[SR-Users] nathelper: ping options over tcp

Abdoul Osséni abdoul.osseni at gmail.com
Wed Apr 5 15:12:02 CEST 2017


Thanks.

This is a network capture taken on Kamailio server that showing VSS
Monitoring ethernet.
---
This is not a LAN network. UAC is on Internet behind a NAT device so I
can't capture the traffic in the network.

According your message, you think UAC send close notify alerts even during
during the call establishment?

Regards
Abdoul.

2017-04-05 14:58 GMT+02:00 Nathan Ward <kamailio-sr-users at daork.net>:

>
> On 6/04/2017, at 12:25 AM, Abdoul Osséni <abdoul.osseni at gmail.com> wrote:
> I have always this issue with NAT devices using VSS-Monitoring protocol.
>
> A network capture shows:
> - Kamailio sends a tcp keepalive
> - The NAT device sends a tck keepalive ACK to Kamailio with a new filed :
> vss-monitoring
> Frame 70: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
> Linux cooked capture
> Internet Protocol Version 4, Src: x.x.x.x, Dst: x.x.x.x
> Transmission Control Protocol, Src Port: 13178, Dst Port: 443, Seq: 2752,
> Ack: 6214, Len: 0
> *VSS-Monitoring ethernet trailer, Source Port: 0*
> * Src Port: 0*
>
>
> Hi,
>
> VSS-Monitoring is a function of your monitoring tap, is is not a function
> of your NAT box - http://www.vssmonitoring.com/resources/feature-brief/
> Port-and-Time-Stamping.pdf
> It should not be included in the actual traffic packets going past the tap
> - only the packets that you see on your network analyser - if you find that
> it is included on actual packets, you need to talk to your networking
> people and get that fixed.
>
> It is very unlikely that a NAT device sends anything other than
> synthesised RST packets. It certainly won’t be generating close notify TLS
> alerts - I’m not actually sure that it can, they might need to be
> authenticated.
>
> If you are seeing a close notify, you should capture between the UAC and
> the NAT device - I believe you will see the close notify TLS alert coming
> from the UAC. If that is the case, you need to look at the UAC for why it’s
> doing that. Perhaps your UAC does not support TCP keepalives properly.
>
> --
> Nathan Ward
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20170405/252e1deb/attachment.html>


More information about the sr-users mailing list