<div dir="ltr">Thanks.<div><br></div><div>This is a network capture taken on Kamailio server that showing VSS Monitoring ethernet.</div><div>---</div><div>This is not a LAN network. UAC is on Internet behind a NAT device so I can't capture the traffic in the network.</div><div><br>According your message, you think UAC send close notify alerts even during during the call establishment?</div><div><br></div><div>Regards</div><div>Abdoul.</div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-04-05 14:58 GMT+02:00 Nathan Ward <span dir="ltr"><<a href="mailto:kamailio-sr-users@daork.net" target="_blank">kamailio-sr-users@daork.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><br></div><div><div><blockquote type="cite"><div>On 6/04/2017, at 12:25 AM, Abdoul Osséni <<a href="mailto:abdoul.osseni@gmail.com" target="_blank">abdoul.osseni@gmail.com</a>> wrote:</div><div><div dir="ltr"><div>I have always this issue with NAT devices using VSS-Monitoring protocol.</div><div><br></div><div>A network capture shows:</div><div>- Kamailio sends a tcp keepalive </div><div>- The NAT device sends a tck keepalive ACK to Kamailio with a new filed : vss-monitoring</div><div><span class="m_517423475506350810gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></div><div><span class="m_517423475506350810gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>Frame 70: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)</div><div><span class="m_517423475506350810gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>Linux cooked capture</div><div><span class="m_517423475506350810gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>Internet Protocol Version 4, Src: x.x.x.x, Dst: x.x.x.x</div><div><span class="m_517423475506350810gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>Transmission Control Protocol, Src Port: 13178, Dst Port: 443, Seq: 2752, Ack: 6214, Len: 0</div><div><span class="m_517423475506350810gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><font color="#ff0000"><b>VSS-Monitoring ethernet trailer, Source Port: 0</b></font></div><div><font color="#ff0000"><b><span class="m_517423475506350810gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>Src Port: 0</b></font></div></div></div></blockquote><br></div><div>Hi,<div><br></div><div>VSS-Monitoring is a function of your monitoring tap, is is not a function of your NAT box - <a href="http://www.vssmonitoring.com/resources/feature-brief/Port-and-Time-Stamping.pdf" target="_blank">http://www.vssmonitoring.<wbr>com/resources/feature-brief/<wbr>Port-and-Time-Stamping.pdf</a></div><div>It should not be included in the actual traffic packets going past the tap - only the packets that you see on your network analyser - if you find that it is included on actual packets, you need to talk to your networking people and get that fixed.</div><div><br></div><div>It is very unlikely that a NAT device sends anything other than synthesised RST packets. It certainly won’t be generating close notify TLS alerts - I’m not actually sure that it can, they might need to be authenticated.</div><div><br></div><div>If you are seeing a close notify, you should capture between the UAC and the NAT device - I believe you will see the close notify TLS alert coming from the UAC. If that is the case, you need to look at the UAC for why it’s doing that. Perhaps your UAC does not support TCP keepalives properly.</div><div><br></div><div>--</div><div>Nathan Ward</div><div><br></div></div></div></div><br>______________________________<wbr>_________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">http://lists.sip-router.org/<wbr>cgi-bin/mailman/listinfo/sr-<wbr>users</a><br>
<br></blockquote></div><br></div>