Solved

Server 2008 R2 Wab Traffic on port 8085

Posted on 2010-08-21
3
843 Views
Last Modified: 2012-06-27
Wa have a Server 2008 R 2 64 server that is supposed to be communicating with a server in our DMZ over port 8085. The application vendor says the traffic is not getting there but I opened a TAC case and and they have verified that the traffic is getting there..The Domain,   The windows firewall is off for the domain, public and private profiles

Below is what the traffic looks like on the ASA firewall

==========================================================================: 00:09:42.981379 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: S 539555527:539555527(0) win 64240 <mss 1460,nop,nop,sackOK>
   2: 00:09:42.982126 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: S 1277964029:1277964029(0) ack 539555528 win 8192 <mss 1380,nop,nop,sackOK>
   3: 00:09:42.982310 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: . ack 1277964030 win 64240
   4: 00:09:54.951733 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: P 539555528:539555529(1) ack 1277964030 win 64240
   5: 00:09:55.151954 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555529 win 64860
   6: 00:09:57.671397 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: P 539555529:539555530(1) ack 1277964030 win 64240
   7: 00:09:57.871262 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555530 win 64859
   8: 00:09:59.761038 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: P 539555530:539555531(1) ack 1277964030 win 64240
   9: 00:09:59.964275 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555531 win 64858
  10: 00:10:01.305938 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: P 539555531:539555532(1) ack 1277964030 win 64240
  11: 00:10:01.495442 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555532 win 64857
  12: 00:10:02.076640 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: P 539555532:539555533(1) ack 1277964030 win 64240
  13: 00:10:02.283127 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555533 win 64856
  14: 00:10:03.302032 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: P 539555533:539555535(2) ack 1277964030 win 64240
  15: 00:10:03.495625 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555535 win 64854
  16: 00:14:36.419152 xxx.xxx.xxx.xxx.137 > yyy.yyy.yyy.yyy137:  udp 50
  17: 00:14:36.420067 yyy.yyy.yyy.yyy137 > xxx.xxx.xxx.xxx.137:  udp 157
  18: 00:16:04.165045 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: P 539555535:539555536(1) ack 1277964030 win 64240
  19: 00:16:04.353894 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555536 win 64853
  20: 00:16:04.354382 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: P 539555536:539555537(1) ack 1277964030 win 64240
  21: 00:16:04.557878 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555537 win 64852
  22: 00:16:04.558183 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: P 539555537:539555538(1) ack 1277964030 win 64240
  23: 00:16:04.760580 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555538 win 64851
  24: 00:16:46.580765 xxx.xxx.xxx.xxx.3801 > yyy.yyy.yyy.yyy8085: F 539555538:539555538(0) ack 1277964030 win 64240
  25: 00:16:46.581436 yyy.yyy.yyy.yyy8085 > xxx.xxx.xxx.xxx.3801: . ack 539555539 win 64851
25 packets shown
============================================================================
0
Comment
Question by:japplewhaite
3 Comments
 
LVL 6

Accepted Solution

by:
craig_j_Lawrence earned 500 total points
Comment Utility
sorry can you please explain your problem in a little more detail?? at first glance, if the traffic is travesing your ASA, the issue may be with the server in the DMZ
0
 

Author Comment

by:japplewhaite
Comment Utility
When we attempt to telnet and web into the target server from a server that is in the same subnet we don't get a response as well.
0
 
LVL 2

Expert Comment

by:jamielfurr
Comment Utility
If you set up a network monitor, you can be certain that the traffic is being received by the server in the DMZ.  Then the application vendor cannot tell you that the traffic is being received.  Other than that I'm not sure how you would be certain that the traffic is being received.    I use Wireshark, but any network monitor should work...  If you can't do this then a simple telnet connect to the server should be proof that the port is open.  A netstat -b can help you if you suspect that another program is using the port.  

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now