Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: SNA and MTX controllers

SNA and MTX controllers 12 years 11 months ago #2205

  • UHSsncmrm
  • UHSsncmrm's Avatar
  • Offline
  • Frequent Member
  • Posts: 63
  • Karma: 0
I captured some packets between mtx controllers and an SNA server, Is anyone astute in the analysis of these packets? I didn't see anything pertinent.

Site is complaining of sessions dropping and the capture is during the timeframe.
A scapegoat is often as welcome as a solution...never memorize what you can look up.
The administrator has disabled public write access.

Re: SNA and MTX controllers 12 years 11 months ago #2218

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
While it might be hard to do, are you able to post the packets captured here?

If you have sessions dropping (assuming TCP), I'd look straight into the sequence, acknowledgment numbering and tcp flags to track connections that have been reset or lost and see where the problem is coming from.

Such cases are quite hard and time consuming to trace, but they are the best way of 'seeing' what on earth is happening.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: SNA and MTX controllers 12 years 11 months ago #2219

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Yep I'd be looking at the flags as well.. look for alot of RSTs or suchlike.

Btw UHS, i just noticed that you use the same avatar as our other forum mod tfs.. hehe thats gonna irk him (he's very dangerous.. have you seen the picture of him on the team page --- ex Navy SEAL, military special operations chap --- we're not really allowed to talk about it much though)

:roll:
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: SNA and MTX controllers 12 years 10 months ago #2301

  • UHSsncmrm
  • UHSsncmrm's Avatar
  • Offline
  • Frequent Member
  • Posts: 63
  • Karma: 0
Thanks guys for the suggestions.

Okay first, do you want the whole capture pasted here? Nah, can't make me do it! So, given that, how can I get that info up here?

Secondly, in the 802.3 section of the packet decode I notice the trailer consists of data that I recognize from other packets on network, does that have significance. for instance the site is running SolarWinds and in the LLC packet of SNA packets bound for the controller I see portions and sometimes whole portions of "version statements", community strings, and other data that I know is from SolarWinds. Is this a manifestation of a conflict or too heavy a touch by this software. (I run this package on my entire network and have never seen evidence of it in other packets.) Could just be a tangent, I tend to do that when I've exhausted my knowledge base, haha.

I run the entire WAN including 78 sites and my site (Corporate) but the LAN at the site is the responsibility of the staff there until they need my assistance. As is the case with this controller dropping which I can usually figure out (except this time.) The sight wants to have a tech out to replace a NIC on it but I say not this time. They seem to hold onto a notion of "it solved it last time."

Sahirh, if you notice, I changed my avatar! Didn't want any covert ops in my sector...(that I don't know about anyway)...lol.
A scapegoat is often as welcome as a solution...never memorize what you can look up.
The administrator has disabled public write access.

Re: SNA and MTX controllers 12 years 10 months ago #2306

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Thank god bout the avatar change UHS, rumour had it that tfs was getting all set to sort things out ! ;)

About your problem, I'm lost without the packet capture. Can you export it to some format and then upload it somewhere (if its not too large).
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup