Guy Harris wrote:
> On Jun 18, 2010, at 5:53 PM, Kaushal Shriyan wrote:
>
>
>>root@host0130:~# tcpdump -r tcpdump
>>reading from file tcpdump, link-type EN10MB (Ethernet)
>>13:51:20.256698 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052530663 0,nop,wscale 7>
>>13:51:23.254569 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052530963 0,nop,wscale 7>
>>13:51:29.254568 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052531563 0,nop,wscale 7>
>>13:51:41.254565 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052532763 0,nop,wscale 7>
>>13:52:05.254567 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052535163 0,nop,wscale 7>
>
>
> Those appear to be repeated retransmissions of the same TCP segment.
>
>
>>13:52:35.633372 IP AES-Static-IP.airtel.in.www > host0130.example.com.36825: R 933727155:933727155(0) win 0
This is pretty much the behaviour we see when ICMP Frag Required packets
are being blocked. Multiple retransmits of packets followed by an RST.
I've given up trying to get the ICMP packets permitted through our
firewalls - paranoia rules. I slowly reduce the MTU at the server until
the traffic gets delivered. The first MTU to try below 1500 is 1492 -
allowing for a SNAP/LLC header to be added at an ADSL router.
--
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who
