[nsp] SSH/telnet session regular disconnection

Ahmed Maged ahmed_maged at rayatelecom.net
Wed Jun 30 07:05:42 EDT 2004


I have not altered any timeouts, Have you ever encountered any similar
behavior on a Cisco PIX or any other firewall, killing a connection
after some time.

Regards,

-----Original Message-----
From: rwcrowe at comcast.net [mailto:rwcrowe at comcast.net] 
Sent: Monday, June 28, 2004 3:01 PM
To: Ahmed Maged
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] SSH/telnet session regular disconnection

Do a "show timeout" and see if the timeout settings have bee altered
from the default. I believe tcp connections have a default timeout of 1
hour, half-closed connections are 10 minutes and UDP sessions 2 minutes.

If you can have a pc thats having the issue access the server, then
issue a "show conn" and look for the flow and compare the states to the
ones listed on this page.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_r
eference_chapter09186a00801cd841.html#wp1187542

Rob


> Hi,
> 
> I have a Linux server behind in a network with more than one PIX,
> everyone connect, authenticates and logs in just fine except for a
> certain number of PCs, they get disconnected after an average of 20-30
> seconds, to eliminate that its from the Linux server itself, I ran
sshd
> in debug mode and there were nothing but a (connection reset by peer)
> 
> So I tried a telnet server instead of ssh and here is the tcpdump log
(
> notice the 3 RST negotiations at the buttom) :
> 
>  
> 
> Note : a lot of bad tcp chksums ???
> 
> 16:06:39.903151 IP (tos 0x0, ttl  64, id 31760, offset 0, flags [DF],
> length: 42) 10.0.7.61.telnet > 62.240.110.227.1495: P [bad tcp cksum
> bf2c (->2910)!] 11645:11647(2) ack 112 win 5840
> 
> 16:06:40.082529 IP (tos 0x0, ttl 127, id 19415, offset 0, flags [DF],
> length: 40) 62.240.110.227.1495 > 10.0.7.61.telnet: . [tcp sum ok]
> 112:112(0) ack 11647 win 64843
> 
> 16:06:40.082552 IP (tos 0x0, ttl  64, id 31761, offset 0, flags [DF],
> length: 285) 10.0.7.61.telnet > 62.240.110.227.1495: P
11647:11892(245)
> ack 112 win 5840
> 
> 16:06:40.091216 IP (tos 0x0, ttl 127, id 19416, offset 0, flags [DF],
> length: 42) 62.240.110.227.1495 > 10.0.7.61.telnet: P [tcp sum ok]
> 112:114(2) ack 11892 win 64598
> 
> 16:06:40.091408 IP (tos 0x0, ttl  64, id 31762, offset 0, flags [DF],
> length: 42) 10.0.7.61.telnet > 62.240.110.227.1495: P [bad tcp cksum
> bf2c (->2817)!] 11892:11894(2) ack 114 win 5840
> 
> 16:06:40.137607 IP (tos 0x0, ttl 255, id 47678, offset 0, flags
[none],
> length: 40) 62.240.110.227.1495 > 10.0.7.61.telnet: R [tcp sum ok]
> 4294967105:4294967105(0) ack 3594460359 win 0
> 
> 16:06:40.420123 IP (tos 0x0, ttl  64, id 31763, offset 0, flags [DF],
> length: 42) 10.0.7.61.telnet > 62.240.110.227.1495: P [bad tcp cksum
> bf2c (->2817)!] 11892:11894(2) ack 114 win 5840
> 
> 16:06:40.420231 IP (tos 0x0, ttl  64, id 31763, offset 0, flags [DF],
> length: 42) 62.240.110.227.1495 > 10.0.7.61.telnet: R [tcp sum ok]
> 114:116(2) ack 11892 win 5840 [RST \015\012]
> 
>  
> 
>  
> 
> My question is :
> 
> In general networking essence, what would make an ssh/telnet server
> session just get reset, could it be a Cisco PIX behavior, I didn't
play
> with the PIX timeouts, how do I troubleshoot this further?
> 
> Thanks in advance
> 
> Good day
> 
>  
> 
>  
> 
>  
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list