TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: INVALID@INVALID.INVALID
from: ADRIAN
date: 2020-06-07 13:15:00
subject: Re: rsync oddity
In message , Richard Kettlewell
 writes
>Whatever went wrong had already happened by 10:37:20. I agree with
>Martin that applying wireshark or tcpdump is the next move. In
>particular look out for packets that one end sends but the other does
>not receive.
>

tcpdump was run on the source machine, and the output copied over to my
PC where I can run wireshark.  Source machine is 192.168.1.18 and the
target is 192.168.1.118 (the router was not helpful on the address
allocation).

The trace was started just before I kicked off the rsync session, and
(after filtering out traffic to the router), I get this :

137     30.717163       192.168.1.18    217.169.20.20   DNS     68
Standard query 0x13a2 A 
138     30.717231       192.168.1.18    217.169.20.20   DNS     68
Standard query 0x54ed AAAA 
139     30.717705       217.169.20.20   192.168.1.18    DNS     86
Standard query response 0x13a2 A  A 192.168.1.118
140     30.735893       217.169.20.20   192.168.1.18    DNS     143
Standard query response 0x54ed No such name AAAA  SOA a.root-
servers.net
141     30.736200       192.168.1.18    192.168.1.118   TCP     74      49782 ?
22 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2255159231 TSecr=0
WS=128
142     30.736863       192.168.1.118   192.168.1.18    TCP     74      22 ?
49782 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1
TSval=2806473379 TSecr=2255159231 WS=64
143     30.736930       192.168.1.18    192.168.1.118   TCP     66      49782 ?
22 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=2255159231 TSecr=2806473379
144     30.741121       192.168.1.18    192.168.1.118   SSHv2   108     Client:
Protocol (SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u7)
145     30.742140       192.168.1.118   192.168.1.18    TCP     66      22 ?
49782 [ACK] Seq=1 Ack=43 Win=28992 Len=0 TSval=2806473380 TSecr=2255159236
146     30.833177       192.168.1.118   192.168.1.18    SSHv2   105     Server:
Protocol (SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6)
147     30.833205       192.168.1.18    192.168.1.118   TCP     66      49782 ?
22 [ACK] Seq=43 Ack=40 Win=29312 Len=0 TSval=2255159328 TSecr=2806473389
148     30.842130       192.168.1.118   192.168.1.18    SSHv2   1050    Server:
Key Exchange Init
149     30.842162       192.168.1.18    192.168.1.118   TCP     66      49782 ?
22 [ACK] Seq=43 Ack=1024 Win=32128 Len=0 TSval=2255159337 TSecr=2806473390
150     30.850541       192.168.1.18    192.168.1.118   SSHv2   1498    Client:
Key Exchange Init
151     30.851888       192.168.1.118   192.168.1.18    TCP     66      22 ?
49782 [ACK] Seq=1024 Ack=1475 Win=31872 Len=0 TSval=2806473391 TSecr=2255159345
152     30.865658       192.168.1.18    192.168.1.118   SSHv2   146     Client:
Elliptic Curve Diffie-Hellman Key Exchange Init
153     30.866301       192.168.1.118   192.168.1.18    TCP     66      22 ?
49782 [ACK] Seq=1024 Ack=1555 Win=31872 Len=0 TSval=2806473392 TSecr=2255159360
154     30.903472       192.168.1.118   192.168.1.18    SSHv2   378     Server:
Elliptic Curve Diffie-Hellman Key Exchange Reply, New Keys
155     30.946329       192.168.1.18    192.168.1.118   TCP     66      49782 ?
22 [ACK] Seq=1555 Ack=1336 Win=35072 Len=0 TSval=2255159441 TSecr=2806473396
156     30.958700       192.168.1.18    192.168.1.118   SSHv2   82      Client:
New Keys
157     30.959300       192.168.1.118   192.168.1.18    TCP     66      22 ?
49782 [ACK] Seq=1336 Ack=1571 Win=31872 Len=0 TSval=2806473402 TSecr=2255159453
158     30.959324       192.168.1.18    192.168.1.118   SSHv2   106     Client:
Encrypted packet (len=40)
159     30.959779       192.168.1.118   192.168.1.18    TCP     66      22 ?
49782 [ACK] Seq=1336 Ack=1611 Win=31872 Len=0 TSval=2806473402 TSecr=2255159454
160     30.960402       192.168.1.118   192.168.1.18    SSHv2   106     Server:
Encrypted packet (len=40)
161     30.960411       192.168.1.18    192.168.1.118   TCP     66      49782 ?
22 [ACK] Seq=1611 Ack=1376 Win=35072 Len=0 TSval=2255159455 TSecr=2806473402
162     30.960463       192.168.1.18    192.168.1.118   SSHv2   122     Client:
Encrypted packet (len=56)
163     30.980612       192.168.1.118   192.168.1.18    SSHv2   122     Server:
Encrypted packet (len=56)
164     30.980692       192.168.1.18    192.168.1.118   SSHv2   426     Client:
Encrypted packet (len=360)
165     31.018756       192.168.1.118   192.168.1.18    TCP     66      22 ?
49782 [ACK] Seq=1432 Ack=2027 Win=34752 Len=0 TSval=2806473408 TSecr=2255159475
166     31.020812       192.168.1.118   192.168.1.18    SSHv2   378     Server:
Encrypted packet (len=312)
167     31.047947       192.168.1.18    192.168.1.118   SSHv2   698     Client:
Encrypted packet (len=632)
168     31.048686       192.168.1.118   192.168.1.18    TCP     66      22 ?
49782 [ACK] Seq=1744 Ack=2659 Win=37632 Len=0 TSval=2806473410 TSecr=2255159542



18740   84.263041       192.168.1.118   192.168.1.18    SSHv2   118
Server: Encrypted packet (len=40)
18741   84.268016       192.168.1.118   192.168.1.18    SSHv2   118
Server: Encrypted packet (len=40)
18742   84.268095       192.168.1.18    192.168.1.118   TCP     66 49782
? 22 [ACK] Seq=2565323 Ack=360240 Win=93952 Len=0 TSval=2255212763
TSecr=2806478732
18743   84.300767       192.168.1.118   192.168.1.18    SSHv2   118
Server: Encrypted packet (len=40)
18744   84.346371       192.168.1.18    192.168.1.118   TCP     66 49782
? 22 [ACK] Seq=2565323 Ack=360280 Win=93952 Len=0 TSval=2255212841
TSecr=2806478736
18745   84.349315       192.168.1.118   192.168.1.18    SSHv2   118
Server: Encrypted packet (len=40)
18746   84.349423       192.168.1.18    192.168.1.118   TCP     66 49782
? 22 [ACK] Seq=2565323 Ack=360320 Win=93952 Len=0 TSval=2255212844
TSecr=2806478741
18747   84.359536       192.168.1.118   192.168.1.18    SSHv2   118
Server: Encrypted packet (len=40)
18748   84.359931       192.168.1.18    192.168.1.118   TCP     66 49782
? 22 [ACK] Seq=2565323 Ack=360360 Win=93952 Len=0 TSval=2255212855
TSecr=2806478742
18749   84.381883       192.168.1.118   192.168.1.18    SSHv2   118
Server: Encrypted packet (len=40)
18750   84.382051       192.168.1.18    192.168.1.118   TCP     66 49782
? 22 [ACK] Seq=2565323 Ack=360400 Win=93952 Len=0 TSval=2255212877
TSecr=2806478744
18751   84.385465       192.168.1.118   192.168.1.18    SSHv2   118
Server: Encrypted packet (len=40)
18752   84.385565       192.168.1.18    192.168.1.118   TCP     66 49782
? 22 [ACK] Seq=2565323 Ack=360440 Win=93952 Len=0 TSval=2255212880
TSecr=2806478744
18915   354.906585      192.168.1.12    224.0.0.251     IGMPv2  60
Membership Report group 224.0.0.251
18981   409.284633      192.168.1.106   224.0.0.251     IGMPv2  60
Membership Report group 224.0.0.251
19123   705.914795      192.168.1.106   224.0.0.251     IGMPv2  60
Membership Report group 224.0.0.251
19165   815.539355      192.168.1.135   192.168.1.118   ICMP    98 Echo
(ping) request  id=0x4df1, seq=1/256, ttl=64 (no response found!)
19271   1046.554024     192.168.1.18    217.169.20.20   DNS     74
Standard query 0x7220 A smtp.gmail.com

Sometime after packet 18752 it stops talking to the target.  The last
packet shown is when my script calls up Gmail to send the rsync log to
me, which it does after the rsync process on the source machine has
ended.

I've also run tcpdump on a short session between the two machines where
I opened a ssh connection, then closed it again.  This clearly showed
the end of the connection.

Adrian
--
To Reply :
replace "bulleid" with "adrian" - all mail to bulleid is rejected
Sorry for the rigmarole, If I want spam, I'll go to the shops
Every time someone says "I don't believe in trolls", another one dies.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.