0

I'm having periodic trouble accessing one of my DigitalOcean servers from Azure machines.

I have isolated a test that - I believe - demonstrates the issue and captured a tcpdump from the server for both the working example and the not working example. But I'm not sure how to interpret the results.

Below, you can see the test and results. I access the same port on the same server from two Azure machines, one that works (port state is "open") and one that doesn't work (port state is "filtered").

NMap test

NOT_WORKING_HOST

root@NOT_WORKING_HOST:~# nmap -p 28015 SERVER_HOST

Starting Nmap 6.40 ( http://nmap.org ) at 2015-10-27 01:26 UTC
Nmap scan report for SERVER_HOST (SERVER_IP)
Host is up (0.013s latency).
rDNS record for SERVER_IP: SERVER_HOST
PORT      STATE    SERVICE
28015/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 1.33 seconds

WORKING_HOST

root@WORKING_HOST:~# nmap -p 28015 SERVER_HOST

Starting Nmap 6.40 ( http://nmap.org ) at 2015-10-27 01:26 UTC
Nmap scan report for SERVER_HOST (SERVER_IP)
Host is up (0.021s latency).
rDNS record for SERVER_IP: SERVER_HOST
PORT      STATE SERVICE
28015/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 1.34 seconds

TCP Dump on Server

root@SERVER_HOST:~# tcpdump host WORKING_IP or NOT_WORKING_IP

NOT_WORKING

21:26:34.311497 IP NOT_WORKING_IP.1176 > SERVER_HOST.https: Flags [S], seq 3413304565, win 1024, options [mss 1440], length 0
21:26:34.311609 IP SERVER_HOST.https > NOT_WORKING_IP.1176: Flags [R.], seq 0, ack 3413304566, win 0, length 0
21:26:35.343395 IP NOT_WORKING_IP.1176 > SERVER_HOST.28015: Flags [S], seq 4045817122, win 1024, options [mss 1440], length 0
21:26:35.449202 IP NOT_WORKING_IP.1177 > SERVER_HOST.28015: Flags [S], seq 4045882659, win 1024, options [mss 1440], length 0

WORKING

21:26:40.193280 IP WORKING_IP.1120 > SERVER_HOST.https: Flags [S], seq 2982542630, win 1024, options [mss 1440], length 0
21:26:40.193365 IP SERVER_HOST.https > WORKING_IP.1120: Flags [R.], seq 0, ack 2982542631, win 0, length 0
21:26:41.211945 IP WORKING_IP.1120 > SERVER_HOST.28015: Flags [S], seq 2474523314, win 1024, options [mss 1440], length 0
21:26:41.212021 IP SERVER_HOST.28015 > WORKING_IP.1120: Flags [S.], seq 3409621485, ack 2474523315, win 29200, options [mss 1460], length 0
21:26:41.224350 IP WORKING_IP.1120 > SERVER_HOST.28015: Flags [R], seq 2474523315, win 0, length 0
21:26:41.334956 IP WORKING_IP.1121 > SERVER_HOST.28015: Flags [S], seq 2474588851, win 1024, options [mss 1440], length 0
21:26:41.335040 IP SERVER_HOST.28015 > WORKING_IP.1121: Flags [S.], seq 2978496887, ack 2474588852, win 29200, options [mss 1460], length 0
21:26:41.356445 IP WORKING_IP.1121 > SERVER_HOST.28015: Flags [R], seq 2474588852, win 0, length 0
Charles Offenbacher
  • 145
  • 6
  • I suspect that this may be the issue: http://serverfault.com/questions/235965/why-would-a-server-not-send-a-syn-ack-packet-in-response-to-a-syn-packet I'll try to report back if any of those approaches help. The Azure machines are behind a NAT which could be causing that. – Charles Offenbacher Oct 27 '15 at 02:46
  • Both have weird behaviour IMHO. Why does the SERVER_HOST send a RST every time it gets a new SYN packet from the remote servers? – Pedro Perez Oct 28 '15 at 11:04

0 Answers0