Re: Receiving packet for port 1025 unexpectedly causes RST of conn

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


Paul,

The packet for port 1025 is coming from the CE device, not the PC; then the
PC sends the RST.
The results of my testing has shown that this event does not happen if I
wait ~20 seconds after the CE code comes up after a warm boot, and it is
intermittent before 20 seconds. Of course this doesn't happen at all while
running the debugger, only a release build, so I can't get any debug messages
from CE.
Observing messages in the debugger shows no activity a few seconds after the
device is up and running. In other words, i don't see any activity 10, 15
seconds after the system is up.

-ed

"Paul G. Tobey [eMVP]" wrote:

There's nothing unusual about that packet and I see no connection between
that and the RST *by the PC*, I presume, of the other connection. Maybe
there's a bug in the PC code that causes it to send a packet to 1025 just
before dumping the connection to 1030, but I don't see any evidence that CE
is the problem there. You could debug the PC program and make sure that all
data sent by the CE device is being received and there isn't a window size
problem or something of that sort, but I do this kind of thing all the time
on CE and it's quite reliable as far as maintaining network connections when
lots of stuff is going on on other ports.

Paul T.

"photon209" <photon209@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:73A9B4E1-16DF-46D4-9A23-3E63E593096D@xxxxxxxxxxxxxxxx

"Paul G. Tobey [eMVP]" wrote:

Draw us up a little diagram of what's going on.

okey dokey. deep breath....

We've added an Alchemy-based CE device to our product to add USB
functionality. We also use the CE device to forward packets received on
TCP
port 1030 for our proprietary protocol. We also forward port 23 for
telnet.
So the CE device has two Ethernet ports - one connected to the outside
world, and one connected to our hardware. The CE is built as a gateway.
When I see this TCP packet for port 1025, we are activly transferring data
to our device - received by CE, forwarded to the internal port. A
response
is sent from our product, and forwarded by CE to the outside world, all on
port 1030 using TCP. Most of the time this works just fine. We don't use
port 1025 for anything, and during a good session, I never see anything
for
that port, so it appears the port 1025 message precipitates the RST
packet,
as the RST immediatly follows. Since CE is not configured to forward
anything from port 1025, and our product does not send anything on port
1025,
I am assuming that message originates from CE.

Here's a .bmp to a capture in Ethereal (which has a bug exporting, grr):
http://img258.imageshack.us/img258/3875/port1025wr3.png
(The packet highlighted is the 1025 packet)

The PC is running NT, no firewall, on a crossover cable and an assigned
IP,
no DHCP. We have developed our own application running on the PC to
communicate over port 1030.

-ed

You didn't mention, for
example, whether the CE device is expecting something on that port,
whether
it's a TCP or a UDP port, etc. Is there a firewall running on the PC?
Who
is listening for this data, if anyone? What sort of a packet is it? A
SYN
packet? Data? Ack?

Paul T.

"photon209" <photon209@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CE89B506-196F-4A1B-86C5-36C4DFFB2DAB@xxxxxxxxxxxxxxxx
Hi,

I've captured packets between my PC and my CE device (on a crossover,
so
no
other traffic) and my connection drops (the PC generates a RST packet)
when
the CE device sends a TCP packet for port 1025 (for the correct IP).
Most of the time everything works just dandy, except occasionally this
1025
packet kills the connection. Can anyone tell me where this comes from?
Is
this something I can control or turn off in CE?

-ed








.

Relevant Pages

  • Re: IPFW Dynamic Rules
    ... > So if the dynamic rule has the same behaviour as the origination ... > rule on the same port with the same protocol, ... If client sends UDP query to DNS on your machine, you get the packet: ... is deleted after connection is inactive for some time. ...
    (FreeBSD-Security)
  • Re: port numbers need
    ... I put a packet sniffer on my machine, connected to WU and my source port ... connection I had changed from one IP address to another one in a completely ... the connection, scanning, and downloading that takes place in the ...
    (microsoft.public.win2000.security)
  • Re: Firewalls in FreeBSD?
    ... ONLY allow data back on these ports IF the windows box has established the connection out first then deny everything else. ... ${fwcmd} add allow tcp from any to any out via x10 setup keep-state ... NAT gateway translates packet (where "natgw" is ... NAT gateway drops packet destined to WAN IP port abc, ...
    (freebsd-questions)
  • Re: Dropping SSH connections over the internet
    ... Packet corruption will not cause this. ... then the connection will drop. ... the incoming connection port gets mapped to another port on the outbound ... The router has to maintain a list of used ports as each connection gets ...
    (Ubuntu)
  • PATCH: Remove file riowinif.h from rio driver (unused file)
    ... -/* The RUP (Remote Unit Port) structure relates to the Remote Terminal Adapters ... - CONFIG is sent from the driver to configure an already opened port. ... - Packet structure is same as OPEN. ... - of the specified port's RTA address space. ...
    (Linux-Kernel)