Having issue to understand TCP traffic

Mark1110 · ‎07-07-2022

Hello, i am trying to connect LDAPS session from CIMC but not succeeded. I captured below from AD server. can someone explain me below TCP capture. I searched on net but still confuse what happen.

AD server: 2.2.2.2

CIMC IP: 1.1.1.1

Please find attached file for capture.

Appreciate any kind of help!!

Thanks,

Mark

Georg Pauwen · ‎07-08-2022

Hello,

as far as I can tell, the capture does not show much more than the TCP handshake and subsequently some data being pushed (PSH flag).

What exactly are you doing that generates this traffic ? Make sure your user accounts are configured correctly...

https://www.cisco.com/en/US/docs/unified_computing/ucs/c/sw/gui/config/guide/1.5/b_Cisco_UCS_C-series_GUI_Configuration_Guide.151_chapter_0111.html

Mark1110 · ‎07-08-2022

Hello, i tried to login from cimc with my credentials to generate a traffic.

Thanks,
Mark

Mark1110 · ‎07-08-2022

Hello, i tried to login from cimc with my credential to generate this traffic. Capture shows rst means force close by server?

thanks,

mark

Richard Burts · ‎07-16-2022

Mark

Yes a rst is a force close generated by one of the devices.

As a first step in figuring this out I would suggest checking the AD server and make sure that it has a correct entry for the CIMC.

As a second step are there any entries in the log of the AD server when you attempt to access from CIMC?

HTH

Rick

Mark1110 · ‎07-25-2022

Thank you for your reply. I am switching from LDAP to TACAC+ connection for a try now.

MHM Cisco World · ‎07-16-2022

the issue as I see from TCP exchange traffic is
1- fragment this indicate that there is MTU mismatch
2- PSH flag appear which mean that one side buffer is full.

Mark1110 · ‎07-25-2022

Thank you for your reply. I am switching from LDAP to TACAC+ connection for a try now to check.

Richard Burts · ‎07-25-2022

Thanks for the update. Please let us know the results.

HTH

Rick