How to capture packets when you need to solve nasty Mac OS X crediting problems

Fri Nov 30 16:20:13 UTC 2018

Hi folks,

I have had a frustrating time over the last couple of months trying to
track down a problem a company brought to me.

The problem was with Mac OS X only, and manifested itself as dropped
TCP connections during IO Verification and Benchmark tests, although
they also said customers were seeing the issue.

They said that messages like the following would appear in the Samba log:

[2018/10/02 09:22:29.926391,  0]
../source3/smbd/smb2_server.c:625(smb2_validate_sequence_number)
  smb2_validate_sequence_number: bad message_id 4047 (sequence id
4047) (granted = 8, low = 1999, range = 2048)

Captures taken from the clients also showed that Samba had stopped
handing out credits and eventually the Mac dropped the connection.
However, we were never able to get a capture without any dropped
packets.

In looking at the source it seemed obvious that the issue was
something Mac OS X was doing, but I could never get a complete
capture.

Then when I was in Vienna at Sharkfest Europe I became aware of the
Cubro EX2 series, so I purchased one (they had discounted it for the
conference).

I finally got to use it on the problem yesterday, and it captured
every packet for me. I had to use two laptops to sink the packets (one
for each direction) but that was OK.

They are great devices and well worth the money when you are looking
at difficult problems.

https://www.cubro.com/network-packet-broker-packetmaster-ex2.html

I have forwarded the evidence to Apple so we should see a fix for the
issue some time.

See https://bugzilla.samba.org/show_bug.cgi?id=13698 for the details.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)