[nsp] SSH/telnet session regular disconnection

Ahmed Maged ahmed_maged at rayatelecom.net
Mon Jun 28 05:15:39 EDT 2004 

Hi,

I have a Linux server behind in a network with more than one PIX,
everyone connect, authenticates and logs in just fine except for a
certain number of PCs, they get disconnected after an average of 20-30
seconds, to eliminate that its from the Linux server itself, I ran sshd
in debug mode and there were nothing but a (connection reset by peer)

So I tried a telnet server instead of ssh and here is the tcpdump log (
notice the 3 RST negotiations at the buttom) :

 

Note : a lot of bad tcp chksums ???

16:06:39.903151 IP (tos 0x0, ttl  64, id 31760, offset 0, flags [DF],
length: 42) 10.0.7.61.telnet > 62.240.110.227.1495: P [bad tcp cksum
bf2c (->2910)!] 11645:11647(2) ack 112 win 5840

16:06:40.082529 IP (tos 0x0, ttl 127, id 19415, offset 0, flags [DF],
length: 40) 62.240.110.227.1495 > 10.0.7.61.telnet: . [tcp sum ok]
112:112(0) ack 11647 win 64843

16:06:40.082552 IP (tos 0x0, ttl  64, id 31761, offset 0, flags [DF],
length: 285) 10.0.7.61.telnet > 62.240.110.227.1495: P 11647:11892(245)
ack 112 win 5840

16:06:40.091216 IP (tos 0x0, ttl 127, id 19416, offset 0, flags [DF],
length: 42) 62.240.110.227.1495 > 10.0.7.61.telnet: P [tcp sum ok]
112:114(2) ack 11892 win 64598

16:06:40.091408 IP (tos 0x0, ttl  64, id 31762, offset 0, flags [DF],
length: 42) 10.0.7.61.telnet > 62.240.110.227.1495: P [bad tcp cksum
bf2c (->2817)!] 11892:11894(2) ack 114 win 5840

16:06:40.137607 IP (tos 0x0, ttl 255, id 47678, offset 0, flags [none],
length: 40) 62.240.110.227.1495 > 10.0.7.61.telnet: R [tcp sum ok]
4294967105:4294967105(0) ack 3594460359 win 0

16:06:40.420123 IP (tos 0x0, ttl  64, id 31763, offset 0, flags [DF],
length: 42) 10.0.7.61.telnet > 62.240.110.227.1495: P [bad tcp cksum
bf2c (->2817)!] 11892:11894(2) ack 114 win 5840

16:06:40.420231 IP (tos 0x0, ttl  64, id 31763, offset 0, flags [DF],
length: 42) 62.240.110.227.1495 > 10.0.7.61.telnet: R [tcp sum ok]
114:116(2) ack 11892 win 5840 [RST \015\012]

 

 

My question is :

In general networking essence, what would make an ssh/telnet server
session just get reset, could it be a Cisco PIX behavior, I didn't play
with the PIX timeouts, how do I troubleshoot this further?

Thanks in advance

Good day

More information about the cisco-nsp mailing list