Solved

after tcp handshake done, no packets can be receieved on each other side,why??

Posted on 2013-01-17
10
634 Views
Last Modified: 2013-02-28
Dear Experts,
Now, i have experienced one issue of smtp sending mail via outlook express.
The email server is linux, and resides behind firewall, the outlook express client also lives behind a firewall.
I caught the packets both on client and server side.
It shows that after tcp handshaking, none of tcp packets can be received from each other any more. It is very strange. Client is sending tcp ack, server side is resending syn/ack again and again.
Can you give me an idea how to figure it out?
I paste the packet trace here for your information.
Please unzip it and change the .doc to .pcap and open it with wireshark.
Thanks!
smtp-doc2pcap.zip
0
Comment
Question by:matiascx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 38787515
I'm going to guess that your email server has iptables running. Try disabling iptables temporarily and see if the packets make it through after that.

iptables is notorious for causing bizarre TCP behavior if it's not configured properly.
0
 

Author Comment

by:matiascx
ID: 38787553
Dear gr8gonzo,
Thanks for your quick response.
The iptables is off. I have double checked it.
What is more, the client and server can talk to each other in the packet i caught.
The strange thing is after tcp seems setup, no packets can be received on each side any more, that is the problem.
Thanks!
[root@ip-10-136-13-206 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
[root@ip-10-136-13-206 ~]# chkconfig  |grep iptables
iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@ip-10-136-13-206 ~]#
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 38787642
Have you disabled the client-side firewall?

Any hardware firewalls/routers that have security features?
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 35

Expert Comment

by:gr8gonzo
ID: 38787646
Also, are you on a home internet connection, like Verizon FIOS or Cox Cable? Sometimes home internet providers will block SMTP sending unless it goes through their own SMTP server.
0
 

Author Comment

by:matiascx
ID: 38787704
Dear gr8gonzo,
The client side should work well. Becuase when i use another email account on another server. It works well.

Please know about that.
Thanks~!

What is more, when I change another networking environment , it is the same.
I think, the problem should be on the server side which i currently do not know.

Best Regards,
Robert
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 38787946
Changing the network environment won't always fix the problem, if the new environment also has the same problem. Unless you're in an environment that you know 100% for sure does not restrict outbound SMTP...

Also, some mail accounts on other servers can work fine - it depends on the server. For example, from my home PC, I cannot connect to my own server on port 25 (because of my ISP's restriction), but I can connect to GMail's SMTP server on port 465 (secure SMTP).

Don't assume things ARE working well just because they SHOULD be working well. When things SHOULD be working well, they usually are, but sometimes the most mysterious problems are in the unexpected exceptions.
0
 

Author Comment

by:matiascx
ID: 38788000
Yes. In fact, the server is an EC2 instance. When I change to other ec2 instance in the same subnet environment. The server also works well. So it should not be issues on client side, or ISP block the smtp issue. It should be server configuration issue.
The work server is centos, while the not work server is red hat enterprise linux.

Please know that.
Thanks!
Robert
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38788026
Was the capture on the server side done directly on the server?

The server is acting as if it never received the final ACK in the 3-way handshake.

If you look the the server side capture the server:

received a SYN request
sent SYN, ACK reqeust
received ACK
resent SYN,ACK over and over.

So somehow it appears something may be blocking the final ACK in the handshake.
0
 

Author Comment

by:matiascx
ID: 38788052
Dear giltjr,
Thanks for your investigation.
Yes, that is what i am willing to figure out.
It seems server side does not receive the ack from server side packets.
From the client side, the client also does not receive the final handshake ack from server side.
It is very strange.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 38788317
The client did receive everything that the server sent.  There is no final ACK, the next packet that should flow from the server is the SMTP 220 welcome message.

There are only 3 packets that flow in a handshake.

SYN from client to server
SYN,ACK from server to client
ACK from client to server.


So if you did the capture on the server, then there is something higher up than the NIC that is dropping/blocking the incoming ACK from the client.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question