Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

Dropped traffic detected by firewall


I have a CA monitoring server (on Win2003) that poll a HP-UX server on a
certain Tcp port to see if the HP-UX server is still listening on that port.

There's a firewall between the 2 servers & the firewall has been
reporting that the specific Tcp port's traffic was dropped with the
source being the Win2003 server & destination is the HP-Ux box

Though the HP-Ux box had been experiencing 100% CPU utilization
quite often, I was told a 100% CPU HP-Ux would not drop traffic.

The Win2003 CA box also monitors other servers on other ports
but firewall did not report such phenomenon.


I don't think there's any duplex/speed/auto-negotiation issue as
the outputs below show:

A check on the switch port that the Win2003 box connects to did
not reveal any abnormality (input/output errors, collisions, etc) as
"show interface" outputs issued 3 minutes apart below show:

#sh int gig 0/2
GigabitEthernet0/2 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0017.0e16.fb9a (bia 0017.0e16.fb9a)
  Description: Uplink-Downlink Win2003 box
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 16/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is RJ45
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:04, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:01:38
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 63893000 bits/sec, 13693 packets/sec
  5 minute output rate 210000 bits/sec, 69 packets/sec
     1455739 packets input, 850292957 bytes, 0 no buffer
     Received 3569 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 3170 multicast, 0 pause input
     0 input packets with dribble condition detected
     6819 packets output, 2415514 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

#sh int gig0/2
GigabitEthernet0/2 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0017.0e16.fb9a (bia 0017.0e16.fb9a)
  Description: Uplink-Downlink Win2003 box
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 17/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is RJ45
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:26, output 00:00:01, output hang never
  Last clearing of "show interface" counters 00:05:31
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 68137000 bits/sec, 14602 packets/sec
  5 minute output rate 215000 bits/sec, 69 packets/sec
     5040726 packets input, 2943850964 bytes, 0 no buffer
     Received 11982 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 10627 multicast, 0 pause input
     0 input packets with dribble condition detected
     24806 packets output, 9048669 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

===================================

A check on the switch port that the HP-Ux box connects to did
not reveal any abnormality (input/output errors, collisions, etc) too
as "show interface" outputs issued 3 minutes apart below show:


#sh int gig 0/17
GigabitEthernet0/17 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0017.0e5a.2491 (bia 0017.0e5a.2491)
  Description: HP-UX box
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:01, output hang never
  Last clearing of "show interface" counters 00:02:51
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 598000 bits/sec, 268 packets/sec
  5 minute output rate 321000 bits/sec, 270 packets/sec
     36085 packets input, 8695934 bytes, 0 no buffer
     Received 18 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 17 multicast, 0 pause input
     0 input packets with dribble condition detected
 --More--     36726 packets output, 5742743 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out


#sh int gig 0/17
GigabitEthernet0/17 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0017.0e5a.2491 (bia 0017.0e5a.2491)
  Description: HP-UX box
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:06:07
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 511000 bits/sec, 248 packets/sec
  5 minute output rate 308000 bits/sec, 253 packets/sec
     81256 packets input, 18815380 bytes, 0 no buffer
     Received 39 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 36 multicast, 0 pause input
     0 input packets with dribble condition detected
 --More--     82681 packets output, 12864144 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out


What should I do next to diagnose this?
ASKER CERTIFIED SOLUTION
Avatar of kuoh
kuoh
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux
sunhux

ASKER


You're right, the firewall blocked the traffic as there's no rules in it that
permit the traffic to pass thru.

I think too far
Avatar of sunhux
sunhux

ASKER

ok