Re: No Netflix, lost connection after CONNECT
On Fri, Jun 03, 2011 at 03:33:33PM -0400, Charles Marcus wrote: > On 2011-06-03 1:47 PM, Justin Tocci wrote: > > If anyone knows of a decent firewall in the $300 or less range let me know. > > Far be it from me to challenge Victor on a recommendation like this, but > if money is tight, for home/small business networks, I have only good > things to say about this combination: > > BUFFALO WZR-HP-G300NH (1-WAN, 4-LAN, all Gigabit ports) (@ $70) > http://www.newegg.com/Product/Product.aspx?Item=N82E16833162031 > + > Fully supports DD-WRT or OpenWRT firmware(which I prefer to the > stock/DD-WRT) > > with either DD-WRT or OpenWRT it gives you powerful > firewall/routing/VPN/wireless capabilities on a low power inexpensive > SOHO box. You may be right. I was not thinking of devices with an open-source IP/firewall stack. If the hardware is OK and is fully supported by the software, the OP may get a decent, relatively cheap combination. -- Viktor.
Re: No Netflix, lost connection after CONNECT
On 2011-06-03 1:47 PM, Justin Tocci wrote: > If anyone knows of a decent firewall in the $300 or less range let me know. Far be it from me to challenge Victor on a recommendation like this, but if money is tight, for home/small business networks, I have only good things to say about this combination: BUFFALO WZR-HP-G300NH (1-WAN, 4-LAN, all Gigabit ports) (@ $70) http://www.newegg.com/Product/Product.aspx?Item=N82E16833162031 + Fully supports DD-WRT or OpenWRT firmware(which I prefer to the stock/DD-WRT) with either DD-WRT or OpenWRT it gives you powerful firewall/routing/VPN/wireless capabilities on a low power inexpensive SOHO box. -- Best regards, Charles
Re: No Netflix, lost connection after CONNECT
On Fri, Jun 03, 2011 at 12:47:31PM -0500, Justin Tocci wrote: > If anyone knows of a decent firewall in the $300 or less range let me know. Under $300, you generally get what you pay for. Quality firewalls tend to be $400+, a good place to start is perhaps: http://www.google.com/products/catalog?q=netscreen+SRX100+price&tbm=shop&cid=5776994578843374603 This is a personal opinion, not my employer's. I am suggesting the low-end of an enterprise product, since the software tends to be more robust than the high end of consumer products. -- Viktor.
Re: No Netflix, lost connection after CONNECT
I am on Mac OS X Server so the command to turn off window scaling is sysctl -w net.inet.tcp.rfc1323=0. I did that and it worked! Thank you Victor for the suggestion and your patience. And thank you very much Wietse for pointing out that I had not done it! I thought I had done that but it turns out I had set the window scaling factor (net.inet.tcp.win_scale_factor=8) and when it didn't work I dismissed it as an issue. I apologize for not posting the full binary file off-list. I didn't understand the request at the time. I am going to figure out how you read that TCP window scaling was turned on from my output and move on. As Wietse pointed out this may be a firewall issue. I have been shopping for a better router. I have a couple customers a month ask me and all I can tell them is not to buy the one's I've used. This Netgear FVS318g has been a real pain when it comes to using VPN through it. There are no options for letting most VPN protocols through with rules so I was happy to go to DMZ for now since it let me get more of my VPN stuff working. If anyone knows of a decent firewall in the $300 or less range let me know. Regards, Justin T
Re: No Netflix, lost connection after CONNECT
Justin Tocci: > On Jun 2, 2011, at 7:44 PM, Wietse Venema wrote: > > > Justin Tocci: > >> I did find out how to dump fancier output which I think someone wanted. > >> > >> tcpdump -AXXr /opt/mail/dump10.txt > >> > >> 17:08:23.323379 IP server.workflowproducts.com.smtp > > >> mx-ecom.netflix.com.29698: Flags [.], seq 1:47, ack 1, win 65535, length 46 > > > > Where is the SYN handshake with the TCP-level options? > > > > Wietse > > > I didn't want to flood the list with output so I only printed what I thoug >-ht was a complete connection. I am guessing you mean I didn't show enough of >- the connection. Here is everything I got in that capture: > > root@server:~ > $ tcpdump -Avvr /opt/mail/dump12.txt > reading from file /opt/mail/dump12.txt, link-type EN10MB (Ethernet) > 19:27:28.397765 IP (tos 0x0, ttl 46, id 18783, offset 0, flags [DF], proto > TCP (6), length 52) > mx-ecom.netflix.com.61142 > server.workflowproducts.com.smtp: Flags [S], > cksum 0x8338 (correct), seq 1953720321, win 5840, options [mss > 1380,nop,nop,sackOK,nop,wscale 7], length 0 > e.@p.kl...,.tsh..8.d > 19:27:28.397838 IP (tos 0x0, ttl 64, id 3095, offset 0, flags [DF], proto TCP > (6), length 52, bad cksum 0 (->24b9)!) > server.workflowproducts.com.smtp > mx-ecom.netflix.com.61142: Flags [S.], > cksum 0x0a1b (incorrect -> 0xc31e), seq 1089115808, ack 1953720322, win > 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0 As you can see, both the sending host and the receiving host are willing to use TCP Window scaling. This feature is often mis-implemented by crappy firewalls and routers. Turn it off, as repeatedly asked by Victor. Wietse
Re: No Netflix, lost connection after CONNECT
On Thu, Jun 02, 2011 at 08:06:13PM -0500, Justin Tocci wrote: > Apparently I cut my the last post too short to be useful. I am getting better > at tcpdump. Here is everything I captured the last time I tried: You still have not disabled TCP window scaling. On Linux systems: sysctl -w net.ipv4.tcp_window_scaling=0 Window scaling confuses many routers. Also "DMZ" does not mean that your router is not in the way, it just changes the details of the topology. > Capture command: > tcpdump -s 0 -w /opt/mail/dump11.txt net 208.75.76.252/32 > > root@server:~ > $ tcpdump -AKvvr /opt/mail/dump12.txt This is not "txt" file, it is a binary capture file. You need to make this file available, typically by posting the URL of a "paste-bin" copy. Not interested in your decoding of the file, need the raw data. Make sure it contains at least one complete session (from 3-way SYN to 3-way FIN or RST). Ideally, having found such a session extract a pure tcpdump capture of just that session: tcpdump -s 0 -r /file1 -w /file2 tcp port 56789 (replace 56789 by the client port used in the session). Then make "file2" available after inspecting it with "tcpdump -r" to make sure it still contains a complete session. -- Viktor.
Re: No Netflix, lost connection after CONNECT
Apparently I cut my the last post too short to be useful. I am getting better
at tcpdump. Here is everything I captured the last time I tried:
Capture command:
tcpdump -s 0 -w /opt/mail/dump11.txt net 208.75.76.252/32
root@server:~
$ tcpdump -AKvvr /opt/mail/dump12.txt
reading from file /opt/mail/dump12.txt, link-type EN10MB (Ethernet)
19:27:28.397765 IP (tos 0x0, ttl 46, id 18783, offset 0, flags [DF], proto TCP
(6), length 52)
mx-ecom.netflix.com.61142 > server.workflowproducts.com.smtp: Flags [S],
seq 1953720321, win 5840, options [mss 1380,nop,nop,sackOK,nop,wscale 7],
length 0
e.@p.kl...,.tsh..8.d
19:27:28.397838 IP (tos 0x0, ttl 64, id 3095, offset 0, flags [DF], proto TCP
(6), length 52)
server.workflowproducts.com.smtp > mx-ecom.netflix.com.61142: Flags [S.],
seq 1089115808, ack 1953720322, win 65535, options [mss 1460,nop,wscale
6,sackOK,eol], length 0
E..4..@.@.,..kl.@...tsh.
...
19:27:28.483630 IP (tos 0x0, ttl 46, id 18784, offset 0, flags [DF], proto TCP
(6), length 40)
mx-ecom.netflix.com.61142 > server.workflowproducts.com.smtp: Flags [.],
seq 1, ack 1, win 46, length 0
E..(I`@{.KL...,.tsh.@...P...^.
19:27:28.483709 IP (tos 0x0, ttl 64, id 22785, offset 0, flags [DF], proto TCP
(6), length 40)
server.workflowproducts.com.smtp > mx-ecom.netflix.com.61142: Flags [.],
seq 1, ack 1, win 58240, length 0
E..(Y.@.@.,..kl.@...tsh.P...
...
19:27:28.558695 IP (tos 0x0, ttl 64, id 32537, offset 0, flags [DF], proto TCP
(6), length 86)
server.workflowproducts.com.smtp > mx-ecom.netflix.com.61142: Flags [.],
seq 1:47, ack 1, win 58240, length 46
E..V..@.@.,..kl.@...tsh.P...
=..220 server.workflowproducts.com ESMTP Postfix
19:27:28.644317 IP (tos 0x0, ttl 46, id 18785, offset 0, flags [DF], proto TCP
(6), length 40)
mx-ecom.netflix.com.61142 > server.workflowproducts.com.smtp: Flags [.],
seq 1, ack 47, win 46, length 0
E..(i...@z.kl...,.tsh.@...P..l8.
19:27:28.644376 IP (tos 0x0, ttl 64, id 20283, offset 0, flags [DF], proto TCP
(6), length 41)
server.workflowproducts.com.smtp > mx-ecom.netflix.com.61142: Flags [P.],
seq 47:48, ack 1, win 58240, length 1
E..)O;@.@.,..kl.@...tsh.P...
...
19:27:28.730064 IP (tos 0x0, ttl 46, id 18786, offset 0, flags [DF], proto TCP
(6), length 40)
mx-ecom.netflix.com.61142 > server.workflowproducts.com.smtp: Flags [.],
seq 1, ack 48, win 46, length 0
E..(i...@y.kl...,.tsh.@...P..s..
19:27:59.156177 IP (tos 0x0, ttl 46, id 18787, offset 0, flags [DF], proto TCP
(6), length 40)
mx-ecom.netflix.com.61142 > server.workflowproducts.com.smtp: Flags [F.],
seq 1, ack 48, win 46, length 0
E..(i...@x.kl...,.tsh.@...P.G..Y
19:27:59.156254 IP (tos 0x0, ttl 64, id 39873, offset 0, flags [DF], proto TCP
(6), length 40)
server.workflowproducts.com.smtp > mx-ecom.netflix.com.61142: Flags [.],
seq 48, ack 2, win 58240, length 0
E..(..@.@.,..kl.@...tsh.P...
...
19:27:59.156688 IP (tos 0x0, ttl 46, id 8554, offset 0, flags [DF], proto TCP
(6), length 52)
mx-ecom.netflix.com.63556 > server.workflowproducts.com.smtp: Flags [S],
seq 1780206462, win 5840, options [mss 1380,nop,nop,sackOK,nop,wscale 7],
length 0
E..4!j@...!f.KL...,..D..j..~ ..d
19:27:59.156758 IP (tos 0x0, ttl 64, id 58828, offset 0, flags [DF], proto TCP
(6), length 52)
server.workflowproducts.com.smtp > mx-ecom.netflix.com.63556: Flags [S.],
seq 2026914080, ack 1780206463, win 65535, options [mss 1460,nop,wscale
6,sackOK,eol], length 0
E..4..@.@.,..KLDx.A j...
...
19:27:59.157941 IP (tos 0x0, ttl 64, id 50338, offset 0, flags [DF], proto TCP
(6), length 40)
server.workflowproducts.com.smtp > mx-ecom.netflix.com.61142: Flags [F.],
seq 48, ack 2, win 58240, length 0
E..(..@.@.,..kl.@...tsh.P...
...
19:27:59.246520 IP (tos 0x0, ttl 46, id 0, offset 0, flags [DF], proto TCP (6),
length 40)
mx-ecom.netflix.com.61142 > server.workflowproducts.com.smtp: Flags [.],
seq 2, ack 49, win 46, length 0
E..(..@...B..KL...,.tsh.@...P. ...
19:27:59.246815 IP (tos 0x0, ttl 46, id 8555, offset 0, flags [DF], proto TCP
(6), length 40)
mx-ecom.netflix.com.63556 > server.workflowproducts.com.smtp: Flags [.],
seq 1, ack 1, win 46, length 0
E..(!k@...!q.KL...,..D..j...x.A!P.
19:27:59.246853 IP (tos 0x0, ttl 64, id 33230, offset 0, flags [DF], proto TCP
(6), length 40)
server.workflowproducts.com.smtp > mx-ecom.netflix.com.63556: Flags [.],
seq 1, ack 1, win 58240, length 0
E..(..@.@.,..KLDx.A!j...P...
...
19:27:59.250271 IP (tos 0x0, ttl 64, id 39391, offset 0, flags [DF], proto TCP
(6), length 86)
server.workflowproducts.com.smtp > mx-ecom.netflix.com.63556: Flags [.],
seq 1:47, ack 1, win 58240, length 46
E..V..@.@.,..KLDx.A!j...P...
=..220 server.workflowproducts.com ESMTP Postfix
19:27:59.33845
Re: No Netflix, lost connection after CONNECT
Justin Tocci: > I did find out how to dump fancier output which I think someone wanted. > > tcpdump -AXXr /opt/mail/dump10.txt > > 17:08:23.323379 IP server.workflowproducts.com.smtp > > mx-ecom.netflix.com.29698: Flags [.], seq 1:47, ack 1, win 65535, length 46 Where is the SYN handshake with the TCP-level options? Wietse
RE: No Netflix, lost connection after CONNECT
I did find out how to dump fancier output which I think someone wanted. tcpdump -AXXr /opt/mail/dump10.txt 17:08:23.323379 IP server.workflowproducts.com.smtp > mx-ecom.netflix.com.29698: Flags [.], seq 1:47, ack 1, win 65535, length 46 0x: e091 f53f 1307 d49a 20fd a988 0800 4500 ...?..E. 0x0010: 0056 79e8 4000 4006 c0a8 2c04 d04b .Vy.@.@.,..K 0x0020: 4cfc 0019 7402 284e 5605 3da6 d8f4 5010 L...t.(NV.=...P. 0x0030: 0a3d 3232 3020 7365 7276 6572 ...=..220.server 0x0040: 2e77 6f72 6b66 6c6f 7770 726f 6475 6374 .workflowproduct 0x0050: 732e 636f 6d20 4553 4d54 5020 506f 7374 s.com.ESMTP.Post 0x0060: 6669 780dfix. 17:08:23.431572 IP mx-ecom.netflix.com.29698 > server.workflowproducts.com.smtp: Flags [.], ack 47, win 46, length 0 0x: d49a 20fd a988 e091 f53f 1307 0800 4500 .?E. 0x0010: 0028 8f46 4000 2e06 b395 d04b 4cfc c0a8 .(.f...@..kl... 0x0020: 2c04 7402 0019 3da6 d8f4 284e 5633 5010 ,.t...=...(NV3P. 0x0030: 002e 9c7a ae55 6786...z.Ug. 17:08:23.431592 IP server.workflowproducts.com.smtp > mx-ecom.netflix.com.29698: Flags [P.], seq 47:48, ack 1, win 65535, length 1 0x: e091 f53f 1307 d49a 20fd a988 0800 4500 ...?..E. 0x0010: 0029 ce81 4000 4006 c0a8 2c04 d04b .)..@.@.,..K 0x0020: 4cfc 0019 7402 284e 5633 3da6 d8f4 5018 L...t.(NV3=...P. 0x0030: 0a10 0a... 17:08:23.536567 IP mx-ecom.netflix.com.29698 > server.workflowproducts.com.smtp: Flags [.], ack 48, win 46, length 0 0x: d49a 20fd a988 e091 f53f 1307 0800 4500 .?E. 0x0010: 0028 8f47 4000 2e06 b394 d04b 4cfc c0a8 .(.g...@..kl... 0x0020: 2c04 7402 0019 3da6 d8f4 284e 5634 5010 ,.t...=...(NV4P. 0x0030: 002e 9c79 33c5 eb66...y3..f 17:08:53.164333 IP mx-ecom.netflix.com.29698 > server.workflowproducts.com.smtp: Flags [F.], seq 1, ack 48, win 46, length 0 0x: d49a 20fd a988 e091 f53f 1307 0800 4500 .?E. 0x0010: 0028 8f48 4000 2e06 b393 d04b 4cfc c0a8 .(.h...@..kl... 0x0020: 2c04 7402 0019 3da6 d8f4 284e 5634 5011 ,.t...=...(NV4P. 0x0030: 002e 9c78 56a6 d38c...xV... 17:08:53.164352 IP server.workflowproducts.com.smtp > mx-ecom.netflix.com.29698: Flags [.], ack 2, win 65535, length 0 0x: e091 f53f 1307 d49a 20fd a988 0800 4500 ...?..E. 0x0010: 0028 03b0 4000 4006 c0a8 2c04 d04b .(..@.@.,..K 0x0020: 4cfc 0019 7402 284e 5634 3da6 d8f5 5010 L...t.(NV4=...P. 0x0030: 0a0f .. 17:08:53.164950 IP mx-ecom.netflix.com.58047 > server.workflowproducts.com.smtp: Flags [S], seq 959704267, win 5840, options [mss 1380,nop,nop,sackOK,nop,wscale 7], length 0 0x: d49a 20fd a988 e091 f53f 1307 0800 4500 .?E. 0x0010: 0034 4ba8 4000 2e06 f727 d04b 4cfc c0a8 .4K.@'.KL... 0x0020: 2c04 e2bf 0019 3933 eccb 8002 ,.93 0x0030: 16d0 45c5 0204 0564 0101 0402 0103 ..E..d.. 0x0040: 0307 .. I found out that "win" refers to window size. I have no reason to believe this is a problem because I do not know how to read this output. But I'm a good sport so I looked it up and that led me to set the following sysctl values: kern.ipc.maxsockbuf=4194304 net.inet.tcp.recvspace=25 net.inet.tcp.sendspace=25 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.icmp.icmplim=50 No joy though. Netflix is still unable to complete a mail transaction. If you look at the timestamps you can see in the middle the netflix server sends a packet, then waits 30 seconds, then sends another. I have no idea why. I am still completely baffled. Any help would be appreciated. I can't read this output and I don't know what it is to look it up. The only readable part is "220.server.workflowproducts.com.ESMTP.Postfix." and that doesn't indicate an error from what I've been able to find. 220 seems to indicate "ready" which would be good. Regards, Justin T
Re: No Netflix, lost connection after CONNECT
> I must confess that the tcpdump output is over my head. Any help would be > appreciated. I see a lot of checksums marked bad and "incorrect" but I have > no idea how to fix it. > Justin T Q 11.1: Why am I seeing lots of packets with incorrect TCP checksums? A: If the packets that have incorrect TCP checksums are all being sent by the machine on which Wireshark is running, this is probably because the network interface on which you're capturing does TCP checksum offloading. That means that the TCP checksum is added to the packet by the network interface, not by the OS's TCP/IP stack; when capturing on an interface, packets being sent by the host on which you're capturing are directly handed to the capture interface by the OS, which means that they are handed to the capture interface without a TCP checksum being added to them. The only way to prevent this from happening would be to disable TCP checksum offloading, but 1. that might not even be possible on some OSes; 2. that could reduce networking performance significantly. Source: http://www.wireshark.org/faq.html#q11.1 This is not a real problem, so you could use `tcpdump -K` to disable checksums. Greetings Thomas signature.asc Description: This is a digitally signed message part.
Re: No Netflix, lost connection after CONNECT
On Thu, Jun 02, 2011 at 10:28:18AM -0500, Justin Tocci wrote: Record complete packets into a file with "tcpdump -s 0 -w", make the binary packet capture available. Disable TCP window scaling in your kernel, it may be confusing your router. The below trace is rather bizarre, something is dreadfully wrong at the TCP layer. > mx-ecom.netflix.com.53126 > server.workflowproducts.com.smtp: Flags [S], > cksum 0x3847 (correct), seq 1705566477, win 5840, options [mss > 1380,nop,nop,sackOK,nop,wscale 7], length 0 > 09:40:25.853969 IP (tos 0x0, ttl 64, id 65283, offset 0, flags [DF], proto > TCP (6), length 52, bad cksum 0 (->31cc)!) server.workflowproducts.com.smtp > > mx-ecom.netflix.com.53126: Flags [S.], cksum 0x0a1b (incorrect -> 0xca96), > seq 265909580, ack 1705566478, win 65535, options [mss 1460,nop,wscale > 2,sackOK,eol], length 0 > 09:40:25.945774 IP (tos 0x0, ttl 46, id 45052, offset 0, flags [DF], proto > TCP (6), length 40) mx-ecom.netflix.com.53126 > > server.workflowproducts.com.smtp: Flags [.], cksum 0x0a35 (correct), seq 1, > ack 1, win 46, length 0 > 09:40:25.945796 IP (tos 0x0, ttl 64, id 54885, offset 0, flags [DF], proto > TCP (6), length 40, bad cksum 0 (->5a76)!) server.workflowproducts.com.smtp > > mx-ecom.netflix.com.53126: Flags [.], cksum 0x0a0f (incorrect -> 0x0a63), seq > 1, ack 1, win 65535, length 0 > 09:40:25.948733 IP (tos 0x0, ttl 64, id 30296, offset 0, flags [DF], proto > TCP (6), length 86, bad cksum 0 (->ba55)!) server.workflowproducts.com.smtp > > mx-ecom.netflix.com.53126: Flags [.], cksum 0x0a3d (incorrect -> 0x6c2a), seq > 1:47, ack 1, win 65535, length 46 > 09:40:26.041138 IP (tos 0x0, ttl 46, id 45053, offset 0, flags [DF], proto > TCP (6), length 40) mx-ecom.netflix.com.53126 > > server.workflowproducts.com.smtp: Flags [.], cksum 0x0a07 (correct), seq 1, > ack 47, win 46, length 0 > 09:40:26.041155 IP (tos 0x0, ttl 64, id 8764, offset 0, flags [DF], proto TCP > (6), length 41, bad cksum 0 (->e9f)!) server.workflowproducts.com.smtp > > mx-ecom.netflix.com.53126: Flags [P.], cksum 0x0a10 (incorrect -> 0x002c), > seq 47:48, ack 1, win 65535, length 1 > 09:40:26.129016 IP (tos 0x0, ttl 46, id 45054, offset 0, flags [DF], proto > TCP (6), length 40) mx-ecom.netflix.com.53126 > > server.workflowproducts.com.smtp: Flags [.], cksum 0x0a06 (correct), seq 1, > ack 48, win 46, length 0 > 09:42:26.652346 IP (tos 0x0, ttl 46, id 45055, offset 0, flags [DF], proto > TCP (6), length 40) mx-ecom.netflix.com.53126 > > server.workflowproducts.com.smtp: Flags [F.], cksum 0x0a05 (correct), seq 1, > ack 48, win 46, length 0 > 09:42:26.652366 IP (tos 0x0, ttl 64, id 35596, offset 0, flags [DF], proto > TCP (6), length 40, bad cksum 0 (->a5cf)!) server.workflowproducts.com.smtp > > mx-ecom.netflix.com.53126: Flags [.], cksum 0x0a0f (incorrect -> 0x0a33), seq > 48, ack 2, win 65535, length 0 > 09:42:26.654381 IP (tos 0x0, ttl 64, id 26128, offset 0, flags [DF], proto > TCP (6), length 40, bad cksum 0 (->cacb)!) server.workflowproducts.com.smtp > > mx-ecom.netflix.com.53126: Flags [F.], cksum 0x0a0f (incorrect -> 0x0a32), > seq 48, ack 2, win 65535, length 0 > 09:42:26.741904 IP (tos 0x0, ttl 46, id 0, offset 0, flags [DF], proto TCP > (6), length 40) mx-ecom.netflix.com.53126 > server.workflowproducts.com.smtp: > Flags [.], cksum 0x0a04 (correct), seq 2, ack 49, win 46, length 0 -- Viktor.
RE: No Netflix, lost connection after CONNECT
I must confess that the tcpdump output is over my head. Any help would be appreciated. I see a lot of checksums marked bad and "incorrect" but I have no idea how to fix it. I am using a Netgear FVS318G with an MTU of 1500. The only thing I found on Google was that it might mean the router is causing problems which is why I went to a DMZ setup, so the router wouldn't mess with packets. Tcpdump worked before I went to a DMZ setup but it didn't work the first time I tried it today. DNS is working and "dig mx-ecom.netflix.com" produced appropriate results. I used the -n flag in tcpdump to turn off dns resolution and replaced the host name with the ip address of the server and that worked. I only mention this in case it means something. root@server:/opt/mail $ tcpdump -w /opt/mail/dump6.txt -s 0 host netflix.com tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes ^C0 packets captured 549 packets received by filter 0 packets dropped by kernel root@server:/opt/mail $ tcpdump -nw /opt/mail/dump7.txt -s 0 net 208.75.76.252/32 tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes ^C24 packets captured 224677 packets received by filter 0 packets dropped by kernel $ tcpdump - -r /opt/mail/dump7.txt reading from file /opt/mail/dump7.txt, link-type EN10MB (Ethernet) 09:40:25.853369 IP (tos 0x0, ttl 46, id 196, offset 0, flags [DF], proto TCP (6), length 40) mx-ecom.netflix.com.7988 > server.workflowproducts.com.smtp: Flags [F.], cksum 0xedda (correct), seq 3280516486, ack 1181407503, win 46, length 0 09:40:25.853403 IP (tos 0x0, ttl 64, id 40810, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->9171)!) server.workflowproducts.com.smtp > mx-ecom.netflix.com.7988: Flags [.], cksum 0x0a0f (incorrect -> 0xee08), seq 1, ack 1, win 65535, length 0 09:40:25.853934 IP (tos 0x0, ttl 46, id 45051, offset 0, flags [DF], proto TCP (6), length 52) mx-ecom.netflix.com.53126 > server.workflowproducts.com.smtp: Flags [S], cksum 0x3847 (correct), seq 1705566477, win 5840, options [mss 1380,nop,nop,sackOK,nop,wscale 7], length 0 09:40:25.853969 IP (tos 0x0, ttl 64, id 65283, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->31cc)!) server.workflowproducts.com.smtp > mx-ecom.netflix.com.53126: Flags [S.], cksum 0x0a1b (incorrect -> 0xca96), seq 265909580, ack 1705566478, win 65535, options [mss 1460,nop,wscale 2,sackOK,eol], length 0 09:40:25.854777 IP (tos 0x0, ttl 64, id 25627, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->ccc0)!) server.workflowproducts.com.smtp > mx-ecom.netflix.com.7988: Flags [F.], cksum 0x0a0f (incorrect -> 0xee07), seq 1, ack 1, win 65535, length 0 09:40:25.945774 IP (tos 0x0, ttl 46, id 45052, offset 0, flags [DF], proto TCP (6), length 40) mx-ecom.netflix.com.53126 > server.workflowproducts.com.smtp: Flags [.], cksum 0x0a35 (correct), seq 1, ack 1, win 46, length 0 09:40:25.945796 IP (tos 0x0, ttl 64, id 54885, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->5a76)!) server.workflowproducts.com.smtp > mx-ecom.netflix.com.53126: Flags [.], cksum 0x0a0f (incorrect -> 0x0a63), seq 1, ack 1, win 65535, length 0 09:40:25.946069 IP (tos 0x0, ttl 46, id 0, offset 0, flags [DF], proto TCP (6), length 40) mx-ecom.netflix.com.7988 > server.workflowproducts.com.smtp: Flags [.], cksum 0xedd9 (correct), seq 1, ack 2, win 46, length 0 09:40:25.948733 IP (tos 0x0, ttl 64, id 30296, offset 0, flags [DF], proto TCP (6), length 86, bad cksum 0 (->ba55)!) server.workflowproducts.com.smtp > mx-ecom.netflix.com.53126: Flags [.], cksum 0x0a3d (incorrect -> 0x6c2a), seq 1:47, ack 1, win 65535, length 46 09:40:26.041138 IP (tos 0x0, ttl 46, id 45053, offset 0, flags [DF], proto TCP (6), length 40) mx-ecom.netflix.com.53126 > server.workflowproducts.com.smtp: Flags [.], cksum 0x0a07 (correct), seq 1, ack 47, win 46, length 0 09:40:26.041155 IP (tos 0x0, ttl 64, id 8764, offset 0, flags [DF], proto TCP (6), length 41, bad cksum 0 (->e9f)!) server.workflowproducts.com.smtp > mx-ecom.netflix.com.53126: Flags [P.], cksum 0x0a10 (incorrect -> 0x002c), seq 47:48, ack 1, win 65535, length 1 09:40:26.129016 IP (tos 0x0, ttl 46, id 45054, offset 0, flags [DF], proto TCP (6), length 40) mx-ecom.netflix.com.53126 > server.workflowproducts.com.smtp: Flags [.], cksum 0x0a06 (correct), seq 1, ack 48, win 46, length 0 09:42:26.652346 IP (tos 0x0, ttl 46, id 45055, offset 0, flags [DF], proto TCP (6), length 40) mx-ecom.netflix.com.53126 > server.workflowproducts.com.smtp: Flags [F.], cksum 0x0a05 (correct), seq 1, ack 48, win 46, length 0 09:42:26.652366 IP (tos 0x0, ttl 64, id 35596, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->a5cf)!) server.workflowproducts.com.smtp > mx-ecom.netflix.com.53126: Flags [.], cksum 0x0a0f (incorrect -> 0x0a33), seq 48, ack 2, win 65535, length 0 09:42:26.654381 IP (tos 0x0, ttl 64, id 26
Re: No Netflix, lost connection after CONNECT
On Tue, 2011-05-31 at 20:22:56 -0500, Justin Tocci wrote: > I tried tcpdump and that led me to check my router for possible > issues. I am now on a DMZ so that should eliminate that as a > possibility. You need to capture the packets between Netflix and your server (DMZ or elsewhere) and paste them somewhere for analysis. Use the '-w' flag in tcpdump to save the capture to a file. -- Sahil Tandon
RE: No Netflix, lost connection after CONNECT
I tried tcpdump and that led me to check my router for possible issues. I am now on a DMZ so that should eliminate that as a possibility. (Correct me if I'm wrong.) Anyway, new DMZ has been working great and network seems fine. So after work I tried to get email from Netflix again but no joy. I used debug_peer_level = 4 to get the following output: May 31 20:02:07 server postfix/smtpd[2333]: initializing the server-side TLS engine May 31 20:02:07 server postfix/smtpd[2333]: connect from mx-ecom.netflix.com[208.75.76.252] May 31 20:02:07 server postfix/smtpd[2333]: match_hostname: mx-ecom.netflix.com ~? 127.0.0.0/8 May 31 20:02:07 server postfix/smtpd[2333]: match_hostaddr: 208.75.76.252 ~? 127.0.0.0/8 May 31 20:02:07 server postfix/smtpd[2333]: match_list_match: mx-ecom.netflix.com: no match May 31 20:02:07 server postfix/smtpd[2333]: match_list_match: 208.75.76.252: no match May 31 20:02:07 server postfix/smtpd[2333]: auto_clnt_open: connected to private/anvil May 31 20:02:07 server postfix/smtpd[2333]: event_enable_read: fd 19 May 31 20:02:07 server postfix/smtpd[2333]: send attr request = connect May 31 20:02:07 server postfix/smtpd[2333]: send attr ident = smtp:208.75.76.252 May 31 20:02:07 server postfix/smtpd[2333]: vstream_fflush_some: fd 19 flush 42 May 31 20:02:07 server postfix/smtpd[2333]: vstream_buf_get_ready: fd 19 got 25 May 31 20:02:07 server postfix/smtpd[2333]: private/anvil: wanted attribute: status May 31 20:02:07 server postfix/smtpd[2333]: input attribute name: status May 31 20:02:07 server postfix/smtpd[2333]: input attribute value: 0 May 31 20:02:07 server postfix/smtpd[2333]: private/anvil: wanted attribute: count May 31 20:02:07 server postfix/smtpd[2333]: input attribute name: count May 31 20:02:07 server postfix/smtpd[2333]: input attribute value: 1 May 31 20:02:07 server postfix/smtpd[2333]: private/anvil: wanted attribute: rate May 31 20:02:07 server postfix/smtpd[2333]: input attribute name: rate May 31 20:02:07 server postfix/smtpd[2333]: input attribute value: 1 May 31 20:02:07 server postfix/smtpd[2333]: private/anvil: wanted attribute: (list terminator) May 31 20:02:07 server postfix/smtpd[2333]: input attribute name: (end) May 31 20:02:07 server postfix/smtpd[2333]: > mx-ecom.netflix.com[208.75.76.252]: 220 server.workflowproducts.com ESMTP Postfix May 31 20:02:07 server postfix/smtpd[2333]: watchdog_pat: 0x10010 May 31 20:02:07 server postfix/smtpd[2333]: vstream_fflush_some: fd 16 flush 47 May 31 20:02:08 server postfix/smtpd[2159]: lost connection after CONNECT from mx-ecom.netflix.com[208.75.76.252] May 31 20:02:08 server postfix/smtpd[2159]: disconnect from mx-ecom.netflix.com[208.75.76.252] Towards the end there I noticed "vstream_fflush_some" and "watchdog_pat". There isn't much to be had on google but it seems they are usually followed by a "fatal: watchdog timeout" if there were a timeout on my end. Regards, Justin T $ postconf -n biff = no command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 4 debug_peer_list = netflix.com enable_server_options = yes header_checks = pcre:/etc/postfix/custom_header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all mail_owner = _postfix mailbox_size_limit = 0 mailbox_transport = dovecot mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, workflowproducts.org, wfprod.org, wfprod.com, workflowproducts.com mydomain = workflowproducts.com mydomain_fallback = localhost myhostname = server.workflowproducts.com mynetworks = 127.0.0.0/8 newaliases_path = /usr/bin/newaliases queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + relayhost = sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated check_client_access hash:/etc/postfix/client_whitelist reject_unknown_client_hostname reject_rbl_client zen.spamhaus.org permit smtpd_enforce_tls = no smtpd_helo_required = yes smtpd_helo_restrictions = reject_unknown_hostname reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_non_fqdn_helo_hostname smtpd_pw_server_security_options = gssapi,cram-md5,login smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unlisted_recipient check_client_access hash:/etc/postfix/client_restrictions check_client_access hash:/etc/postfix/hostname_restrictions reject_unauth_destination check_policy_service unix:private/policy permit smtpd_sasl_auth_enable = yes smtpd_tls_CAfile = /etc/certificates/server.workflowproducts.com.CBC832B89B5D07F033AB998F95C4563DF981A6A8.chain.pem smtpd_tls_cert_file = /etc/certificates/server.workflowproducts.com.CBC832B89B5D07F033AB998F95C4563DF981A6
Re: No Netflix, lost connection after CONNECT
On 5/27/2011 8:15 PM, Justin Tocci wrote: My wife is complaining that we don't get email from Netflix anymore but I'm wondering what else we're missing. Check out this smtp log: May 27 11:50:27 server postfix/smtpd[45795]: connect from mx-ecom.netflix.com[208.75.76.252] May 27 11:50:58 server postfix/smtpd[45795]: lost connection after CONNECT from mx-ecom.netflix.com[208.75.76.252] May 27 11:50:58 server postfix/smtpd[45795]: disconnect from mx-ecom.netflix.com[208.75.76.252] May 27 11:50:58 server postfix/smtpd[45795]: table hash:/etc/aliases(0,lock|fold_fix) has changed -- restarting May 27 11:50:58 server postfix/smtpd[45834]: connect from mx-ecom.netflix.com[208.75.76.252] May 27 11:51:59 server postfix/smtpd[45834]: lost connection after CONNECT from mx-ecom.netflix.com[208.75.76.252] May 27 11:51:59 server postfix/smtpd[45834]: disconnect from mx-ecom.netflix.com[208.75.76.252] The first delay after connect is 31 seconds, the second is 61 seconds. I am on Mac OS X Server 10.6.7. Server is working very well, Kerberos and other fragile services working perfectly. No DNS issues. Install is fairly new, we struggled a lot in the last year but bit the bullet and re-installed about a month ago with much better guidance (Lynda.com) and things have been great ever since. I've looked at bunch of possibilities. Load on the server is minimal. Hard drive is a G-RAID stripe configuration for speed. I disabled virus scanning and no change. Now I've even got spam checking off and still no joy. I connected via telnet and got a response instantly. If anyone has any ideas I'm all ears. Perhaps instead of randomly turning things off is there a way to find out more about what may be going on inbetween the gaps in the log? I have the log level set to DEBUG which is the highest setting in the Mac OS X Server config utility. Best Regards, Justin T Read the whole document, but this is the section you're looking for. http://www.postfix.org/DEBUG_README.html#sniffer -- Noel Jones
Re: No Netflix, lost connection after CONNECT
On 05/28/2011 03:15 AM, Justin Tocci wrote: My wife is complaining that we don't get email from Netflix anymore but I'm wondering what else we're missing. Check out this smtp log: May 27 11:50:27 server postfix/smtpd[45795]: connect from mx-ecom.netflix.com[208.75.76.252] netflix connects to postfix. May 27 11:50:58 server postfix/smtpd[45795]: lost connection after CONNECT from mx-ecom.netflix.com[208.75.76.252] netflix disconnects from postfix without sending any (valid) SMTP commands. May 27 11:50:58 server postfix/smtpd[45795]: disconnect from mx-ecom.netflix.com[208.75.76.252 postfix drops the connection. guidance (Lynda.com) Please refer to the official documentation at http://www.postfix.org/documentation.html ; online guides, howtos and tutorials are often confused, confusing, or plain wrong. If anyone has any ideas I'm all ears. tcpdump(8) the connection to see what is really happening. If netflix doesn't send anything, ask *them* what is wrong. Perhaps instead of randomly turning things off is there a way to find out more about what may be going on inbetween the gaps in the log? I have the log level set to DEBUG which is the highest setting in Please don't do that; it often obscures the simpler issues if you don't know what you're looking for (or at). -- J.
No Netflix, lost connection after CONNECT
My wife is complaining that we don't get email from Netflix anymore but I'm wondering what else we're missing. Check out this smtp log: May 27 11:50:27 server postfix/smtpd[45795]: connect from mx-ecom.netflix.com[208.75.76.252] May 27 11:50:58 server postfix/smtpd[45795]: lost connection after CONNECT from mx-ecom.netflix.com[208.75.76.252] May 27 11:50:58 server postfix/smtpd[45795]: disconnect from mx-ecom.netflix.com[208.75.76.252] May 27 11:50:58 server postfix/smtpd[45795]: table hash:/etc/aliases(0,lock|fold_fix) has changed -- restarting May 27 11:50:58 server postfix/smtpd[45834]: connect from mx-ecom.netflix.com[208.75.76.252] May 27 11:51:59 server postfix/smtpd[45834]: lost connection after CONNECT from mx-ecom.netflix.com[208.75.76.252] May 27 11:51:59 server postfix/smtpd[45834]: disconnect from mx-ecom.netflix.com[208.75.76.252] The first delay after connect is 31 seconds, the second is 61 seconds. I am on Mac OS X Server 10.6.7. Server is working very well, Kerberos and other fragile services working perfectly. No DNS issues. Install is fairly new, we struggled a lot in the last year but bit the bullet and re-installed about a month ago with much better guidance (Lynda.com) and things have been great ever since. I've looked at bunch of possibilities. Load on the server is minimal. Hard drive is a G-RAID stripe configuration for speed. I disabled virus scanning and no change. Now I've even got spam checking off and still no joy. I connected via telnet and got a response instantly. If anyone has any ideas I'm all ears. Perhaps instead of randomly turning things off is there a way to find out more about what may be going on inbetween the gaps in the log? I have the log level set to DEBUG which is the highest setting in the Mac OS X Server config utility. Best Regards, Justin T
