[Nagiosplug-help] Problem with TCP-Sessions via check_smtp or check_ssh

Dieter Hendricks (web.de) dieter.hendricks at web.de
Tue Jul 31 08:13:09 CEST 2007

Previous message: [Nagiosplug-help] Error while connecting to remote NRPE
Next message: [Nagiosplug-help] Problem with TCP-Sessions via check_smtp or check_ssh
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hallo,
I have a problem with check_smtp and check_ssh from the Nagios-Plugins.
After the session was closed [FIN,ACK] by the NagiosMonitor it seems the
Machine didn’t wait for an [ACK] by the SMTPServer instead it responses
all packets from the SMTPServer with an [RST]. This [RST]s logged by the
Firewall as multiply Session-Resets and fill the LOG-File.

Is there any source for this behavior, or is it a bug with the plugins?

When I do the same as a manual connection via telnet on the SMTP-Port I
didn’t see any [RST]!?

A example dump of a session via check_smtp SMTPServer (Problems in line
11/13/15):

No.     Time        Source                Destination           Protocol
Info
      1 0.000000    NagiosMonitor         SMTPServer            TCP
 55677 > SMTP [SYN] Seq=0 Len=0 MSS=1460 TSV=1254188774 TSER=0 WS=5

      2 0.033050    SMTPServer            NagiosMonitor         TCP
 SMTP > 55677 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1380 WS=0 TSV=0
TSER=0
      3 0.033081    NagiosMonitor         SMTPServer            TCP
 55677 > SMTP [ACK] Seq=1 Ack=1 Win=5856 Len=0 TSV=1254188777 TSER=0

      4 0.055760    SMTPServer            NagiosMonitor         SMTP
 Response: 220 SMTPServer.local Microsoft ESMTP MAIL Service, Version:
6.0.3790.1830 ready at  Mon, 30 Jul 2007 14:46:26 +0200
      5 0.055781    NagiosMonitor         SMTPServer            TCP
 55677 > SMTP [ACK] Seq=1 Ack=119 Win=5856 Len=0 TSV=1254188779
TSER=58267848
      6 0.055809    NagiosMonitor         SMTPServer            SMTP
 Command: HELO NagiosMonitor.local
      7 0.074841    SMTPServer            NagiosMonitor         SMTP
 Response: 250 SMTPServer.local Hello [NagiosMonitor]

      8 0.074865    NagiosMonitor         SMTPServer            SMTP
 Command: QUIT

      9 0.074883    NagiosMonitor         SMTPServer            TCP
 55677 > SMTP [FIN, ACK] Seq=40 Ack=163 Win=5856 Len=0 TSV=1254188781
TSER=58267848
     10 0.094335    SMTPServer            NagiosMonitor         SMTP
 Response: 221 2.0.0 SMTPServer.local Service closing transmission
channel
     11 0.094362    NagiosMonitor         SMTPServer            TCP
 55677 > SMTP [RST] Seq=40 Len=0

     12 0.095437    SMTPServer            NagiosMonitor         TCP
 SMTP > 55677 [FIN, ACK] Seq=228 Ack=40 Win=65496 Len=0 TSV=58267848
TSER=1254188781
     13 0.095445    NagiosMonitor         SMTPServer            TCP
 55677 > SMTP [RST] Seq=40 Len=0

     14 0.097181    SMTPServer            NagiosMonitor         TCP
 SMTP > 55677 [ACK] Seq=229 Ack=41 Win=65496 Len=0 TSV=58267848
TSER=1254188781
     15 0.097188    NagiosMonitor         SMTPServer            TCP
 55677 > SMTP [RST] Seq=41 Len=0

Previous message: [Nagiosplug-help] Error while connecting to remote NRPE
Next message: [Nagiosplug-help] Problem with TCP-Sessions via check_smtp or check_ssh
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Help mailing list