all ftp data packets dropped but the first one - TCP-IP

This is a discussion on all ftp data packets dropped but the first one - TCP-IP ; Unable to upload files to an FTP of any substantive size, I decided to run Wireshark in an attempt to see what was going on. Apparently, after connecting, an FTP Data packet of 1460 bytes is sent and then another ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: all ftp data packets dropped but the first one

  1. all ftp data packets dropped but the first one

    Unable to upload files to an FTP of any substantive size, I decided to
    run Wireshark in an attempt to see what was going on. Apparently,
    after connecting, an FTP Data packet of 1460 bytes is sent and then
    another one. I then get ICMP packets sent to me, from the FTP, whose
    description in Wireshark reads "Destination unreachable (Fragmentation
    needed)". After a few of these, my computer tries to resend it. The
    Wireshark description now reads "[TCP Retransmission] FTP Data: 1460
    bytes".

    So basically, it sounds as if all packets, above and beyond the first,
    are getting dropped, and I have no idea why. Any ideas?


  2. Re: all ftp data packets dropped but the first one

    In article <1154665644.171372.5290@m73g2000cwd.googlegroups.co m>,
    "yawnmoth" wrote:

    > Unable to upload files to an FTP of any substantive size, I decided to
    > run Wireshark in an attempt to see what was going on. Apparently,
    > after connecting, an FTP Data packet of 1460 bytes is sent and then
    > another one. I then get ICMP packets sent to me, from the FTP, whose
    > description in Wireshark reads "Destination unreachable (Fragmentation
    > needed)". After a few of these, my computer tries to resend it. The
    > Wireshark description now reads "[TCP Retransmission] FTP Data: 1460
    > bytes".
    >
    > So basically, it sounds as if all packets, above and beyond the first,
    > are getting dropped, and I have no idea why. Any ideas?


    Are you going through a VPN? That's the most common reason for needing
    to fragment these days.

    When you get "Fragmentation needed" messages, you're supposed to resend
    SMALLER packets, so that they don't need to be fragmented. But your TCP
    stack is resending the same size packets, so they still can't get
    through.

    Do you have an IP filter blocking ICMP packets, so your stack doesn't
    see the Fragmentation Needed messages?

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***

  3. Re: all ftp data packets dropped but the first one

    Hello,

    yawnmoth a écrit :
    > after connecting, an FTP Data packet of 1460 bytes is sent and then
    > another one. I then get ICMP packets sent to me, from the FTP, whose
    > description in Wireshark reads "Destination unreachable (Fragmentation
    > needed)".


    I globally agree with Barry, but I'm just wondering why the destination
    host would send "Fragmentation Needed" packets. The only explaination I
    can see is that the server is masqueraded behind a NAT router which
    actually sends the ICMP. Another possible reason ?

  4. Re: all ftp data packets dropped but the first one

    On Fri, 04 Aug 2006 10:58:30 +0200, Pascal Hambourg wrote:

    > Hello,
    >
    > yawnmoth a écrit :
    >> after connecting, an FTP Data packet of 1460 bytes is sent and then
    >> another one. I then get ICMP packets sent to me, from the FTP, whose
    >> description in Wireshark reads "Destination unreachable (Fragmentation
    >> needed)".

    >
    > I globally agree with Barry, but I'm just wondering why the destination
    > host would send "Fragmentation Needed" packets. The only explaination I
    > can see is that the server is masqueraded behind a NAT router which
    > actually sends the ICMP. Another possible reason ?


    Natting FW sends to router where packet enters tunnel. Big packet gets
    rejected, icmp error gets correctly de-natted. I have actually seen such
    setups so this is entirely possible.

    So the icmp can also come from somewhere behind the natting router.

    M4

    (And no, those setups I saw were not sane by any common definition, but
    there might be sane ones).

    --
    Redundancy is a great way to introduce more single points of failure.


+ Reply to Thread