nrpe-nt not sending FIN/SYN?

Hugo van der Kooij hvdkooij at vanderkooij.org
Fri Jul 14 23:35:09 CEST 2006


On Fri, 14 Jul 2006, Andrew Ruddock wrote:

> Current timer values in the Pix, which seem more than reasonable to me.
> These are the defaults.  In fact, I may even want to shorten some of them.
>
> timeout xlate 3:00:00  (Specifies the idle time until a translation slot
> is freed; the minimum value is one minute.)
>
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
> conn = Specifies the idle time after which a connection closes; the
> minimum duration is five minutes.
> half-closed = Specifies the idle time after which a TCP half-closed
> connection will be freed.

There is what you configured. Not nescessarily what actually takes place.
I have seen my share of incorrect session handling on Cisco equipment.
Mostly IOS issues but some PIX bugs as well.

So far I see nothing odd to prove Nagios is doing anything wrong. But you
need to monitor and compare 2 sides. One is the session as seen between
Nagios and PIX. The other between PIX and NRPE.

What I find rather odd is that it all ends up as fragmented packets.
fragmented packets are the bane of any firewall I have seen. Somehow
reassembling them for inspection seems to be a major pain and they often
get it wrong.

If you can't show the real data you need to rewrite the lot manual to show
all relevant data to the session. Like FLAGS, sequence numbers,
ethernet and IP addresses, ....... (well it pretty much is everything to
be honest.)

If you company policy does not allow you to show relevant details then I
guess you have to spend company money and hire someone to come over and do
the serious packet comparison one needs to perform to find the real
cause.

Having done some serious firewall troubleshooting I know there is no
substitute for the raw data to find the real cause.

Hugo.

-- 
	I hate duplicates. Just reply to the relevant mailinglist.
	hvdkooij at vanderkooij.org		http://hvdkooij.xs4all.nl/
		Don't meddle in the affairs of magicians,
		for they are subtle and quick to anger.


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list