I have a client that sends 115bytes of data periodically and a server that responds with 1131 bytes of data. However, after while the client stop receiving data. The client is actually a mobile modem with its own software and the server is run on ubuntu 16.04 LTS.
From wireshark I see that the mobile informs server of not receiving a previous packet and so the server starts re-transmitting the previous packet. But the client does not acknowledge this re transmission.
Any idea as to what might be happening here.Wireshark snapshot
192.172.0.2 is the IP of the client (Mobile) and 172.17.1.3 is the IP of the server.
Related
I have a raspberry pi set up with Wireguard (via pivpn) inside my home network and a Windows client trying to connect to it. When I connect from the Windows machine, the logs show timeouts when attempting to handshake with the server. When running wg show wg0 on the Linux server, I see the Windows peer address is updated and the server received some data, and also tried to send data back. However, the endpoint for the Windows peer is incorrect.
Windows client log:
Handshake for peer 1 (<home_router_ip:port>) did not complete after 5 seconds, retrying (try 3)
Sending handshake initiation to peer 1 (<home_router_ip:port>)
Handshake for peer 1 (<home_router_ip:port>) did not complete after 5 seconds, retrying (try 4)
Sending handshake initiation to peer 1 (<home_router_ip:port>)
The Windows client shows
Transfer: 0 B received, 296 B sent
On the raspberry pi server, wg show reveals:
peer: <windows client pub key>
preshared key: (hidden)
endpoint: <unrecognized ip address and port>
allowed ips: 10.10.10.3/32
transfer: 3.90 KiB received, 2.43 KiB sent
Any thoughts on how to debug or what might be going on?
Details of the network setup (diagram):
The Windows client is connected to an iPhone hotspot via cellular network, thus simulating if I were to connect my Windows client to a public wifi.
My home network actually has 2 routers connected in serial. The first router connects/authenticates with the ISP. The second router connects to the first router and provides wifi in my house. The raspberry pi is connected to the second router.
Other things I tried:
I connected the Windows client to my home network (same network as my raspberry pi), and activated the VPN. I was still unable to receive packets from the server, but this time the Windows peer endpoint shown on the pi server was correct (it was the public ip of the router). I don't understand why traffic couldn't be routed in this case.
tcpdump -i wg0 on the pi server never shows anything, though wg show always seems to get updated when my Windows client connects, so I assume there's some communication that's getting through.
I am working on a product which uses ZeroMQ (version 4.0.1).
The server and client communicate based on ZeroMQ ROUTER-socket.
To read socket events, server and client also create socket-monitor sockets (PAIR). There are three ports on which server binds and listens. Out of these three ports, one port is in a non-secured mode. Other two ports are using md5-authentication.
The issue I am facing is that, both the server and the client spontaneously receive socket disconnect for one of the secure port sockets (please see a log below). I have checked multiple times that server and client both have L3 reachability to each other.
What else I should check for?
What really triggers this error scenario?
zmq_print_callback:ZmQ: int zmq::stream_engine_t::read(void*, size_t):923
Stream engine recv():
TCP socket (187) to unknown:0 was disconnected
with error 107 [Transport endpoint is not connected]
Below sequence of events can trigger this error on server
Server receives ACCEPTED event for clientY and gets FD1.
Link-flap/network issue happens and clientY disconnects but server does not receive this disconnect.
Network recovers and clientY connects back to server.
Server receives ACCEPTED event for clientY and gets FD2. However, packets sent to this sockets does not go out of the server.
After 1 min or so, clientY receives "Transport endpoint is not connected error" for FD1.
Application can use this to treat as client disconnect.
Golang application with a client and server.
Server uses net.ListenUDP -- client also uses net.ListenUDP, connects to server and sends a packet with conn.WriteToUDP with the server address.
Server receives the packet with ReadFromUDP and grabs the return address. Using this return address, it then sends a large number of packets back to the client.
When running both client and server on local machine, this works perfectly. Using Wireshark I can inspect the UDP packets and see that they contain the source and destination ports - and in the application I can see that they arrive and my various checksum tests show the data is accurate.
I then moved the server off site to a remote machine. The application stops working. I can successfully send the first message from the client to server - this is received just fine. The server sends the response back 'toward' the client - but the client never receives them.
Using Wireshark, I can see that the packets do arrive back on the local machine with the correct IP address. It appears that my network router has performed NAT on the outgoing packets - and has correctly re-addressed response packets to the internal IP.. BUT there is no port.
So I have UDP packets arriving on the correct machine, but no port - so the client application does not receive them. Application times out on ReadFromUDP.
I don't know if it is relevant, but on local machine, Wireshark labels the packets as BT-uTP Utorrent packets. When they come in from remote server, this is what I see in Wireshark - note the lack of Port.
Any thoughts how I can solve this. I didn't think this was a UDP hole punching problem because although I am establishing a connection across a NAT it is with a server not a peer.
This packet is fragmented, You can see this under Internet Protocol Version 4 > Flags.
If you look at the frame as shown on the bottom of the picture you provided you should see the ports.
net.ListenUDP doesn't appear to support fragmentation at the socket level.
Do you have a PPPoe connection? You may need to reduce your packet size being sent by 8 bytes or change the MTU on the routers external interface of the remote side. You may also need to change the local routers MTU if it's on a PPPoe interface.
There is delay seen on server machine while sending [SYN,ACK] packet to Client machine for the first connection attempt from client. These are some observations analyzed with sniffer tool wireshark:-
Due to this delay:-
Client application is sending the [TCP Retransmission] packet to server.
Later, connection timeout expires(3 seconds) on client side and it tries second connection attempt with server.
Surprisingly, server immediately sends [SYN,ACK] packet for second connection attempt to client back.
After sending [SYN,ACK] packet for second attempt, server responds back with [SYN,ACK] packet for the first attempt.
For better understanding, client application sends the connection request certain set server ports all together. Server sends [SYN,ACK] packet from the listening port which is one of these ports.
I will be pleased if somebody explains :-
Why there is delay in [SYN,ACK] packet from server machine?
Why server able to respond back immediately with [SYN,ACK] packet for second attempt but responded for first connection attempt after sending [SYN,ACK] for first attempt.
Who takes care of responding back [SYN,ACK] packet to client machine? Is it server application or any other operating system service?
The screenshot of wireshark is attached here. The above mentioned observation is on the basis of frame#20145 to Frame#20428
I'm working on 2.6.15 kernel running on a cisco IPTV. When the box is coming up, the DHCP client hangs up. The reason for this is that the DHCP client does not get fetch the broadcasted DHCP offer message.
When I read /proc/net/dev file, it shows that ethernet device (eth0) has not received any packet. I then ran tcpdump on the box and it also shows that no packet is been received on the ethernet interface.
Then I ran wireshark on the test PC (on which DHCP server is running), it shows that a DHCP offer message is broadcasted by the DHCP server.
This DHCP client and server are working fine with other boxes so there are less chances that these programs have any issues. There must be an issue in the ethernet drivers.
I'm really confused. How should I proceed to this problem. Please help me.
Maybe you can start by checking whether the DHCP client is sending out a discovery.
The DHCP handshake goes like this:
client discovery,
server offer,
client request,
server ack
(Wikipedia has the steps of DHCP)
The next thing you can check any DHCP related settings on the router.
Is the DHCP client on the same subnet/vlan as the server? If not, would the router need a certain configuration to relay to/from the DHCP server subnet/vlan?