Home »» sun managers B [Part B] »» UDP problems

UDP problems

2007-12-24 21:39:00

Dear SUN Managaers,

My company recently sold an Ultra 10 440 Mhz workstation (running Solaris
2.5.1 and a telecom applications software) to a customer and now they are
complaining that they are receiving UDP error messages which are being
generated every 1 second by the Ultra 10 workstation. Subsequently, they have
disconnected the server from their network.

The following logs were collected by an IP monitoring tool :

Packet #1, Direction: Pass-through, Time:13:53:11.530
Ethernet II
Destination MAC: FF:FF:FF:FF:FF:FF
Source MAC: 08:00:20:A0:6A:5A
Ethertype: 0x0800 (2048) - IP
IP
IP version: 0x04 (4)
Header length: 0x05 (5) - 20 bytes
Type of service: 0x00 (0)
Precedence: 000 - Routine
Delay: 0 - Normal delay
Throughput: 0 - Normal throughput
Reliability: 0 - Normal reliability
Total length: 0x0024 (36)
ID: 0x7F8E (32654)
Flags
Don't fragment bit: 1 - Don't fragment
More fragments bit: 0 - Last fragment
Fragment offset: 0x0000 (0)
Time to live: 0x01 (1)
Protocol: 0x11 (17) - UDP
Checksum: 0x0809 (2057) - correct
Source IP: 158.230.83.76
Destination IP: 0.0.0.0
IP Options: None
UDP
Source port: 32782
Destination port: 1877
Length: 0x0010 (16)
Checksum: 0x7130 (28976) - correct
Raw Data:
0x0000 FF FF FF FF FF FF 08 00-20 A0 6A 5A 08 00 45 00 .. jZ..E.
0x0010 00 24 7F 8E 40 00 01 11-08 09 9E E6 53 4C 00 00
.$Ž@.....žfSL..
0x0020 00 00 80 0E 07 55 00 10-71 30 00 00 15 00 00 08
..€..U..q0......
0x0030 00 00 55 55 55 55 55 55-55 55 55 55 ..UUUUUUUUUU

============================================================================

Packet #2, Direction: Pass-through, Time:13:53:12.520
Ethernet II
Destination MAC: FF:FF:FF:FF:FF:FF
Source MAC: 08:00:20:A0:6A:5A
Ethertype: 0x0800 (2048) - IP
IP
IP version: 0x04 (4)
Header length: 0x05 (5) - 20 bytes
Type of service: 0x00 (0)
Precedence: 000 - Routine
Delay: 0 - Normal delay
Throughput: 0 - Normal throughput
Reliability: 0 - Normal reliability
Total length: 0x0024 (36)
ID: 0x7F8F (32655)
Flags
Don't fragment bit: 1 - Don't fragment
More fragments bit: 0 - Last fragment
Fragment offset: 0x0000 (0)
Time to live: 0x01 (1)
Protocol: 0x11 (17) - UDP
Checksum: 0x0808 (2056) - correct
Source IP: 158.230.83.76
Destination IP: 0.0.0.0
IP Options: None
UDP
Source port: 32782
Destination port: 1877
Length: 0x0010 (16)
Checksum: 0x7130 (28976) - correct
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

I tried to get more information :

# netstat -a

UDP

Local Address State
-------------------- -------
*.sunrpc Idle
*.* Unbound
*.32771 Idle
*.name Idle
*.biff Idle
*.talk Idle
*.time Idle
*.echo Idle
*.discard Idle
*.daytime Idle
*.chargen Idle
*.32772 Idle
*.32773 Idle
*.32774 Idle
*.32775 Idle
*.32776 Idle
*.32777 Idle
*.32778 Idle
*.32779 Idle
*.lockd Idle
*.1877 Idle
*.32782 Idle
*.nfsd Idle
*.32783 Idle
*.32784 Idle
*.* Unbound

# rpcinfo -p
program vers proto port service
100000 4 tcp 111 rpcbind
100000 3 tcp 111 rpcbind
100000 2 tcp 111 rpcbind
100000 4 udp 111 rpcbind
100000 3 udp 111 rpcbind
100000 2 udp 111 rpcbind
100024 1 udp 32772 status
100232 10 udp 32773 sadmind
100024 1 tcp 32771 status
100011 1 udp 32774 rquotad
100002 2 udp 32775 rusersd
100002 3 udp 32775 rusersd
100002 2 tcp 32772 rusersd
100002 3 tcp 32772 rusersd
100012 1 udp 32776 sprayd
100008 1 udp 32777 walld
100001 2 udp 32778 rstatd
100001 3 udp 32778 rstatd
100001 4 udp 32778 rstatd
100068 2 udp 32779
100068 3 udp 32779
100068 4 udp 32779
100083 1 tcp 32773
100221 1 tcp 32774
100021 1 udp 4045 nlockmgr
100021 2 udp 4045 nlockmgr
100021 3 udp 4045 nlockmgr
100021 4 udp 4045 nlockmgr
100021 1 tcp 4045 nlockmgr
100021 2 tcp 4045 nlockmgr
100021 3 tcp 4045 nlockmgr
100021 4 tcp 4045 nlockmgr
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100227 2 udp 2049 nfs_acl
100227 3 udp 2049 nfs_acl
100005 1 udp 32783 mountd
100005 2 udp 32783 mountd
100005 3 udp 32783 mountd
100005 1 tcp 32788 mountd
100005 2 tcp 32788 mountd
100005 3 tcp 32788 mountd
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100227 2 tcp 2049 nfs_acl
100227 3 tcp 2049 nfs_acl

# rpcinfo -s

gram version(s) netid(s) service owner
100000 2,3,4 udp,tcp,ticlts,ticotsord,ticots rpcbind superuser
100029 2,1 ticots,ticotsord,ticlts keyserv superuser
100078 4 ticots,ticotsord,ticlts kerbd superuser
100024 1 ticots,ticotsord,ticlts,tcp,udp status superuser
100232 10 udp sadmind superuser
100011 1 ticlts,udp rquotad superuser
100002 3,2 ticots,ticotsord,tcp,ticlts,udp rusersd superuser
100012 1 ticlts,udp sprayd superuser
100008 1 ticlts,udp walld superuser
100001 4,3,2 ticlts,udp rstatd superuser
100068 4,3,2 udp - superuser
100083 1 tcp - superuser
100221 1 tcp - superuser
100021 4,3,2,1 ticots,ticotsord,ticlts,tcp,udp nlockmgr superuser
100099 1 ticots,ticotsord,ticlts - superuser
100003 3,2 tcp,udp nfs superuser
100227 3,2 tcp,udp nfs_acl superuser
100005 3,2,1 ticots,ticotsord,tcp,ticlts,udp mountd superuser
#

I checked the net also and found some information that the port "32782" as can
be seen in the logs is used by firewalls / security software made by
CheckPoint.

What could be source of these messages ? I am 100% sure it's not my company's
application running on this Ultra 10. It has got to do something with
Solaris.

Has anybody come across this type of a problem ? Any suggestions are welcome.

Thanks,
Mira.

___________________________________________________
GO.com Mail
Get Your Free, Private E-mail at http://mail.go.com

Actived: 0 answers; - size: 7576 bytes; - view related info - Similar thread

Comments

Got something to say?

You must be logged in to post a comment.