1

I have a service running on my LAN which works very intermittently. It serves a webpage just fine right after I restart the server running macOS 14.1 (I noticed this happening on multiple versions of 13.0 as well). But after a few hours, I cannot connect to it anymore on any device on my LAN, as I get a connection reset error in any browser I use. I noticed that the SYN between the client and server functions as normal, but as soon as I perform a GET, my gateway responds with an ACK, causing my client to send an RST. My gateway is running AsusWRT. When the page is working, my gateway doesn't respond.

My client is at 192.168.50.228, and the server is at 192.168.50.42.

No. Time Source Destination Source MAC Destination MAC Protocol Length Info
9154 4.932032 192.168.50.228 192.168.50.42 Client Server TCP 78 54054 → 8080 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=1633977301 TSecr=0 SACK_PERM
9155 4.937303 192.168.50.42 192.168.50.228 Router Client TCP 78 8080 → 54054 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=64 TSval=1803376346 TSecr=1633977301 SACK_PERM
9156 4.937396 192.168.50.228 192.168.50.42 Client Server TCP 66 54054 → 8080 [ACK] Seq=1 Ack=1 Win=131712 Len=0 TSval=1633977306 TSecr=1803376346
9157 4.937488 192.168.50.228 192.168.50.42 Client Server HTTP 543 GET / HTTP/1.1
9158 4.941333 192.168.50.1 192.168.50.228 Router Client TCP 66 8080 → 54054 [ACK] Seq=1 Ack=1 Win=2051 Len=0 TSval=1803376351 TSecr=1633977306
9159 4.941385 192.168.50.228 192.168.50.1 Client Router TCP 54 54054 → 8080 [RST] Seq=1 Win=0 Len=0
9160 5.047863 192.168.50.228 192.168.50.42 Client Server TCP 517 [TCP Retransmission] 54054 → 8080 [PSH, ACK] Seq=1 Ack=1 Win=131712 Len=477 TSval=1633977417 TSecr=1803376346
9161 5.053608 192.168.50.42 192.168.50.228 Router Client TCP 54 8080 → 54054 [RST] Seq=1 Win=0 Len=0

On the server side, I never see the gateway's IP address, only the ACK it sends after the GET, which makes me think the gateway is intercepting the ACK and responding on behalf of the server.

No. Time Source Destination Source MAC Destination MAC Protocol Length Info
1935 9.542822 192.168.50.228 192.168.50.42 Client Server TCP 78 54054 → 8080 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=1633977301 TSecr=0 SACK_PERM
1936 9.543382 192.168.50.42 192.168.50.228 Server Router TCP 78 8080 → 54054 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=64 TSval=1803376346 TSecr=1633977301 SACK_PERM
1937 9.543747 192.168.50.1 192.168.50.42 Router Server ICMP 106 Redirect (Redirect for host)
1938 9.548315 192.168.50.228 192.168.50.42 Client Server TCP 66 54054 → 8080 [ACK] Seq=1 Ack=1 Win=131712 Len=0 TSval=1633977306 TSecr=1803376346
1939 9.548317 192.168.50.228 192.168.50.42 Client Server HTTP 543 GET / HTTP/1.1
1940 9.548480 192.168.50.42 192.168.50.228 Server Router TCP 66 8080 → 54054 [ACK] Seq=1 Ack=478 Win=131264 Len=0 TSval=1803376351 TSecr=1633977306
1941 9.551754 192.168.50.228 192.168.50.42 Router Server TCP 54 54054 → 8080 [RST] Seq=478 Win=0 Len=0
1942 9.658227 192.168.50.228 192.168.50.42 Client Server TCP 543 [TCP Spurious Retransmission] 54054 → 8080 [PSH, ACK] Seq=1 Ack=1 Win=131712 Len=477 TSval=1633977417 TSecr=1803376346
1943 9.658367 192.168.50.42 192.168.50.228 Server Router TCP 54 8080 → 54054 [RST] Seq=1 Win=0 Len=0
1944 9.658987 192.168.50.1 192.168.50.42 Router Server ICMP 82 Redirect (Redirect for host)
Improve this question
8
  • 1
    A router would not intercept local traffic, even though it could in certain circumstances. // Looking only at the IP addresses is not enough. MAC addresses are highly relevant on local traffic. Also make sure to perform a packet capture on the Mac in question and compare the two.
    – Daniel B
    Commented Nov 5, 2023 at 22:54
  • I've updated it to include the server side. The server sends packet 1940, and the client receives that packet at 1958, but its source is the router, and not the server, which seems to be why the client then sends an RST. I'm trying to come up with a reason why the router would do this, or a feature I should look for to enable/disable.
    – user1967944
    Commented Nov 5, 2023 at 23:21
  • Like I said, the MAC addresses. // Also, I see at least two ICMP redirects that should not be occurring at all in local network communications.
    – Daniel B
    Commented Nov 6, 2023 at 10:55
  • The client's destination is always the server's MAC address except for the RST where it's the router's MAC address as seen from the client. The server is responding to the client with the MAC address of the router for some reason instead of of the client. I checked the ARP table on the server, and it looks like the IP address of the client has the client's MAC address, so I'm not sure why it would choose the router as the destination.
    – user1967944
    Commented Nov 6, 2023 at 14:31
  • Now we're getting somewhere! Check the Mac's routing table and subnet mask for irregularities.
    – Daniel B
    Commented Nov 7, 2023 at 7:34

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .