Archive

Posts Tagged ‘troubleshooting’

Troubleshooting VMWare Networking

August 28th, 2015 No comments

To locate a VM Host on a Cisco switch, enable the sending of CDP (Cisco Discovery Protocol) packets on the VMWare host, the syntax is:

# esxcli network vswitch standard set –c both –v vSwitch# (Note: Replace # with the vSwitch number)

In ESXCLI 5.1, you can now retrieve additional network statistics at a physical NIC (vmnic), on a per VLAN (portgroup) which needs to be configured and on a per VM port (vNIC). Here is a quick diagram to help you visualize where you can retrieve network statistics: Read more…

Categories: CISCO Tags:

How to Determine which Process or Application uses a TCP Connection

May 14th, 2015 2 comments

This recipe shows how to determine which process or application uses a TCP connection which you saw listed in your netstat output.  The exampe below is for Linux.  Windows is further down in the post:

In this example, I have a small ARM Linux device being remotely managed via the “Dataplicity” service. To use the service you install a script which runs on startup. It seems that the script sets up an SSH connection from the managed ARM device to the dataplicity server, so that when you login to their Admin portal and choose the “terminal” option, you access the Linux terminal which is already setup.

The netstat output shows a session outbound from the ARM machine (10.10.0.126) to the dataplicity server (96.126.99.204) on TCP/22 (SSH):

root@raspberrypi:/# netstat -an | grep ‘:443’
tcp 0 48 10.10.0.126:46098 96.126.99.204:443 ESTABLISHED

the next step is to find which process(es) use the (source) TCP port 46098:

Read more…

AS/400 Ethernet Type May Cause Problems

March 13th, 2015 No comments

After a core network switch reload, a strange problem occured for 5250 terminal sessions to an AS/400. Sometimes they worked and sometimes not. The same behaviour was observed using ping from within the same IP subnet.

The problem appeared to be the Ethernet framing on the AS/400. The ARP replies kept changing between type SNAP and ARPA. An ARP entry on the core routers showed the mac address of the AS/400 but using Ethernet “SNAP” encapsulation, rather than “ARPA”, the latter of which is the default encapsulation type for the Cisco 6500’s which we were using. Read more…

Case Study: F5 Load Balancer and TCP Idle Timer / fastL4 Profile

March 6th, 2015 No comments

This describes a problem whereby a client connects to a server then waits for a report to complete before retrieving it.  The report took longer than 5 minutes to complete and the TCP session remained idle whilst the client waited.  After a while the TCP connection dropped.

Packet traces were taken at the client, server and intermediate points, which included an F5 load balancer which simply acted as a router. The analysis of the packet traces revealed some interesting things..

What was happening was that the TCP 3-way handshake completed to setup the TCP session.  Then the client sends an HTTP GET requestor method (of TCP segment length 734 bytes) to submit the data, which is then received by a client-side firewall.  The firewall then forwards it onwards towards the server in the direction of an F5 load balancer …

BUT: The HTTP GET doesn’t seem to arrive at the F5.  The server-side firewall however, DID receive the GET and forwards it onto the application server, which then sends back an ACK to the client – which DOES go via the F5. Huh?

It was initially thought that the The F5 therefore saw an ACK packet for a TCP segment that it hasn’t seen, so it sends a RST packet in both directions to tear down the TCP session. This is a little confusing because the TCP session goes through the F5 but the HTTP GET request seemingly bypasses the F5 but does arrive at the server. After a bit of head-scratching and furrowed brows because it made no sense.  The delay. The fact that there clearly wasn’t any asymmetry anyway because the ACK came back via the same path. So why the reset? Read more…

Categories: linux Tags: