In my case IPTV and internet traffic is separated via 2 VLANs (at the WAN side). So you have IPTV over Fiber (FtoH), like me. I'd also like to point out that my IP TV (from the same provider) has no issues at all during these periods. Is this only the case of this destination ( ) or does this also happen with other websites? So if Network Address Translation (NAT) is not applied by your SOHO router then that would explain the blockage. A 10.0.0.0/8 address is a private address and that is not allowed on the internet. I noticed a source address of 10.10.200.11. The ICMP packets also contain the TCP/IP headers of the original packet. The system that sent the ICMP packet (62.73.73.128) is a good candidate for the ACL or firewall. "Communication administratively filtered" means that there is a kind of filter (router ACL or firewall). Contact your ISP as ask them to enable 'Dual-Stack' to your connection, in my case the port 'reuse' problem seems have been alleviated after ISP enabled Dual-Stack for the given subscriber and end-user. I can offer you something to try (at least). Lot of tcp sessions, or in fact the src-ip's you see in your trace areĪctually from a natting device with many hosts behind it." Might be the source of the problem you are investigating.Īlso, a typical client would run through a lot of sourceports before Have a look at the TCP timers (especially TIME_WAIT) if you think this Those devices is sending out the RST packets because the new SYN's are While after the session has been terminated. Loadbalancers, ids systems and other systems that do somethingĪctive with the traffic might keep state information. Ip addresses and ports, there is no porblem. So as long as they are OK with setting up sessions with the same Well, the source and the destination system keep track of sessions What impact can it have for the clients on that net? Ports, as long as the first session is terminated before the TCP sessions after one another which have the same addresses and In itself, this is no problem, it is perfectly legal to have two Wireshark, there is a SYN packet seen with the same ip-addressesĪnd ports for which traffic has already been seen. "It means that within the capture file that you are viewing with I have taken the below snippet from doing a dig on the net: I am unable to comment on destination unreachable, but the port reuse is very interesting problem indeed, especially when it comes to firewalls and other such devices that are engineered to protect against DoS attacks such as SYN Floods. Incidentally I was facing the port reuse issue with connection to ISP from enterprise users. I'd be happy to provide any additional information that might be useful. I apologize if the information is not enough, this is the first time I am having such issue. I do not understand the results though and would be grateful if someone can help with understanding them. I have recenlty found wireshark and made captures when the issue is present - both on wireless and ethernet. According to my provider all is fine with their network. Ping is usually fine, although sometimes it gets up to 200-300 ms. I have tried ping with -n 200-500 and there are usually 3-15 packages lost. Both wired and wireless connections get affected and the connected devices show 'No internet' status for the network. The issue appears periodically (not every day) and so far only in the evening at a random time.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |