I have an apache server communicating with a server where the apache serve is ack as a proxy I am seeing reset when the two servers attempt to communicate with each other. I see the same Behavior in frame 6, 12, 17 and 23 just before the reset in each frame REQ: CPING AND A REQ: CPONG. I have no idea what that means can some help me with this pending issue 10.97.4.128 < --- > 10.97.12.142 Port 8009 port 8443 port 8080 Thanks in advanced asked 19 Jul '13, 12:35  ejohnson7 |
2 Answers:
The mentioned connection " 10.97.4.128 < --- > 10.97.12.142 Port 8009 port 8443 port 8080" is not inside the trace file. In general: What do you expect from us in terms of what exactly is your question? You already asked a very related question with RST packets and got many useful hints, so I'm kind of confused what the problem in this trace is that you have to solve. Don't get me wrong please but since this is no wireshark related question and people here are spending their spare time to look into issues you should keep that in mind and be a little more precise about your specifics. In terms of what REQ: CPING AND A REQ: CPONG are, a simple Google Search for that string provides all info you need. answered 20 Jul '13, 04:35  Landi Sorry it is labeled wrong and I should not have past this in to mislead you, but my question is do you think that the server 10.97.4.128 is resetting because it is not listing on port 8009? It occurs many all through the capture And once again sorry for the misleading question Thanks (20 Jul '13, 19:14) ejohnson7 1 The Server at 10.97.4.128 is listening on port 8009, otherwise it wouldn't set up the TCP 3-way-handshake successfully and even answer to the CPING Request. For me, the reset is the normal way to close the connection after the client successfully CPINGed the server. (21 Jul '13, 06:06) Landi Thanks Landi for the Reply (21 Jul '13, 13:08) ejohnson7 |
O.K., from your other question we know, that the IP address (10.97.54.9) is a load balancer and that there are recurrent service checks where the LB tears down the TCP connection with a RESET. Looking at your sample trace, I see repeating requests from 10.97.4.128 to 10.97.12.142. Although there is no noticeable constant interval, couldn't these connections be also probe request from the LB (or another involved system) to figure out if your Apache Jserv server is still available? Is the client IP (10.97.4.128) an IP address of the load balancer or or any other monitoring system (like Nagios)? Regards answered 22 Jul '13, 06:00  Kurt Knochner ♦ edited 22 Jul '13, 06:00 not Kurt the ip address 10.97.4.128 is the Server (22 Jul '13, 11:22) ejohnson7 i am still working with the user and will updata you thanks (22 Jul '13, 11:25) ejohnson7 Ho can it be the "server" if it initiates the TCP connection? What does the term 'server' mean in your context? Apache server? If so, what is the system with the IP address 10.97.12.142? Is it a Tomcat server on a different system? If so, the traffic is (most likely) simple 'service check traffic', as @Landi already mentioned. (22 Jul '13, 16:13) Kurt Knochner ♦ |
“socket 256 [10.97.4.128:50196 -> 10.97.12.142:8009] and read 0 lingering bytes in 0 sec. jk_ajp_common.c (1267): (nodo1) can't receive the response header message from tomcat, network problems or tomcat (10.97.12.142:8009) is down (errno=54)
additional information about the issue just posted