TCP Intercept connection-timeout timer

From: Huan Pham (Huan.Pham@peopletelecom.com.au)
Date: Mon Nov 17 2008 - 03:37:01 ARST

• Next message: Andrew Larkins: "RE: OT What do you all think about CISSP certification?"
• Previous message: Narbik Kocharians: "Re: Narbik's bootcamp ------ ------- >>>> highly recommended"
• Next in thread: Luan Nguyen: "RE: TCP Intercept connection-timeout timer"
• Maybe reply: Luan Nguyen: "RE: TCP Intercept connection-timeout timer"
• Maybe reply: Huan Pham: "RE: TCP Intercept connection-timeout timer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I am playing with TCP Connection-timeout timer. Topo is as below.

R1 ------------ R4 --------------- BB1
155.1.146.1 204.12.1.254

R4 does TCP intercept. I am trying to verify the effect of the command
"ip tcp intercept connection-timeout"

I am testing TCP intercept connection timeout timer, by telnet from R1
to BB1 and let that connection idle (i.e. I do not type anything once I
sucessfully telnet to BB1). R4 should disconnect this idle TCP session
within a configurable "connection-timeout" period. But what I see is
that it always terminates TCP idle sessions 1 minutes later that it
should. For instance, if I configure the connection-timout timer as 1
minute, then idle TCP sessions are terminated after 2 minutes of no
activity !

Where does that additional 1 minute come from? Any idea please? Many
thanks.

Regards,

Rack1R1#telnet 204.12.1.254
Trying 204.12.1.254 ... Open

BB3>

Rack1R4#sh run | in tcp
ip tcp synwait-time 300
ip tcp intercept list 199
ip tcp intercept connection-timeout 60
access-list 199 permit tcp any host 204.12.1.254

Rack1R4#
*Apr 7 23:12:55.134: INTERCEPT: new connection (155.1.146.1:52825 SYN
-> 204.12.1.254:23)
*Apr 7 23:12:55.134: INTERCEPT(*): (155.1.146.1:52825 <- ACK+SYN
204.12.1.254:23)
*Apr 7 23:12:55.134: INTERCEPT: 1st half of connection is established
(155.1.146.1:52825 ACK -> 204.12.1.254:23)
*Apr 7 23:12:55.138: INTERCEPT(*): (155.1.146.1:52825 SYN ->
204.12.1.254:23)
*Apr 7 23:12:55.158: INTERCEPT: 2nd half of connection established
(155.1.146.1:52825 <- ACK+SYN 204.12.1.254:23)
*Apr 7 23:12:55.158: INTERCEPT(*): (155.1.146.1:52825 ACK ->
204.12.1.254:23)
*Apr 7 23:12:55.158: INTERCEPT(*): (155.1.146.1:52825 <- WINDOW
204.12.1.254:23)

*Apr 7 23:14:55.166: INTERCEPT: ESTAB timing out (155.1.146.1:52825 <->
204.12.1.254:23)
*Apr 7 23:14:55.166: INTERCEPT(*): (155.1.146.1:52825 <- RST
204.12.1.254:23)
*Apr 7 23:14:55.166: INTERCEPT(*): (155.1.146.1:52825 RST ->
204.12.1.254:23)

Rack1R4#c
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R4(config)#ip tcp intercept connection-timeout 120
command accepted, interfaces with mls configured might cause
inconsistent behavior

Rack1R4#
*Apr 7 23:21:52.006: INTERCEPT: new connection (155.1.146.1:29099 SYN
-> 204.12.1.254:23)
*Apr 7 23:21:52.010: INTERCEPT(*): (155.1.146.1:29099 <- ACK+SYN
204.12.1.254:23)
*Apr 7 23:21:52.010: INTERCEPT: 1st half of connection is established
(155.1.146.1:29099 ACK -> 204.12.1.254:23)
*Apr 7 23:21:52.010: INTERCEPT(*): (155.1.146.1:29099 SYN ->
204.12.1.254:23)
*Apr 7 23:21:52.034: INTERCEPT: 2nd half of connection established
(155.1.146.1:29099 <- ACK+SYN 204.12.1.254:23)
*Apr 7 23:21:52.034: INTERCEPT(*): (155.1.146.1:29099 ACK ->
204.12.1.254:23)
*Apr 7 23:21:52.034: INTERCEPT(*): (155.1.146.1:29099 <- WINDOW
204.12.1.254:23)

*Apr 7 23:24:52.042: INTERCEPT: ESTAB timing out (155.1.146.1:29099 <->
204.12.1.254:23)
*Apr 7 23:24:52.042: INTERCEPT(*): (155.1.146.1:29099 <- RST
204.12.1.254:23)
*Apr 7 23:24:52.042: INTERCEPT(*): (155.1.146.1:29099 RST ->
204.12.1.254:23)

Rack1R4#c
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R4(config)#ip tcp intercept connection-timeout 150
command accepted, interfaces with mls configured might cause
inconsistent behavior

Rack1R4#
*Apr 7 23:26:25.934: INTERCEPT: new connection (155.1.146.1:19604 SYN
-> 204.12.1.254:23)
*Apr 7 23:26:25.934: INTERCEPT(*): (155.1.146.1:19604 <- ACK+SYN
204.12.1.254:23)
*Apr 7 23:26:25.934: INTERCEPT: 1st half of connection is established
(155.1.146.1:19604 ACK -> 204.12.1.254:23)
*Apr 7 23:26:25.938: INTERCEPT(*): (155.1.146.1:19604 SYN ->
204.12.1.254:23)
*Apr 7 23:26:25.958: INTERCEPT: 2nd half of connection established
(155.1.146.1:19604 <- ACK+SYN 204.12.1.254:23)
*Apr 7 23:26:25.958: INTERCEPT(*): (155.1.146.1:19604 ACK ->
204.12.1.254:23)
*Apr 7 23:26:25.958: INTERCEPT(*): (155.1.146.1:19604 <- WINDOW
204.12.1.254:23)

*Apr 7 23:29:55.970: INTERCEPT: ESTAB timing out (155.1.146.1:19604 <->
204.12.1.254:23)
*Apr 7 23:29:55.970: INTERCEPT(*): (155.1.146.1:19604 <- RST
204.12.1.254:23)
*Apr 7 23:29:55.970: INTERCEPT(*): (155.1.146.1:19604 RST ->
204.12.1.254:23)

Blogs and organic groups at http://www.ccie.net

• Next message: Andrew Larkins: "RE: OT What do you all think about CISSP certification?"
• Previous message: Narbik Kocharians: "Re: Narbik's bootcamp ------ ------- >>>> highly recommended"
• Next in thread: Luan Nguyen: "RE: TCP Intercept connection-timeout timer"
• Maybe reply: Luan Nguyen: "RE: TCP Intercept connection-timeout timer"
• Maybe reply: Huan Pham: "RE: TCP Intercept connection-timeout timer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:30 ARST