Hi All, I have an issue with two servers across a DMVPN. Backup software i failing. ICMP and traces all look good between them. No aysmetric routing. I ran a capture on the Core switch at one of the sites capturing traffic between the two hosts and I have attached screenshot. Anything obvious standing out as it looks like something is wrong, but not entirely sure what. Many Thanks asked 30 Oct '15, 03:25  exit12 |
One Answer:
If you look at the conversation between ports 52309 (client port) and 50008 (server port), starting from 4th packet, every time the client sent a SYN (don't worry about ECN CWR flags), it got a SYNACK packet and then TCP RST packet. What's funny is that the TCP RST packet has a strange sequence number (4274946776 or 0xfece82d8).
If there is time information, that could be helpful. answered 08 Nov '15, 06:54  pktUser1001 |
Did you examine the "Port Reuse" fact?
Yes, saw the "Port reuse" message by Wireshark. Unclear whether it's a true "Port reuse" because don't the timing information and the absolute sequence number on TCP SYN packet.
@pktUser1001: The Question was a little bit unclear. I originally meant @exit12. Apologize for that. But it is unclear to me, too. Because we can see a SYN/ACK. My expactation is to see only a SYN and a RST.
@christian_r That's fine. We are on the same page that the problem (pcap snapshot) could be a little clearer :-)
After reviewing the picture. I think Port Reuse is there, but it happens only as a follow up. @exit12: Do you have an additional Layer4 device (Loadbalancer, Firewall,...) between the server and the capture point.