[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Fin flag set mid-transmission

Posted on 2009-04-02
2
Medium Priority
?
535 Views
Last Modified: 2012-05-06
Problem: PC sends large job to printer via LPR.  The source of the job is a file on the PC's local drive.  Resulting printer output is only part of the expected output.  No errors apparent on either side.  Traffic is on local network within building, with only a switch in between.
Troubleshooting:  Ran Wireshark capture to see if I could determine what was happening.  The problem appears to be caused by the PC sending the job.  On both occasions when I have managed to capture this, one packet from the PC has the FIN flag set (actually, FIN, PSH  and ACK).  But, the data in the packet is from the middle of the print job.  When the printer receives the FIN, it procedes to acknowledge the end of the connection.   I have checked to make sure that the file on the local drive is the complete file.  There are no obvious transmission problems (no retransmits, no too fast retrans, no duplicate acks, etc).  The only thing that has occurred, in both cases, was a period of zerowindow traffic shortly before the FIN packet.  But, the zerowindow situation resolved normally, and the packet transmission had resumed.  I have researched to try to find why this might happen, but I'm at wit's end.  We have updated the driver on the PC's NIC.  Any advice is greatly appreciated.
0
Comment
Question by:carolcollins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Accepted Solution

by:
packetguy earned 2000 total points
ID: 24057599
I've seen this kind of FIN flagging happen when a port speed/duplex mismatch exists somewhere on the path between devices. What happens is that during the port flap (usually on the client device), the client closes down all active sessions, since the interface has gone down, albeit briefly. The outage can be so brief that users don't notice it on normal web traffic, which is mostly short bursts of TCP traffic. But long-running sessions die.

Check the interface stats and logs on the client device for dropped packets and CRC errors, as well as on the intervening switches. Ethernet autonegotiation is an unreliable process, and sometimes you have to force the speed/duplex on one side or the other of a link, or both. If you have an unmanaged switch, I'd recommend replacing it with a managed switch (Cisco Catalyst switches are very high quality and available on eBay cheap; I just bought a 3548 for $200, and there are many more at that price). A managed switch will give you much more visibility into your network, as well as improved performance.
0
 

Author Comment

by:carolcollins
ID: 24077750
I will try forcing a speed/duplex setting on the PC this week, and go from there.  Thanks for your help and suggestions!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question