cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mike18
Level 7
Report Inappropriate Content
Message 1 of 6

There are too many out of order segments in TCP

Jump to solution

Hi Everyone,

We have vendor at site who uses SSL VLN he is having disconnection issues.

Traffic flows via Mcafee firewall

log shows

+0000",fac=f_kernel,area=a_nil_area,type=t_attack,pri=p_major,hostname=FWM300,category=dos,event="TCP max segments;reassembly",src_geo=US,srcip=200.x.x.x,srcport=443,srczone=external,dstip=192.168.x.x,dstport=18229,attackip=200.x.x.x,attackport=443,attackzone=external,protocol=6,interface=1-0,reason="There are too many out of order segments in TCP reassembly processing."

where 200.x.x.x is VPN server IP

192.168.x.x is user PC IP

Need to confirm if Mcafee is dropping the traffic?

Regards

Mike

1 Solution

Accepted Solutions

Re: There are too many out of oder segments in TCP

Jump to solution

hi mike,

after Cltr+C, you should see something like this:

^C50322 packets captured

256637 packets received by filter

0 packets dropped by kernel

View solution in original post

5 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 6

Re: There are too many out of oder segments in TCP

Jump to solution

You probably have packet loss outside the firewall.  You can do tcpdumps on the firewall and the device outside the firewall to confirm this.  You can do a Google search to learn how to spot packet loss in a tcpdump capture (retransmissions, duplicate-ACKs, etc.).

mike18
Level 7
Report Inappropriate Content
Message 3 of 6

Re: There are too many out of oder segments in TCP

Jump to solution

I did tcp dump by below command on external interface on firewall

tcpdump -npi external -w file

After this i hit enter and i see below

file

Now i press control +C to stop the TCP dump.will this stop the TCP dump on firewall?

How can i make sure tcpdump is stopped?

Regards

Mike

Re: There are too many out of oder segments in TCP

Jump to solution

hi mike,

after Cltr+C, you should see something like this:

^C50322 packets captured

256637 packets received by filter

0 packets dropped by kernel

View solution in original post

mike18
Level 7
Report Inappropriate Content
Message 5 of 6

Re: There are too many out of oder segments in TCP

Jump to solution

Many thanks

Regards

Mike

mike18
Level 7
Report Inappropriate Content
Message 6 of 6

Re: There are too many out of oder segments in TCP

Jump to solution

Many thanks

Regards

Mike

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community