.denit.net anywhere
state NEW tcp dpt:8192
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:10001
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:cfengine
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
director # /sbin/ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 62.148.187.200:8000 sed
-> s03.audioserver.nl:8000 Route 1 0 0
-> s02.audioserver.nl:8000 Route 1 0 0
-> s04.audioserver.nl:8000 Route 1 0 0
TCP 62.148.187.200:http sed
-> s04.audioserver.nl:http Route 1 7 0
-> s03.audioserver.nl:http Route 1 6 0
-> s02.audioserver.nl:http Route 1 6 0
Part of the TCP trace of the event. Search of 'ICMP' to find the ICMP packet
-----------------------------------------------------
No. Time Source Destination Protocol
Info
161756 19921.249695 83.247.51.40 62.148.187.200 HTTP
Continuation or non-HTTP traffic
Frame 161756 (282 bytes on wire, 96 bytes captured)
Ethernet II, Src: Supermic_2f:c2:35 (00:30:48:2f:c2:35), Dst:
Supermic_58:5f:57 (00:30:48:58:5f:57)
Internet Protocol, Src: 83.247.51.40 (83.247.51.40), Dst: 62.148.187.200
(62.148.187.200)
Transmission Control Protocol, Src Port: 27237 (27237), Dst Port: http
(80), Seq: 166904, Ack: 20, Len: 216
Source port: 27237 (27237)
Destination port: http (80)
Sequence number: 166904 (relative sequence number)
Next sequence number: 167120 (relative sequence number)
Acknowledgement number: 20 (relative ack number)
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 5840
Checksum: 0xee8a
Options: (12 bytes)
Hypertext Transfer Protocol
Data (30 bytes)
0000 ff f2 34 c4 e5 ad e0 0d 88 ea ea 3e 40 46 1a 8d ..4........>@F..
0010 35 3b a4 db 92 80 03 32 cb f0 ee c4 79 35 5;.....2....y5
[Short Frame: HTTP]
No. Time Source Destination Protocol
Info
161757 19921.251979 62.148.187.200 83.247.51.40 TCP
http > 27237 [ACK] Seq=20 Ack=167120 Win=20800 Len=0 TSV=2490043147
TSER=6436
Frame 161757 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0010 (ACK)
Window size: 20800 (scaled)
Checksum: 0x434a [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161758 19921.355381 83.247.51.40 62.148.187.200 HTTP
Continuation or non-HTTP traffic
Frame 161758 (353 bytes on wire, 96 bytes captured)
Ethernet II, Src: FoundryN_90:00:00 (00:04:80:90:00:00), Dst:
Supermic_2f:c2:34 (00:30:48:2f:c2:34)
Internet Protocol, Src: 83.247.51.40 (83.247.51.40), Dst: 62.148.187.200
(62.148.187.200)
Transmission Control Protocol, Src Port: 27237 (27237), Dst Port: http
(80), Seq: 167120, Ack: 20, Len: 287
Source port: 27237 (27237)
Destination port: http (80)
Sequence number: 167120 (relative sequence number)
Next sequence number: 167407 (relative sequence number)
Acknowledgement number: 20 (relative ack number)
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 5840
Checksum: 0x3a78
Options: (12 bytes)
Hypertext Transfer Protocol
Data (30 bytes)
0000 ff f2 34 c4 b8 8b ea 0f a9 62 be 1e 30 4c bc b0 ..4......b..0L..
0010 a2 ab e4 e4 92 80 01 05 64 a4 d0 e8 f4 1c ........d.....
[Short Frame: HTTP]
No. Time Source Destination Protocol
Info
161759 19921.355420 62.148.187.200 83.247.51.40 ICMP
Destination unreachable (Host administratively prohibited)[Short Frame]
Frame 161759 (381 bytes on wire, 96 bytes captured)
Ethernet II, Src: Supermic_2f:c2:34 (00:30:48:2f:c2:34), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 10 (Host administratively prohibited)
Checksum: 0x7ffd
Internet Protocol, Src: 83.247.51.40 (83.247.51.40), Dst:
62.148.187.200 (62.148.187.200)
Transmission Control Protocol, Src Port: 27237 (27237), Dst Port:
http (80), Seq: 3813810826, Ack: 1196174638
Source port: 27237 (27237)
Destination port: http (80)
Sequence number: 3813810826 (relative sequence number)
Acknowledgement number: 1196174638 (relative ack number)
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 5840
Checksum: 0x3a78
Options: (12 bytes)
Hypertext Transfer Protocol
Data (2 bytes)
0000 ff f2 ..
[Short Frame: ICMP]
No. Time Source Destination Protocol
Info
161760 19951.747486 62.148.187.200 83.247.51.40 TCP
http > 27237 [FIN, ACK] Seq=20 Ack=167120 Win=20800 Len=0 TSV=2490050771
TSER=6436
Frame 161760 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 20800 (scaled)
Checksum: 0x2581 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161761 19951.959288 62.148.187.200 83.247.51.40 TCP
[TCP Retransmission] http > 27237 [FIN, ACK] Seq=20 Ack=167120 Win=20800
Len=0 TSV=2490050824 TSER=6436
Frame 161761 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 20800 (scaled)
Checksum: 0x254c [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161762 19952.383269 62.148.187.200 83.247.51.40 TCP
[TCP Retransmission] http > 27237 [FIN, ACK] Seq=20 Ack=167120 Win=20800
Len=0 TSV=2490050930 TSER=6436
Frame 161762 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 20800 (scaled)
Checksum: 0x24e2 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161763 19953.231230 62.148.187.200 83.247.51.40 TCP
[TCP Retransmission] http > 27237 [FIN, ACK] Seq=20 Ack=167120 Win=20800
Len=0 TSV=2490051142 TSER=6436
Frame 161763 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 20800 (scaled)
Checksum: 0x240e [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161764 19954.927154 62.148.187.200 83.247.51.40 TCP
[TCP Retransmission] http > 27237 [FIN, ACK] Seq=20 Ack=167120 Win=20800
Len=0 TSV=2490051566 TSER=6436
Frame 161764 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 20800 (scaled)
Checksum: 0x2266 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161765 19958.319001 62.148.187.200 83.247.51.40 TCP
[TCP Retransmission] http > 27237 [FIN, ACK] Seq=20 Ack=167120 Win=20800
Len=0 TSV=2490052414 TSER=6436
Frame 161765 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 20800 (scaled)
Checksum: 0x1f16 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161766 19965.102693 62.148.187.200 83.247.51.40 TCP
[TCP Retransmission] http > 27237 [FIN, ACK] Seq=20 Ack=167120 Win=20800
Len=0 TSV=2490054110 TSER=6436
Frame 161766 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 20800 (scaled)
Checksum: 0x1876 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161767 19978.670081 62.148.187.200 83.247.51.40 TCP
[TCP Retransmission] http > 27237 [FIN, ACK] Seq=20 Ack=167120 Win=20800
Len=0 TSV=2490057502 TSER=6436
Frame 161767 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 20800 (scaled)
Checksum: 0x0b36 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161768 20005.804851 62.148.187.200 83.247.51.40 TCP
[TCP Retransmission] http > 27237 [FIN, ACK] Seq=20 Ack=167120 Win=20800
Len=0 TSV=2490064286 TSER=6436
Frame 161768 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27237
(27237), Seq: 20, Ack: 167120, Len: 0
Source port: http (80)
Destination port: 27237 (27237)
Sequence number: 20 (relative sequence number)
Acknowledgement number: 167120 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 20800 (scaled)
Checksum: 0xf0b5 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161769 20866.499077 83.247.51.40 62.148.187.200 TCP
27239 > http [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=100967 TSER=0
WS=0
Frame 161769 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: Supermic_2f:c2:35 (00:30:48:2f:c2:35), Dst:
Supermic_58:5f:57 (00:30:48:58:5f:57)
Internet Protocol, Src: 83.247.51.40 (83.247.51.40), Dst: 62.148.187.200
(62.148.187.200)
Transmission Control Protocol, Src Port: 27239 (27239), Dst Port: http
(80), Seq: 0, Ack: 0, Len: 0
Source port: 27239 (27239)
Destination port: http (80)
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x0002 (SYN)
Window size: 5840
Checksum: 0x4e07 [correct]
Options: (20 bytes)
No. Time Source Destination Protocol
Info
161770 20866.501269 62.148.187.200 83.247.51.40 TCP
http > 27239 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460
TSV=2490279466 TSER=100967 WS=2
Frame 161770 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27239
(27239), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 27239 (27239)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 40 bytes
Flags: 0x0012 (SYN, ACK)
Window size: 5792
Checksum: 0x1c54 [correct]
Options: (20 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161771 20866.512069 83.247.51.40 62.148.187.200 TCP
27239 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=100969 TSER=2490279466
Frame 161771 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_2f:c2:35 (00:30:48:2f:c2:35), Dst:
Supermic_58:5f:57 (00:30:48:58:5f:57)
Internet Protocol, Src: 83.247.51.40 (83.247.51.40), Dst: 62.148.187.200
(62.148.187.200)
Transmission Control Protocol, Src Port: 27239 (27239), Dst Port: http
(80), Seq: 1, Ack: 1, Len: 0
Source port: 27239 (27239)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x0010 (ACK)
Window size: 5840
Checksum: 0x4ae9 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol
Info
161772 20866.514068 83.247.51.40 62.148.187.200 HTTP
Continuation or non-HTTP traffic
Frame 161772 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: Supermic_2f:c2:35 (00:30:48:2f:c2:35), Dst:
Supermic_58:5f:57 (00:30:48:58:5f:57)
Internet Protocol, Src: 83.247.51.40 (83.247.51.40), Dst: 62.148.187.200
(62.148.187.200)
Transmission Control Protocol, Src Port: 27239 (27239), Dst Port: http
(80), Seq: 1, Ack: 1, Len: 8
Source port: 27239 (27239)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 9 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 5840
Checksum: 0x3ec3 [correct]
Options: (12 bytes)
Hypertext Transfer Protocol
Data (8 bytes)
0000 53 4f 55 52 43 45 20 2f SOURCE /
No. Time Source Destination Protocol
Info
161773 20866.516213 62.148.187.200 83.247.51.40 TCP
http > 27239 [ACK] Seq=1 Ack=9 Win=5792 Len=0 TSV=2490279470 TSER=100969
Frame 161773 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: Supermic_58:5f:56 (00:30:48:58:5f:56), Dst:
IETF-VRRP-virtual-router-VRID_57 (00:00:5e:00:01:57)
Internet Protocol, Src: 62.148.187.200 (62.148.187.200), Dst:
83.247.51.40 (83.247.51.40)
Transmission Control Protocol, Src Port: http (80), Dst Port: 27239
(27239), Seq: 1, Ack: 9, Len: 0
Source port: http (80)
Destination port: 27239 (27239)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 9 (relative ack number)
Header length: 32 bytes
Flags: 0x0010 (ACK)
Window size: 5792 (scaled)
Checksum: 0x5c05 [correct]
Options: (12 bytes)
SEQ/ACK analysis
----%< EOF
|
