No data being passed to External service

JustinMaynard0459 · ‎05-08-2019

I have a footfall counter that passes data back to an external company but they are saying that they can see no data and are asking us to unblock ports, However all ports are open by default for data going out.

Below is the packet capture for the store and underneath is the packet capture for a store that is working

--- Start Of Stream ---
tcpdump: listening on all_lan_sniff, link-type EN10MB (Ethernet), capture size 262144 bytes
11:02:22.679343 IP (tos 0x0, ttl 64, id 62383, offset 0, flags [DF], proto TCP (6), length 52)
10.20.20.71.1194 > 82.223.108.36.1194: Flags [S], cksum 0xf537 (correct), seq 1769018091, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 2], length 0
11:02:22.731761 IP (tos 0x0, ttl 118, id 25129, offset 0, flags [none], proto TCP (6), length 40)
82.223.108.36.1194 > 10.20.20.71.1194: Flags [R.], cksum 0x4cc1 (correct), seq 0, ack 1769018092, win 0, length 0
11:02:27.964491 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.20.20.71 tell 10.20.20.1, length 28
11:02:27.964623 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.20.20.71 is-at 68:3b:1e:83:37:04, length 46
11:02:28.677318 IP (tos 0x0, ttl 64, id 314, offset 0, flags [DF], proto TCP (6), length 52)
10.20.20.71.1194 > 82.223.108.36.1194: Flags [S], cksum 0x1fe5 (correct), seq 1862787751, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 2], length 0
11:02:28.772609 IP (tos 0x0, ttl 118, id 25130, offset 0, flags [none], proto TCP (6), length 40)
82.223.108.36.1194 > 10.20.20.71.1194: Flags [R.], cksum 0x776e (correct), seq 0, ack 93769661, win 0, length 0
11:02:34.678831 IP (tos 0x0, ttl 64, id 28643, offset 0, flags [DF], proto TCP (6), length 52)
10.20.20.71.1194 > 82.223.108.36.1194: Flags [S], cksum 0x72de (correct), seq 1956612630, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 2], length 0
11:02:34.731509 IP (tos 0x0, ttl 118, id 25131, offset 0, flags [none], proto TCP (6), length 40)
82.223.108.36.1194 > 10.20.20.71.1194: Flags [R.], cksum 0xca67 (correct), seq 0, ack 187594540, win 0, length 0
11:02:40.682983 IP (tos 0x0, ttl 64, id 15090, offset 0, flags [DF], proto TCP (6), length 52)
10.20.20.71.1194 > 82.223.108.36.1194: Flags [S], cksum 0x24a0 (correct), seq 2050478780, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 2], length 0
11:02:40.735008 IP (tos 0x0, ttl 118, id 25132, offset 0, flags [none], proto TCP (6), length 40)
82.223.108.36.1194 > 10.20.20.71.1194: Flags [R.], cksum 0x7c29 (correct), seq 0, ack 281460690, win 0, length 0
11:02:42.965253 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.20.20.71 tell 10.20.20.1, length 28
11:02:42.965380 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.20.20.71 is-at 68:3b:1e:83:37:04, length 46
11:02:46.680763 IP (tos 0x0, ttl 64, id 31998, offset 0, flags [DF], proto TCP (6), length 52)
10.20.20.71.1194 > 82.223.108.36.1194: Flags [S], cksum 0x5b6d (correct), seq 2144245336, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 2], length 0
11:02:46.734284 IP (tos 0x0, ttl 118, id 25133, offset 0, flags [none], proto TCP (6), length 40)
82.223.108.36.1194 > 10.20.20.71.1194: Flags [R.], cksum 0xb2f6 (correct), seq 0, ack 375227246, win 0, length 0
--- End Of Stream ---

Working Store

--- Start Of Stream ---
tcpdump: listening on all_lan_sniff, link-type EN10MB (Ethernet), capture size 262144 bytes
11:16:13.191103 IP (tos 0x0, ttl 116, id 2982, offset 0, flags [DF], proto UDP (17), length 81)
82.223.108.36.1194 > 192.168.1.173.1194: UDP, length 53
11:16:14.015022 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.173 tell 192.168.1.1, length 28
11:16:14.015290 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.173 is-at 68:3b:1e:ac:29:29, length 46
11:16:15.373148 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 81)
192.168.1.173.1194 > 82.223.108.36.1194: UDP, length 53
11:16:23.808093 IP (tos 0x0, ttl 116, id 2983, offset 0, flags [DF], proto UDP (17), length 81)
82.223.108.36.1194 > 192.168.1.173.1194: UDP, length 53
11:16:24.858559 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 81)
192.168.1.173.1194 > 82.223.108.36.1194: UDP, length 53
11:16:30.016486 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.173 tell 192.168.1.1, length 28
11:16:30.016967 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.173 is-at 68:3b:1e:ac:29:29, length 46
11:16:33.770416 IP (tos 0x0, ttl 116, id 2984, offset 0, flags [DF], proto UDP (17), length 81)
82.223.108.36.1194 > 192.168.1.173.1194: UDP, length 53
11:16:35.028918 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 81)
192.168.1.173.1194 > 82.223.108.36.1194: UDP, length 53
11:16:43.844787 IP (tos 0x0, ttl 116, id 2985, offset 0, flags [DF], proto UDP (17), length 81)
82.223.108.36.1194 > 192.168.1.173.1194: UDP, length 53
11:16:44.857920 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 81)
192.168.1.173.1194 > 82.223.108.36.1194: UDP, length 53
11:16:46.017982 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.173 tell 192.168.1.1, length 28
11:16:46.018253 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.173 is-at 68:3b:1e:ac:29:29, length 46
11:16:53.737519 IP (tos 0x0, ttl 116, id 2986, offset 0, flags [DF], proto UDP (17), length 81)
82.223.108.36.1194 > 192.168.1.173.1194: UDP, length 53
11:16:54.890003 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 81)
192.168.1.173.1194 > 82.223.108.36.1194: UDP, length 53
--- End Of Stream ---

The company are saying its due to a firmware upgrade on our MX device which i don't believe.

Any help would be much appreciated

Justin

Rob Ingram · ‎05-08-2019

Hi,
It looks like in the first capture (non-working), it's using the TCP protocol but in the working capture it's using UDP protocol. Try re-configuring the application to use UDP.

HTH