LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-05-2013, 08:44 AM   #1
matak
LQ Newbie
 
Registered: Jun 2013
Posts: 3

Rep: Reputation: Disabled
Linux TCP TCB


Hello, I am hoping that this forum, that I visit quite a lot, can help me answer a question that I cannot get Google to produce.

Is there a way to view the TCP transmission control block for a particular session?

Background:

I need to find out what sequence number is being used by the remote end (FTP server) of a hung session. I need this information to craft a TCP reset packet and close a connection that is stuck in CLOSE_WAIT on the client machine.

I could run a loop to increment the sequence number by the receive window but I do not want to run the chance of doing something that may trigger a bigger issue.

The client that has this stuck connection is a Linux box that is very limited, no root privileges, and the process behind this CLOSE_WAIT is taking the CPU to 100%. In this scenario I also do not have any access to the server, so restarting the process there to try and force a TCP reset is a no go.

In the end, this is a problem with the vendors FTP client program and I am sure it will be fixed in an upcoming firmware release.... doesn't help me now though.

Thanks!
 
Old 06-05-2013, 10:04 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,337

Rep: Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091
Quote:
Originally Posted by matak View Post
Hello, I am hoping that this forum, that I visit quite a lot, can help me answer a question that I cannot get Google to produce.
Is there a way to view the TCP transmission control block for a particular session?

Background:
I need to find out what sequence number is being used by the remote end (FTP server) of a hung session. I need this information to craft a TCP reset packet and close a connection that is stuck in CLOSE_WAIT on the client machine. I could run a loop to increment the sequence number by the receive window but I do not want to run the chance of doing something that may trigger a bigger issue.

The client that has this stuck connection is a Linux box that is very limited, no root privileges, and the process behind this CLOSE_WAIT is taking the CPU to 100%. In this scenario I also do not have any access to the server, so restarting the process there to try and force a TCP reset is a no go.
You don't give many details to work with. What kind of machine is initiating the FTP send, and what kind of machine is it connecting to? Depending on the resources you have at either end, that will make the answer different. You could run wireshark and capture those packets to examine them, or you could put a script on the server to check the FTP process and if it hits 100% usage, restart it (which would kill the errant connection).
[/QUOTE]In the end, this is a problem with the vendors FTP client program and I am sure it will be fixed in an upcoming firmware release.... doesn't help me now though.[/QUOTE]
If your vendor is as responsive as most I've dealt with, you may be waiting a good while.
 
Old 06-05-2013, 11:32 AM   #3
matak
LQ Newbie
 
Registered: Jun 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hey thanks for the response. I think the FTP server is Debian or RedHat based, I am not sure because I do not have access to it. The client, the host that has the orphaned connection, is I believe a Debian based embedded distribution. I am not to sure. I can navigate the filesystem and run some very basic BusyBox commands but that is it.

I have used tcpdump on an intermediate router but there is nothing coming from either side for this session.

I know there is some info in the /proc/net/tcp file but that does not have the SEQ/ACK numbers in use and I am hoping that there is another file in the procfs that could be of help.

Thanks!
 
Old 06-05-2013, 02:10 PM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,337

Rep: Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091
Quote:
Originally Posted by matak View Post
Hey thanks for the response. I think the FTP server is Debian or RedHat based, I am not sure because I do not have access to it. The client, the host that has the orphaned connection, is I believe a Debian based embedded distribution. I am not to sure. I can navigate the filesystem and run some very basic BusyBox commands but that is it.

I have used tcpdump on an intermediate router but there is nothing coming from either side for this session.
Well, if you don't have access to the server, and only a very limited command-set on the client, you don't have many options. Given that you have only busybox on the embedded device, you may not be able to load ANYTHING on it at all, especially if you need root level access to write to devices or perform other tasks. Is the server a device you/your company owns? If so, there has to be an administrator for it, who could work with you to figure something out. Otherwise, you're at the mercy of the client/embedded vendor...because anything you load on that box may void the warranty (guessing, read your EULA).

Also, how confident are you that the problem lies in the client/embedded device? You could try a simple test by bringing up an FTP server on a machine on the same subnet, and try a connection to it, and see if the problem follows the client or not, and at least have root access to a linux box you can run tests/programs on to diagnose things further.
Quote:
I know there is some info in the /proc/net/tcp file but that does not have the SEQ/ACK numbers in use and I am hoping that there is another file in the procfs that could be of help.
Not sure about that, but honestly, I've never looked.
 
Old 06-07-2013, 12:24 AM   #5
matak
LQ Newbie
 
Registered: Jun 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks for your time on this one! I am just going to reset the device/s and not put any more effort into this... besides pushing the vendor to get this issue resolved. Thanks again.
 
Old 08-11-2013, 05:55 PM   #6
rollynho
LQ Newbie
 
Registered: Aug 2013
Posts: 1

Rep: Reputation: Disabled
Cool

matak you are HF? contact me twitter.com/spellnax
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
slow tcp on 100mbps wan, strange tcp window behaviour on ubuntu 9.10 cputoaster Linux - Networking 2 03-10-2010 01:43 AM
HP-UX TCB Auth: Difference between u_exp and u_life saajii Other *NIX 1 09-18-2007 11:11 AM
Accessing TCP flags in TCP packets on Linux using C !! vishamr2000 Programming 2 10-16-2006 10:46 AM
LXer: Migrating from shadow passwords to tcb in Linux LXer Syndicated Linux News 0 08-24-2006 10:54 AM
Linux change TCP kernel Parameter for TCP DELAY ACK TICKS linux_mando Linux - Networking 5 08-22-2006 09:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration