telnet stuck in SYN_RECV

ArbitraryValue · 07-31-2013, 03:31 PM

I'm working with a mystery device; it runs Linux 2.4.30.pre-1 but I don't know how it was configured.

I need to connect to this device via telnet. This works when the device has the LAN IP 10.1.1.10 and I am connecting from inside 10.1.1.* but not when I am trying to connect from outside 10.1.1.*

When trying to connect from outside, the connection gets as far as SYN_RECV but the ACK is never sent. The tcpdump looks like this:

Code:

00:42:53.156347 4c:60:de:e6:8e:73 Broadcast arp 60: arp who-has 10.1.1.10 tell 192.168.53.126
00:42:53.156537 0:1d:ea:50:1:5 4c:60:de:e6:8e:73 arp 42: arp reply 10.1.1.10 is-at 0:1d:ea:50:1:5
00:42:53.159384 4c:60:de:e6:8e:73 0:1d:ea:50:1:5 ip 66: 192.168.53.126.50453 > 10.1.1.10.telnet: S 4255495819:4255495819(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
00:42:53.159668 0:1d:ea:50:1:5 Broadcast arp 42: arp who-has 10.1.1.1 tell 10.1.1.10
00:42:53.159393 4c:60:de:e6:8e:73 0:1d:ea:50:1:5 ip 92: 10.1.1.3.2048 > 10.1.1.10.netbios-ns: 
>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST (DF)
00:42:53.159912 0:1d:ea:50:1:5 Broadcast arp 42: arp who-has 10.1.1.3 tell 10.1.1.10
00:42:53.162374 4c:60:de:e6:8e:73 0:1d:ea:50:1:5 arp 60: arp reply 10.1.1.3 is-at 4c:60:de:e6:8e:73
00:42:53.162483 0:1d:ea:50:1:5 4c:60:de:e6:8e:73 ip 120: 10.1.1.10 > 10.1.1.3: icmp: 10.1.1.10 udp port netbios-ns unreachable [tos 0xc0]

It looks like, for whatever reason, the device is trying to send an answer to 10.1.1.1 rather than to the IP the connection request is actually coming from (192.168.53.126). Why would it be doing that? How do do I fix that? Thanks!

ArbitraryValue · 07-31-2013, 04:18 PM

I figured it out myself. The gateway in /etc/network/interfaces was set to 10.1.1.1 and setting it to the router's correct IP fixed the problem.

Ser Olmy · 07-31-2013, 04:23 PM

Quote:

Originally Posted by ArbitraryValue

Code:

00:42:53.156347 4c:60:de:e6:8e:73 Broadcast arp 60: arp who-has 10.1.1.10 tell 192.168.53.126

First of all, this should never happen. There's no way 192.168.53.126 can be in the same IP network as 10.1.1.10, and it shouldn't be sending ARP requests for IP addresses outside its own network. These two systems should be communicating through a gateway, not directly.

Quote:

Originally Posted by ArbitraryValue

Code:

00:42:53.156537 0:1d:ea:50:1:5 4c:60:de:e6:8e:73 arp 42: arp reply 10.1.1.10 is-at 0:1d:ea:50:1:5
00:42:53.159384 4c:60:de:e6:8e:73 0:1d:ea:50:1:5 ip 66: 192.168.53.126.50453 > 10.1.1.10.telnet: S 4255495819:4255495819(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)

10.1.1.10 responds to the ARP request, because ARP doesn't really deal with layer 3 addresses and doesn't realize that the initial request really makes no sense. It does know the MAC address of the host that sent the request, and responds to that address.

Then 192.168.58.126 sends a SYN packet to 10.1.1.10, which would be OK if the source MAC address belonged to a router, but we've already learned that 4c:60:de:e6:8e:73 is in fact the MAC address of 192.168.56.126, and therefore this exchange should also never happen. What is the netmask and gateway address of 192.168.58.126?

Quote:

Originally Posted by ArbitraryValue

Code:

00:42:53.159668 0:1d:ea:50:1:5 Broadcast arp 42: arp who-has 10.1.1.1 tell 10.1.1.10

Now 10.1.1.10 wants to respond to 192.168.56.126, and looks for the MAC address of a gateway. This is the first sensible thing that has happened so far. Apparently, 10.1.1.10 has a 10.1.1.1 as its gateway, but it would seem that no such host exists.

In short, you need to set up a gateway to facilitate communication between hosts in different IP networks. Also, 192.168.56.126 seems to be seriously misconfigured.