[hobbit] Debugging a client

Henrik Stoerner henrik at hswn.dk
Thu Jul 12 23:26:49 CEST 2007


On Thu, Jul 12, 2007 at 11:18:18AM -0500, Trent Melcher wrote:
> > What kind of firewall are you using ?
> 
> Its a Symantec SGS firewall

A search on their support website gave a couple of things you might want
to look at: First, a support notice

   Issue: TCP connections seem to hang after several seconds
   http://entsupport.symantec.com/docs/641

Second, it seems as if there is a "GSP" (Generic Service Passers) setting 
that you can toggle on or off, which affects whether the protocol will be 
handled as a proxy-protocol, or transparently. An example of setting up
a protocol and service group definition is here:
   http://entsupport.symantec.com/docs/n2006092709045754
This is for MSN, but you should be able to pick out the bits you need
to define just the Hobbit protocol on TCP port 1984. I think the "use
GSP" setting here might make a difference.


> Here is the output from my tcpdump.....see if you can wrap your head
> around this one.

Your dump shows three connections from the client to the Hobbit server.
All of them behave identically:
1) The connection is established
2) The data is sent from the client, including the FIN packet indicating
   the client has no more data to send
3) After the FIN-packet and the corresponding ACK from the server, no
   more data is passed.

So the behaviour is what I'd expect from a firewall the closes the
connection too early.


Regards,
Henrik




More information about the Xymon mailing list