Re: "tcpflags 0x18<PUSH,ACK>; tcp_do_segment" kernel messages

From: Stefan Lambrev <stefan.lambrev_at_moneybookers.com>
Date: Wed, 15 Aug 2007 18:21:01 +0300
Hello,

Eygene Ryabinkin wrote:
> Stefan, good day.
>
> Wed, Aug 15, 2007 at 05:37:26PM +0300, Stefan Lambrev wrote:
>   
>> Now I have a tcpdump.out file and all packets are logged while this problem 
>> happened.
>> Here is part of the file (I hope this is enough because the file itself is 
>> +150MB) :
>>
>>     
-cut-

> It will be good to see SMTP protocol trace.  If you have no sensitive
> data, then add '-s 1500 -X' to the tcpdump's options and show us
> the output.  If you can upload the result or raw trace for the
> abovementioned three connections, it will be good.  You can extract
> the sessions using something like (for the last session)
> 'tcpdump -s 1500 -r dump.out -w session.out host 192.168.13.7 and port 60906'
>
> Thank you.
>   
Here is the part that does not have anything sensible:

16:10:13.206555 IP mb7.intra.net.60906 > mb4.intra.net.smtp: S 
219272317:219272317(0) win 65535 <mss 1460,nop,wscale 8,sackOK,timestamp 
108147619 0>
        0x0000:  4500 003c 2747 4000 4006 0000 c0a8 0d07  E..<'G_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 0d11 d47d 0000 0000  ...........}....
        0x0020:  a002 ffff 9b8a 0000 0204 05b4 0103 0308  ................
        0x0030:  0402 080a 0672 33a3 0000 0000            .....r3.....
16:10:13.206789 IP mb4.intra.net.smtp > mb7.intra.net.60906: S 
1948405606:1948405606(0) ack 219272318 win 65535 <mss 1460,nop,wscale 
1,nop,nop,timestamp 3042169350 108147619,sackOK,eol>
        0x0000:  4500 0040 b86e 4000 4006 e6ed c0a8 0d04  E.._at_.n_at_._at_.......
        0x0010:  c0a8 0d07 0019 edea 7422 4f66 0d11 d47e  ........t"Of...~
        0x0020:  b012 ffff 4709 0000 0204 05b4 0103 0301  ....G...........
        0x0030:  0101 080a b553 d206 0672 33a3 0402 0000  .....S...r3.....
16:10:13.206824 IP mb7.intra.net.60906 > mb4.intra.net.smtp: . ack 1 win 
260 <nop,nop,timestamp 108147620 3042169350>
        0x0000:  4500 0034 2748 4000 4006 0000 c0a8 0d07  E..4'H_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 0d11 d47e 7422 4f67  ...........~t"Og
        0x0020:  8010 0104 9b82 0000 0101 080a 0672 33a4  .............r3.
        0x0030:  b553 d206                                .S..
16:10:13.208261 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 1:48(47) 
ack 1 win 33304 <nop,nop,timestamp 3042169351 108147620>
        0x0000:  4500 0063 b873 4000 4006 e6c5 c0a8 0d04  E..c.s_at_._at_.......
        0x0010:  c0a8 0d07 0019 edea 7422 4f67 0d11 d47e  ........t"Og...~
        0x0020:  8018 8218 fca6 0000 0101 080a b553 d207  .............S..
        0x0030:  0672 33a4 3232 3020 6d62 342e 6d6f 6e65  .r3.220.mb4.mone
        0x0040:  7962 6f6f 6b65 7273 2e63 6f6d 2045 534d  ybookers.com.ESM
        0x0050:  5450 206d 6169 6c2d 6578 6368 616e 6765  TP.mail-exchange
        0x0060:  720d 0a                                  r..
16:10:13.208347 IP mb7.intra.net.60906 > mb4.intra.net.smtp: P 1:21(20) 
ack 48 win 260 <nop,nop,timestamp 108147621 3042169351>
        0x0000:  4500 0048 2749 4000 4006 0000 c0a8 0d07  E..H'I_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 0d11 d47e 7422 4f96  ...........~t"O.
        0x0020:  8018 0104 9b96 0000 0101 080a 0672 33a5  .............r3.
        0x0030:  b553 d207 4845 4c4f 206d 6237 2e69 6e74  .S..HELO.mb7.int
        0x0040:  7261 2e6e 6574 0d0a                      ra.net..
16:10:13.208690 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 48:74(26) 
ack 21 win 33304 <nop,nop,timestamp 3042169352 108147621>
        0x0000:  4500 004e b877 4000 4006 e6d6 c0a8 0d04  E..N.w_at_._at_.......
        0x0010:  c0a8 0d07 0019 edea 7422 4f96 0d11 d492  ........t"O.....
        0x0020:  8018 8218 b312 0000 0101 080a b553 d208  .............S..
        0x0030:  0672 33a5 3235 3020 6d62 342e 6d6f 6e65  .r3.250.mb4.mone
        0x0040:  7962 6f6f 6b65 7273 2e63 6f6d 0d0a       ybookers.com..
16:10:13.208715 IP mb7.intra.net.60906 > mb4.intra.net.smtp: P 21:27(6) 
ack 74 win 260 <nop,nop,timestamp 108147621 3042169352>
        0x0000:  4500 003a 274a 4000 4006 0000 c0a8 0d07  E..:'J_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 0d11 d492 7422 4fb0  ............t"O.
        0x0020:  8018 0104 9b88 0000 0101 080a 0672 33a5  .............r3.
        0x0030:  b553 d208 5155 4954 0d0a                 .S..QUIT..

I'm not sure why this QUIT is here. But I noticed that the app normaly 
use "quit" (small letters)
May be the problem is in the application itself ?
Anyway here are the rest of the packets (and one of them trigger the 
error msg) :

16:10:13.208729 IP mb7.intra.net.60906 > mb4.intra.net.smtp: F 27:27(0) 
ack 74 win 260 <nop,nop,timestamp 108147621 3042169352>
        0x0000:  4500 0034 274b 4000 4006 0000 c0a8 0d07  E..4'K_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 0d11 d498 7422 4fb0  ............t"O.
        0x0020:  8011 0104 9b82 0000 0101 080a 0672 33a5  .............r3.
        0x0030:  b553 d208                                .S..
16:10:13.208835 IP mb4.intra.net.smtp > mb7.intra.net.60906: . ack 28 
win 33301 <nop,nop,timestamp 3042169352 108147621>
        0x0000:  4500 0034 b878 4000 4006 e6ef c0a8 0d04  E..4.x_at_._at_.......
        0x0010:  c0a8 0d07 0019 edea 7422 4fb0 0d11 d499  ........t"O.....
        0x0020:  8010 8215 0457 0000 0101 080a b553 d208  .....W.......S..
        0x0030:  0672 33a5                                .r3.
16:10:13.208986 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 74:89(15) 
ack 28 win 33304 <nop,nop,timestamp 3042169352 108147621>
        0x0000:  4500 0043 b879 4000 4006 e6df c0a8 0d04  E..C.y_at_._at_.......
        0x0010:  c0a8 0d07 0019 edea 7422 4fb0 0d11 d499  ........t"O.....
        0x0020:  8018 8218 5ce7 0000 0101 080a b553 d208  ....\........S..
        0x0030:  0672 33a5 3232 3120 322e 302e 3020 4279  .r3.221.2.0.0.By
        0x0040:  650d 0a                                  e..
16:10:13.209069 IP mb7.intra.net.60906 > mb4.intra.net.smtp: R 
219272345:219272345(0) win 0
        0x0000:  4500 0028 274c 4000 4006 0000 c0a8 0d07  E..('L_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 0d11 d499 0000 0000  ................
        0x0020:  5004 0000 9b76 0000 0000 0000 0000       P....v........
16:10:13.209074 IP mb4.intra.net.smtp > mb7.intra.net.60906: F 89:89(0) 
ack 28 win 33304 <nop,nop,timestamp 3042169352 108147621>
        0x0000:  4500 0034 b87a 4000 4006 e6ed c0a8 0d04  E..4.z_at_._at_.......
        0x0010:  c0a8 0d07 0019 edea 7422 4fbf 0d11 d499  ........t"O.....
        0x0020:  8011 8218 0444 0000 0101 080a b553 d208  .....D.......S..
        0x0030:  0672 33a5                                .r3.
16:10:13.209079 IP mb7.intra.net.60906 > mb4.intra.net.smtp: R 
219272345:219272345(0) win 0
        0x0000:  4500 0028 274d 4000 4006 0000 c0a8 0d07  E..('M_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 0d11 d499 0000 0000  ................
        0x0020:  5004 0000 9b76 0000 0000 0000 0000       P....v........

And here is the normal end of the task (same socket used ~9 min earlier) :

16:01:20.298645 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 
246:283(37) ack 24881 win 33304 <nop,nop,timestamp 3041636321 107614566>
        0x0000:  4500 0059 f4bc 4000 4006 aa86 c0a8 0d04  E..Y.._at_._at_.......
        0x0010:  c0a8 0d07 0019 edea a76e cce8 ebc6 8f74  .........n.....t
        0x0020:  8018 8218 3e15 0000 0101 080a b54b afe1  ....>........K..
        0x0030:  066a 1166 3235 3020 322e 302e 3020 4f6b  .j.f250.2.0.0.Ok
        0x0040:  3a20 7175 6575 6564 2061 7320 3546 4541  :.queued.as.5FEA
        0x0050:  4532 3044 3539 430d 0a                   E20D59C..
16:01:20.298900 IP mb7.intra.net.60906 > mb4.intra.net.smtp: P 
24881:24887(6) ack 283 win 260 <nop,nop,timestamp 107614592 3041636321>
        0x0000:  4500 003a d953 4000 4006 0000 c0a8 0d07  E..:.S_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 ebc6 8f74 a76e cd0d  ...........t.n..
        0x0020:  8018 0104 9b88 0000 0101 080a 066a 1180  .............j..
        0x0030:  b54b afe1 7175 6974 0d0a                 .K..quit..
16:01:20.299675 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 
283:298(15) ack 24887 win 33304 <nop,nop,timestamp 3041636322 107614592>
        0x0000:  4500 0043 f4c2 4000 4006 aa96 c0a8 0d04  E..C.._at_._at_.......
        0x0010:  c0a8 0d07 0019 edea a76e cd0d ebc6 8f7a  .........n.....z
        0x0020:  8018 8218 5702 0000 0101 080a b54b afe2  ....W........K..
        0x0030:  066a 1180 3232 3120 322e 302e 3020 4279  .j..221.2.0.0.By
        0x0040:  650d 0a                                  e..
16:01:20.299688 IP mb4.intra.net.smtp > mb7.intra.net.60906: F 
298:298(0) ack 24887 win 33304 <nop,nop,timestamp 3041636322 107614592>
        0x0000:  4500 0034 f4c3 4000 4006 aaa4 c0a8 0d04  E..4.._at_._at_.......
        0x0010:  c0a8 0d07 0019 edea a76e cd1c ebc6 8f7a  .........n.....z
        0x0020:  8011 8218 fe5e 0000 0101 080a b54b afe2  .....^.......K..
        0x0030:  066a 1180                                .j..
16:01:20.299700 IP mb7.intra.net.60906 > mb4.intra.net.smtp: . ack 299 
win 260 <nop,nop,timestamp 107614593 3041636322>
        0x0000:  4500 0034 d954 4000 4006 0000 c0a8 0d07  E..4.T_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 ebc6 8f7a a76e cd1d  ...........z.n..
        0x0020:  8010 0104 9b82 0000 0101 080a 066a 1181  .............j..
        0x0030:  b54b afe2                                .K..
16:01:20.299746 IP mb7.intra.net.60906 > mb4.intra.net.smtp: F 
24887:24887(0) ack 299 win 260 <nop,nop,timestamp 107614593 3041636322>
        0x0000:  4500 0034 d955 4000 4006 0000 c0a8 0d07  E..4.U_at_._at_.......
        0x0010:  c0a8 0d04 edea 0019 ebc6 8f7a a76e cd1d  ...........z.n..
        0x0020:  8011 0104 9b82 0000 0101 080a 066a 1181  .............j..
        0x0030:  b54b afe2                                .K..
16:01:20.299972 IP mb4.intra.net.smtp > mb7.intra.net.60906: . ack 24888 
win 33303 <nop,nop,timestamp 3041636322 107614593>
        0x0000:  4500 0034 f4c4 4000 4006 aaa3 c0a8 0d04  E..4.._at_._at_.......
        0x0010:  c0a8 0d07 0019 edea a76e cd1d ebc6 8f7b  .........n.....{
        0x0020:  8010 8217 fe5d 0000 0101 080a b54b afe2  .....].......K..
        0x0030:  066a 1181                                .j..

-- 

Best Wishes,
Stefan Lambrev
ICQ# 24134177
Received on Wed Aug 15 2007 - 13:21:03 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:16 UTC