TCP Connections, Bluesocket, and Mac OS X
- From: evan.sherwood@xxxxxxxxx
- Date: 1 Mar 2006 11:27:57 -0800
Hello,
I'm trying to help out my university troubleshoot it's problem
concerning OSX systems and Bluesocket wireless technology. We've been
having several users come in on Mac systems that have been quarentined
due to too many open network connections. Here's a quote on the
Bluesocket policy:
"Each time a user makes a new network request, they create a new
session that is being statefully monitored by the WG's firewall. If it
is an existing connection (i.e. a download from a site), then it passes
through the established connection. However, if they are scanning
different machines, ports or have not been replied to by the
destination host, a new session is set up.
Under normal circumstances, users have a relatively low number of
firewall sessions (less than 10). You can see how many sessions your
computer is using by typing netstat from the command prompt on a
windows machine. In unusual circumstances, a user could be running a
server with many clients trying to connect to it, or running a DoS
attack, in which case, they will utilize a very high number of firewall
sessions.
To limit a user to a finite number of firewall sessions, the
administrator can enter a maximum number here. The default is set to
255. If a user attempts to copen more than 255 concurrent firewall
sessions, the WG will disconnect other open sessions so that a single
user cannot overuse network resources."
Our Bluesocket is configured at the default value mentioned above.
However, a netstat command from OSX's Network Utility reports that an
average OSX machine connected (only wirelessly) has anywhere between
10,000-20,000 connections. Here's an example printout:
tcp:
136087 packets sent
18908 data packets (1756503 bytes)
22 data packets (5062 bytes) retransmitted
0 resends initiated by MTU discovery
55730 ack-only packets (17833 delayed)
0 URG only packets
0 window probe packets
42896 window update packets
18536 control packets
220755 packets received
40665 acks (for 1763175 bytes)
8537 duplicate acks
0 acks for unsent data
174667 packets (188244806 bytes) received in-sequence
981 completely duplicate packets (1084878 bytes)
1 old duplicate packet
6 packets with some dup. data (2736 bytes duped)
12800 out-of-order packets (16285090 bytes)
300 packets (423700 bytes) of data after window
4 window probes
69 window update packets
18 packets received after close
0 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
6624 connection requests
5315 connection accepts
7 bad connection attempts
0 listen queue overflows
! --> 11919 connections established (including accepts)
12267 connections closed (including 29 drops)
16 connections updated cached RTT on close
16 connections updated cached RTT variance on close
1 connection updated cached ssthresh on close
10 embryonic connections dropped
40660 segments updated rtt (of 40748 attempts)
154 retransmit timeouts
6 connections dropped by rexmit timeout
0 persist timeouts
0 connections dropped by persist timeout
3 keepalive timeouts
0 keepalive probes sent
1 connection dropped by keepalive
1613 correct ACK header predictions
152701 correct data packet header predictions
This number doesn't seem to be dependent on what programs/utilities are
currently using network resources, as closing programs like iTunes and
Safari don't affect any change (often, the number increases).
Now, by the Bluesocket policy, all OSX machines should be quarantined,
right? Tens of thousands of connections are way more than the default
maximum allowed (255) by the Bluesocket server, yet most OSX machines
operate fine on the network. Those that come in quarantined on
wireless don't have any abnormal programs or malfunctions that we can
detect (they're running the same programs by and large; Mail, Safari,
iTunes, etc.). We've contacted other universities that employ
Bluesocket about this problem and none of them seem to share our
experience.
Windows machines accessing wirelessly have connections within the
acceptable range (255 or less).
My question is this: for any familiar with Bluesocket, is this a
problem a question of configuration of the Bluesocket servers? Or is
it a function of the Mac's behaving differently on the Bluesocket
network, and special/additional configuration is required?
Also, is there any utility or program which I can use to monitor
*exactly* where these TCP connections are coming *from* and what they
are for? I've tried IPNetMonitorX, but it only seems to alert me to
the fact that these connections are open, and aren't much more
descriptive than that.
Any light you could shed on the issue would be very helpful! Thanks.
.
- Follow-Ups:
- Re: TCP Connections, Bluesocket, and Mac OS X
- From: Moe Trin
- Re: TCP Connections, Bluesocket, and Mac OS X
- Prev by Date: Re: Connecting but no internet!
- Next by Date: Re: Are simple wireless uses common anywhere?
- Previous by thread: Re: EARN $3,000.00 A DAY. OPEN AN INCOME-DAILY ACCOUNT WITH US
- Next by thread: Re: TCP Connections, Bluesocket, and Mac OS X
- Index(es):
Relevant Pages
|
