Weird Router Packet

Jun 17, 2009

We have a license application client(IBM/LUM) that connects to a license server outside our network.

The clients works this way... it binds a random port and tries to connect to the remote IP with UDP port 1515.

Through wireshark I could see that it reaches the destionation, although the way back is unreachable.

If I add this random port to our router Port Forward rule, it works perfectly. Although this is not a solution cause the port is changing every time.

Isnt this strange? Other applications open random ports as well and comunication is two-way reachable.

If I connect directly to the internet, it works perfectly as well.

What can I try to do with our ZyWall USG300 Router to fix this situation?

View 3 Replies


ADVERTISEMENT

Packet Loss

Mar 15, 2007

I am noticing some packet loss on one of my boxes, most notably when i'm accessing the webmail (however i'm pretty sure it's not that)

Can anyone offer some tips as to how to nail this down?

View 3 Replies View Related

Packet Flooding ...

May 8, 2009

I have been faced with a packet flooding issue.

Quick scenario, I run a few public game servers, and we have had a member go insane.

This member has been using a piece of software, to do a simple DDoS attack, and when they perform this attack, it laggs everybody out, and takes down the individual game server.

While this is occurring, I have been watching with a network analyzer program, and noticed the packets go sky high (from 4.4k to 150k+).

So, I am in need of a quick, piece of software that can block flood attacks, or whatever is going on.

View 5 Replies View Related

Packet Loss

Dec 23, 2007

I have a dedicated windows 2003 server at a colocation facility that i use for game server hosting. Over the past 7 months, packet loss has become horrible with random periods of massive lag. My host says it's something on my end. I use a firewall with SPI enabled. Could that be causing it?

Strange thing is, the first few months my server was at that colo, they only had around 40 other servers on a single OC-192 pipe and i never had packet loss despite having the same SPI firewall. But now they have over 300 servers on the same OC-192 pipe. Could the packet loss be caused by my SPI firewall or them overloading the network with servers?

View 0 Replies View Related

Packet Loss On Ping

Jun 10, 2009

Basically I registered with a new host. They sent me the details with obviously includes the IP address. I tested the IP address on just-ping.com and it came back with all of them having between 80% to 100% packet loss. Surely this is not normal is it? I havent moved my domain yet but it doesnt look good does it? Should I cancel?

View 14 Replies View Related

Got A Packet Bigger Than Max_allowed_packet

Mar 2, 2008

I restored a database and got this error:

ERROR 1153 (08S01) at line 2663: Got a packet bigger than
'max_allowed_packet' bytes

why I got this error and how to fix this? vbulletin staff told me that I have to increase the 'max_allowed_packet' in my.cnf, then restart MySQL. Where can I find this file? I use Directadmin control panel for my dedicate server.

View 4 Replies View Related

GoDaddy VDS Packet Loss

Jul 11, 2008

Anyone else experiencing packet loss with a GoDaddy VDS?

I'm in the 208.109.93 subnet.

--- google.com ping statistics ---
200 packets transmitted, 53 received, 73% packet loss, time 199086ms
rtt min/avg/max/mdev = 41.970/42.813/46.022/0.994 ms

View 1 Replies View Related

3com Packet Loss

Dec 11, 2007

with two 3com 3870 switches.

Our setup looks like this

Computer A (GigE) Switch 1 (gigE) Media Converter (Fiber Run) Media Converter (gigE) Switch 2 (gigE) Computer B

We have a cross connect in our data center that uses media converters (fiber) to regular 1000FD on each end.

Each end of the 1000FD handoff is plugged into port 1 of the 3870's (switch 1 and switch 2).

Pinging from Computer A to Computer B we receive a 50% packet loss.
Pinging from Computer B to Switch 1, no packet loss.
Pinging from Computer A to Switch 2, 50% packet loss.

Looking in the interface, the port 1's on each switch auto negotiate to 1000FD, however flow control shows as off.

We asked our data center to run tests on the media converts and fiber runs and everything comes back 100% fine. Has anyone seen a weird issue like this before with 3com switches not playing nicely with media converters?

I have no clue whats going on and our data center said the fiber run/media converter is fine... [url]

View 5 Replies View Related

Sending Reset Packet

Apr 12, 2007

I having having issue with few of my servers sending Reset packet to a particular IP. I have disabled my firewall and noticed that few machines (Unix/Windows) is still sending Reset package to one IP only. Reset packet will be sent over on all ports except icmp ping.

Anybody know where to check? Or the server on the other IP is having problem which cause my servers to send the Reset packet

View 1 Replies View Related

Reduce Packet Loss

Jul 9, 2007

I have smokeping monitoring my game servers and so far in the little time that it has been running all my game servers have been encountering an average of 4 to 10% packet loss. Are there are tweaks i can run on the server computer to reduce packet loss? (registry modifications, etc.)

I downloaded a TCP tweak program called "TCP Optimizer" is it safe to run on a Windows 2003 Server OS?

The colo connection is an OC 192 and i have a 100Mbit ethernet card.

Here are my current TCP settings:

Quote:

[SYSTEMCurrentControlSetServicesTcpipParameters]
TcpWindowSize=-1
GlobalMaxTcpWindowSize=-1
EnablePMTUDiscovery=-1
EnablePMTUBHDetect=-1
SackOpts=-1
DefaultTTL=-1
TcpMaxDupAcks=-1
Tcp1323Opts=-1
DisableUserTOSSetting=-1
DefaultTOSValue=-1
[SYSTEMCurrentControlSetServicesAfdParameters]
DefaultReceiveWindow=-1
[SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
MaxConnectionsPerServer=-1
MaxConnectionsPer1_0Server=-1
[SYSTEMCurrentControlSetServicesICSharingSettingsGeneral]
InternetMTU=-1
[SOFTWAREMicrosoftWindowsCurrentVersionExplorerRemoteComputerNameSpace{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]
{D6277990-4C6A-11CF-8D87-00AA0060F5BF}=-1
[SYSTEMCurrentControlSetServicesDnscacheParameters]
MaxNegativeCacheTtl=-1
NegativeCacheTime=-1
NetFailureCacheTime=-1
NegativeSOACacheTime=-1
[SOFTWAREPoliciesMicrosoftWindowsPsched]
NonBestEffortLimit=-5
[SYSTEMCurrentControlSetServicesTcpipServiceProvider]
LocalPriority=499
HostsPriority=500
DnsPriority=2000
NetbtPriority=2001
[SystemCurrentControlSetServicesLanmanServerParameters]
SizReqBuf=-1
[SYSTEMCurrentControlSetServicesNdisWanParametersProtocols]
ProtocolMTU=-2
[SYSTEMCurrentControlSetServicesTcpipParametersInterfaces{D63AC0FA-D2C9-4D83-B057-31A353516AB3}]
MTU=-1
TcpWindowSize=-1
[SYSTEMCurrentControlSetServicesPschedParametersAdapters{D63AC0FA-D2C9-4D83-B057-31A353516AB3}]
NonBestEffortLimit=-2
[SYSTEMCurrentControlSetServicesTcpipParametersInterfaces{8190D94A-3B2D-45C4-998D-312E99D6061D}]
MTU=-1
TcpWindowSize=-1
[SYSTEMCurrentControlSetServicesPschedParametersAdapters{8190D94A-3B2D-45C4-998D-312E99D6061D}]
NonBestEffortLimit=-2

View 11 Replies View Related

Check For Incomplete Tcp Packet

Apr 25, 2007

How to check in Unix machine? My server is sending a Reset packet to the specific IP.

View 6 Replies View Related

Home Server Packet Loss

May 17, 2009

I have a home CentOS server and here is my issue

When I try to connect to it via SSH its laggy and often times out. I also notice packet loss.

My home network is 100 Mbps and the router is a crappy netgear WPN824 V3

View 8 Replies View Related

Packet Losses Affect Website How

Jan 11, 2008

How do packet losses affect running of a website, say i get packet loss for some site like around 30-40% but can still browse their websites, so how do packet losses affect working of a website ?

View 6 Replies View Related

Packet Loss When Pushing Over 30mbps

Nov 3, 2007

Recently I have been having this problem with two high traffic servers on two different network.

Both servers are Quad-Core Xeons with CentOS 4.5 x86_64 and they are on 100mbps full duplex network. Software configuration is Nginx+Apache+MYSQL control panel is Directadmin.

The servers are serving lots static files and some php scripts.

When the servers start push near or over 30mbps, there will be packet loss when I ping them. around 5% loss, push more bandwidth the more packet loss. I have checked all the log files, I don't see any unusual errors.

Server Load is fine. The NICs were on 100mbps full-duplex mode.

The datacenters claim the networks were fine and all the other servers running on the same switches were fine with no packet loss.

View 8 Replies View Related

Packet Loss On Cisco 3550

Mar 19, 2007

I'm trying to find out why a single interface is causing packet loss on my entire network.

The network consists of four 2924's trunked to a 3550. I have about 20 vlans and a single default route for all traffic my uplink.

The network is perfect until I enable a single server. After I issue a 'no shut' on the interface packet loss is anywhere from 5% to 20% for anything going through the 3550 or even pings from the 3550 to other switches or the uplink.

Here's the statistics/settings of the interface after 1 minute of activity:

Code:

interface FastEthernet0/1
description 228
switchport access vlan 58
switchport mode dynamic desirable
speed 100
duplex full
spanning-tree portfast

FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0014.f2e6.df01 (bia 0014.f2e6.df01)
Description: 228
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 6/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:01:01
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2536000 bits/sec, 924 packets/sec
5 minute output rate 341000 bits/sec, 469 packets/sec
60922 packets input, 21630544 bytes, 0 no buffer
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 2 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
31585 packets output, 2859788 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

Transmit FastEthernet0/1 Receive
3583183 Bytes 27018085 Bytes
39516 Unicast frames 76403 Unicast frames
46 Multicast frames 0 Multicast frames
0 Broadcast frames 0 Broadcast frames
0 Discarded frames 0 No dest, unicast
0 Too old frames 0 No dest, multicast
0 Deferred frames 0 No dest, broadcast
0 1 collision frames
0 2 collision frames 0 FCS errors
0 3 collision frames 0 Oversize frames
0 4 collision frames 0 Undersize frames
0 5 collision frames 0 Collision fragments
0 6 collision frames
0 7 collision frames 4355 Minimum size frames
0 8 collision frames 56237 65 to 127 byte frames
0 9 collision frames 1205 128 to 255 byte frames
0 10 collision frames 14 256 to 511 byte frames
0 11 collision frames 67 512 to 1023 byte frames
0 12 collision frames 14528 1024 to 1518 byte frames
0 13 collision frames
0 14 collision frames 0 Flooded frames
0 15 collision frames 3 Overrun frames
0 Excessive collisions 0 VLAN filtered frames
0 Late collisions 0 Source routed frames
0 Good (1 coll) frames 0 Valid oversize frames
0 Good(>1 coll) frames 0 Pause frames
0 Pause frames 0 Symbol error frames
0 VLAN discard frames 0 Invalid frames, too large
0 Excess defer frames 0 Valid frames, too large
0 Too large frames 0 Invalid frames, too small
3672 64 byte frames 0 Valid frames, too small
34066 127 byte frames
2152 255 byte frames
110 511 byte frames
38 1023 byte frames
28 1518 byte frames

CPU utilization for five seconds: 13%/3%; one minute: 12%; five minutes: 9%
77 1317620 3220725 409 9.27% 8.35% 6.20% 0 IP Input

How does 1400 packets/second (4mbits) cause my 3550 to drop packets?

View 14 Replies View Related

DDOS Packet Capture Files For Investigation

May 13, 2008

Our network have been ddosed very heavily for the last 15 days.

These attacks are relatively small 50 - 100 mbits at most but in very very high PPS rate.My firewall counts 10Billion packets in a single hour of an attack period.
We are dealing with these attacks with a combination of freebsd pf transparent bridge firewalls and mostly null routing.

I were able to capture some packets from different attacks from last week and today.

After deeply checking these attack capture files I can see that our attack comes from several thousands different spoofed Ip addresses but always the same mac address in their packet headers.So I thought if this attack is coming to us from a single machine rather than hundreds of different zombie servers.

I don't have a clue how to trace back this attack and find the real ip address behind. My upstream provider also don't have enough knowledge to help me.

So after todays attack I thought about sharing my capture files during attack and hope that someone here will help me. And show me a way to trace back these attacks.

View 13 Replies View Related

Ip_conntrack: Table Full, Dropping Packet

Mar 20, 2008

ip_conntrack: table full, dropping packet

What does that error mean? It's related to iptables right? When I do this cat /proc/sys/net/ipv4/ip_conntrack_max, I get

65536

I increased it

131072

Because someone recommended me this number because I have 4gb of RAM. But I still get the table full errors or

host kernel: printk: 500 messages suppressed

What should I do? Should I keep increasing the number? How do I know how much I can increase it by?

View 14 Replies View Related

Measuring TCP Retransmits As A Symptom Of Packet Loss

Jul 6, 2008

a tool that can measure how much packet loss we are having on a given server by looking at the packets being sent from it. I.e, something than looks at all TCP/80 connections and measures how many packets and bytes are being retransmitted vs actual packets and bytes sent.

This documents explains it:

[url]

We need this to measure network performance of different hosts where we have dedicated servers. This would be a good way of measuring performance with the actual data of our users.

Does anyone know of such tool? I.e, something that can say

2532 packets/second - 132 retransmits/second (4.8%)
25.43Mbps/sec total traffic - 24.84 Mbps/sec actual data sent - 0.59Mbps retransmits

Even better if it can then break it out on IP prefixes. like

192.0/16: 0.2% retransmits
192.1/16: 3.2% retransmits
192.2.16: 0.3% retransmits
192.3/16: 22.5% retransmits
192.4/16: 0.3% retransmits

This would be a good indicator of connectivity between the host where the tests are ran and other specific hosts.

View 2 Replies View Related

Nf_conntrack: Table Full, Dropping Packet

Mar 30, 2007

I have 2 identical boxes with FC6 and the same settings and almost the same amount of traffic.

Kernel is 2.6.20-1.2925.fc6 SMP

One is running without problem. The other become slow after few days and from errors I get this message:

nf_conntrack: table full, dropping packet

The table do not clean up automatically as reboot solve the problem. How to flush nt_conntrack table without reboot?

The limit is 65536, setting it double seems to solve the problem but I'm not sure it is the way to go.

View 2 Replies View Related

High Ping + Packet Loss At Dedicated Server

Aug 1, 2009

I am facing high ping and packet loss issues with a server hosted at hetzner.de (CentOS + WHM)

For some unknown reason pings go high and stay like this (average 1500ms) until I reboot the server.

Here is a screenshot of tracert from server to me: [url]

View 15 Replies View Related

SoftLayer Major Packet Loss Issues -- Advice Needed

Mar 8, 2008

I recently switched over to SoftLayer for dedicated hosting and the servers are great. However we've been getting hit on and off with massive (50-80%) packet loss, which has been crippling our performance and causing all sorts of problems

I put in a support ticket and they linked me to the Internet Health Report website and said it was due to one of their bandwidth providers (I think Global CrossinG) and not on their internal network and to be patient as it could take time to resolve

Are any other SoftLayer customers going through this? Is this an unusual occurrence? I feel like if it was really one of their partners that it would be affecting a lot of their customers and it would be a high priority issue right?

I'm kind of stuck on what to do; I just invested a lot of energy into moving content onto these new servers and am concerned about whether to wait it out or whether to start finding a new company. This kind of packet loss is really unacceptable...

View 14 Replies View Related

Packet Loss :: Server Kernel: Printk: 59 Messages Suppressed

Jun 10, 2008

root@server [~]# tail -f /var/log/messages
Jun 10 14:14:49 server kernel: printk: 56 messages suppressed.
Jun 10 14:14:49 server kernel: ip_conntrack: table full, dropping packet.
Jun 10 14:14:54 server kernel: printk: 59 messages suppressed.
Jun 10 14:14:54 server kernel: ip_conntrack: table full, dropping packet.
Jun 10 14:14:59 server kernel: printk: 85 messages suppressed.
Jun 10 14:14:59 server kernel: ip_conntrack: table full, dropping packet.
Jun 10 14:15:04 server kernel: printk: 90 messages suppressed.
Jun 10 14:15:04 server kernel: ip_conntrack: table full, dropping packet.
Jun 10 14:15:09 server kernel: printk: 58 messages suppressed.
Jun 10 14:15:09 server kernel: ip_conntrack: table full, dropping packet.
Jun 10 14:15:14 server kernel: printk: 70 messages suppressed.
Jun 10 14:15:14 server kernel: ip_conntrack: table full, dropping packet.
Jun 10 14:15:19 server kernel: printk: 193 messages suppressed.
Jun 10 14:15:19 server kernel: ip_conntrack: table full, dropping packet.

Anyone know what this is about?

Using Centos / Cpanel

Linux server.domain.com 2.6.9-67.0.15.ELsmp #1 SMP Thu May 8 10:52:19 EDT 2008 i686 i686 i386 GNU/Linux

root@server [~]# sysctl net.ipv4.netfilter.ip_conntrack_max
net.ipv4.netfilter.ip_conntrack_max = 65536

I ran this in the meantime.

sysctl -w net.ipv4.netfilter.ip_conntrack_max=72000

View 7 Replies View Related

Weird RSS Feed

Jun 3, 2009

I've got a vB site which has a RSS Poster Bot (fetches RSS Feeds then posts them). However, for some strange reason, it stopped working. Theres no errors in the error_log and when I do a manual run, it just times out after a minute or so.

The only thing I can think of is that one of the RSS Feeds is down or one of the sites is blocking the server IP for some reason.

View 2 Replies View Related

Weird Spamd

Apr 28, 2008

i have this really annoying issue i'm hoping you can help with.

it seems the spamd child process gets stuck and causes 100% cpu usage. but this doens't just happen randomly, its only for this single user account. e.g. take a look at top output:

4581 <username> 93 40:58.87 1.3 82624 52m 2280 R spamd child

the 93 is 93% cpu usage. 40:58 is how long the process has been running, 40 minutes and counting (i just killed it though). and all it tells me its running spamd child. it usually dies after a few hours but only after causing 200% cpu usage (100% on both cpus) and making my server load skyrocket. This happens at least twice daily at no set times.

this user isn't a spammer. no scripts, no mail queue generation, no email accounts even.

running cpanel 11, centos 4.

View 3 Replies View Related

Weird Bind

Oct 8, 2007

I have a weird problem since the movement of our ip range with one of our servers. Bind doesn`t seem to react on any changes we make.

For example, the server still resolves to the old ip adress while we changed all of those with ipswap.sh (directadmin)
The weird thing is that all zone files are 100% Correct. Ip`s are all changed and no sign of the old ip whatsoever.
Again, the nameserver still resolves to the old ip`s.

Also when i create a new domain, named.conf is changed and the zone file is created sucessfully. Still the nameserver doesn`t seem to add the domain name.

Restarting, reloading and even reinstalling named doesn`t help

View 2 Replies View Related

Weird Characters

Mar 29, 2008

I'm seeing weird characters on my support home page:

That's found right below "Home > Support"

The source code shows the following...

Quote:

<tr>
<td style="padding:0px"><p>Welcome to our Support Area.</p>

I've checked the two template files (header.tpl and homepage.tpl) but did not find such characters. Its boggling me. Not even whitespace.

View 4 Replies View Related

Weird Vsftp/ftp

Aug 4, 2007

Got a couple of questions on my Centos server.

It is my only (at present), and main production web server located in a datacentre in the Uk.

I am running Centos 4-4.2 since a hardware failure earlier this year neccesitated a stressful overnight ssh reinstall.

I have it setup pretty well now (I think!) but I cant work out how I am able to sftp into the server!

Reason being, I have installed VSFTPD (made sure there were no ftpd daemons installed or running), and when I stop this service via sshd, it does not affect the fact that I can then sftp in to the server using an ftp client such as wsftp pro...

Also, even when I change the vsftpd.conf to jail certain ftp users to a directory, it seems to have no effect and ftp works exactly as it did before without imposing the restrictions?

There is no other ftp daemon showing up in the process list.

I have tripwire installed, rootkit hunter, and cisco hardware firewall in conjunciton with ip tables.

I dont 'think' its hacked!

Also, the last time I upgraded centos was from an early v4 to 4.4.2 due to major hardware failure on the server and the fact I didnt have a mirrored OS/server backup (due to cost) *but I did of course have all my sites and databases etc)
I am rather scared to upgrade Centos kernel to the latest version in part due to horror stories I have heard from others (NOT regarding Centos specifically) from kernel upgrades going wrong or compatibility issues etc that mean that I am very very reluctant to do it on our main production server..

I am imminently buying another server to act as a failover and backup for the existing one,but is keeping my current Centos install as it is and holding out to wait for a test server the best thing to do? (are there any serious security issues in 4.4.2? bugs etc?)
Or should I have confidence and get Yum to do its business!

View 6 Replies View Related

Weird Network

Aug 9, 2007

This is a very weird network issue that we are currently facing.

There are 2 servers, 1.1.1.1 and 2.2.2.2;

I can ping both IPs from my computer at the office or from anywhere else.

BUT, I cannot ping each other. For example, I log into 1.1.1.1 and cannot ping 2.2.2.2 and vice-versa.

This is very weird and I am thinking this is not OS related and something beyond that.

I was wondering if anyone of you came across this type of issue and possible direct us in the right direction.

View 5 Replies View Related

Weird Issue

Dec 25, 2007

It seems that i am facing some weird Apache issue.

I cant access my forum.domain.com but can access forum.domain.com/admin

I didnt found anything in Apache error logs,but found this in access logs
IP HERE - - [26/Dec/2007:03:13:44 +0400] "GET / HTTP/1.0" 200 22435 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727)"

Is there anything strange in that info and what does 22435 represent?

View 2 Replies View Related

Weird Masked IP Result

May 6, 2009

On one of my Web sites I have it set to e-mail me whenever someone tries a SQL Injection attempt through the GET.

(I find some of the results interesting and/or funny.)

I also have it e-mail me the visitor's IP address and browser client.
I recently got one with a result for the IP address that certainly got my interest.

It read:
Quote:

<?php phpinfo(); echo "LOOOOL, X-FORWERD BUG"; ?>

The PHP scripting I use to get the IP address is:

Code:
$visIP = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
I guess I'm wondering how they may have done it, and if this indicates an issues where people can hack my site (for control or at least info) through this method?

View 2 Replies View Related

Weird Characters MySQL

May 5, 2009

I keep getting weird characters such as .... in MySQL.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved