Solved

Fin flag set mid-transmission

Posted on 2009-04-02
2
533 Views
Last Modified: 2012-05-06
Problem: PC sends large job to printer via LPR.  The source of the job is a file on the PC's local drive.  Resulting printer output is only part of the expected output.  No errors apparent on either side.  Traffic is on local network within building, with only a switch in between.
Troubleshooting:  Ran Wireshark capture to see if I could determine what was happening.  The problem appears to be caused by the PC sending the job.  On both occasions when I have managed to capture this, one packet from the PC has the FIN flag set (actually, FIN, PSH  and ACK).  But, the data in the packet is from the middle of the print job.  When the printer receives the FIN, it procedes to acknowledge the end of the connection.   I have checked to make sure that the file on the local drive is the complete file.  There are no obvious transmission problems (no retransmits, no too fast retrans, no duplicate acks, etc).  The only thing that has occurred, in both cases, was a period of zerowindow traffic shortly before the FIN packet.  But, the zerowindow situation resolved normally, and the packet transmission had resumed.  I have researched to try to find why this might happen, but I'm at wit's end.  We have updated the driver on the PC's NIC.  Any advice is greatly appreciated.
0
Comment
Question by:carolcollins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Accepted Solution

by:
packetguy earned 500 total points
ID: 24057599
I've seen this kind of FIN flagging happen when a port speed/duplex mismatch exists somewhere on the path between devices. What happens is that during the port flap (usually on the client device), the client closes down all active sessions, since the interface has gone down, albeit briefly. The outage can be so brief that users don't notice it on normal web traffic, which is mostly short bursts of TCP traffic. But long-running sessions die.

Check the interface stats and logs on the client device for dropped packets and CRC errors, as well as on the intervening switches. Ethernet autonegotiation is an unreliable process, and sometimes you have to force the speed/duplex on one side or the other of a link, or both. If you have an unmanaged switch, I'd recommend replacing it with a managed switch (Cisco Catalyst switches are very high quality and available on eBay cheap; I just bought a 3548 for $200, and there are many more at that price). A managed switch will give you much more visibility into your network, as well as improved performance.
0
 

Author Comment

by:carolcollins
ID: 24077750
I will try forcing a speed/duplex setting on the PC this week, and go from there.  Thanks for your help and suggestions!
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question