End Point Analysis Scans Hanging

This issue wasn’t being seen from all remote workstations as it turned out to be dependant upon the type of Internet connection users were connecting from. For Example: A connection from a DSL line using PPPoE (PPP over Ethernet) consistently failed, whilst other connections, such as PPPoA (PPP over ATM) worked flawlessly. Further testing proved that this was due to an MTU issue. A further understanding of the situation located a common firewall configuration error that was preventing the Path MTU Discovery (PMTU-D) process from sending ICMP type 3 (Destination Unreachable) code 4 (Fragmentation Needed and Don’t Fragment was Set) messages to the Server. Therefore, after the initial connection, and once the server was sending enough data to fill a 1500-byte packet, it was simply not being received by the client. The ISP at the client end was dropping the packet and sending back an ICMP destination unreachable message telling the server what the largest packet size is that it can use. If it does not get the ICMP destination unreachable message, the server will never receive an acknowledgement from the client, and will therefore resend the 1500-byte packet over and over again until the client sends a connection reset. However, during this period of time the EPA scan process may seem to be hung and after some time will eventually fail.

Note that this issue can also be seen by providers that use private WANs that use network tunnels connected via VPN technologies. Some of these tunnels can have reduced MTUs.

The ICMP Destination Unreachable message contains a code which describes the reason that the destination is unreachable. It should be noted that ICMP is an integral part of the Internet and should not be filtered without due consideration for the effects it may cause.

This situation is commonly referred to as a Path MTU Discovery black hole.

• Bio
• Twitter
• LinkedIn
• Latest Posts

Jeremy Saunders

Technical Architect | DevOps Evangelist | Software Developer | Microsoft, NVIDIA, Citrix and Desktop Virtualisation (VDI) Specialist/Expert | Rapper | Improvisor | Comedian | Property Investor | Kayaking enthusiast at J House Consulting

Jeremy Saunders is the Problem Terminator. He is a highly respected IT Professional with over 35 years’ experience in the industry. Using his exceptional design and problem solving skills with precise methodologies applied at both technical and business levels he is always focused on achieving the best business outcomes. He worked as an independent consultant until September 2017, when he took up a full time role at BHP, one of the largest and most innovative global mining companies. With a diverse skill set, high ethical standards, and attention to detail, coupled with a friendly nature and great sense of humour, Jeremy aligns to industry and vendor best practices, which puts him amongst the leaders of his field. He is intensely passionate about solving technology problems for his organisation, their customers and the tech community, to improve the user experience, reliability and operational support. Views and IP shared on this site belong to Jeremy.

@jeremysaunders

Follow @jeremysaunders

Latest posts by Jeremy Saunders (see all)

• Best Practice for the Active Setup StubPath value - September 25, 2023
• User Profile Migration Strategy and PowerShell Script with a User Interface - August 28, 2023
• Cold Starting and/or Hydrating Your Applications To Improve Their Startup Times - June 27, 2023

Tagged as: cag, EPA