[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Browser disconnects with eBay

To: silug-discuss@silug.org
Subject: Re: Browser disconnects with eBay
From: mike808 <mike808@users.sourceforge.net>
Date: Mon, 2 Sep 2002 21:51:10 -0500
In-Reply-To: <Pine.GSO.4.33.0209022114230.4360-100000@goolosh.icephyre.net>
Organization: Southern Illinois Linux Users Group
References: <Pine.GSO.4.33.0209022114230.4360-100000@goolosh.icephyre.net>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org
User-Agent: KMail/1.4.3

On Monday 02 September 2002 09:21 pm, Tighe Schlottog wrote:
> WINDOW is something that I should know, but it is eluding me right now.

It's the window size of the transfer - related to the MTU.

> > Anyone have any ideas as to why the firewall is seeing this as a "bad
> > packet" and dropping the connection? I can't see why it's dropping the
> > connection.
>
> do you have examples of other ones?

# shorewall show log
Shorewall-1.3.7a Log at fw0 - Mon Sep  2 21:51:31 CDT 2002

Sep  2 16:27:03 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=37276 PROTO=TCP SPT=80 DPT=2849 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:27:07 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=28290 PROTO=TCP SPT=80 DPT=2855 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:27:08 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=60338 PROTO=TCP SPT=80 DPT=2857 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:27:20 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=5332 PROTO=TCP SPT=80 DPT=2861 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:28:45 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=30281 PROTO=TCP SPT=80 DPT=2895 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:28:53 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=56991 PROTO=TCP SPT=80 DPT=2900 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:29:01 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=60972 PROTO=TCP SPT=80 DPT=2902 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:29:30 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=28020 PROTO=TCP SPT=80 DPT=2910 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:29:30 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=20157 PROTO=TCP SPT=80 DPT=2911 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:29:44 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=5971 PROTO=TCP SPT=80 DPT=2914 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:30:21 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=27090 PROTO=TCP SPT=80 DPT=2923 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:30:52 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=19265 PROTO=TCP SPT=80 DPT=2928 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:30:58 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=34900 PROTO=TCP SPT=80 DPT=2929 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:31:44 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=6420 PROTO=TCP SPT=80 DPT=2961 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:31:47 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=60197 PROTO=TCP SPT=80 DPT=2968 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:31:48 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=40540 PROTO=TCP SPT=80 DPT=2969 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 16:31:48 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=28516 PROTO=TCP SPT=80 DPT=2970 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 17:50:05 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=7226 PROTO=TCP SPT=80 DPT=3485 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 17:50:05 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=60697 PROTO=TCP SPT=80 DPT=3486 WINDOW=0 RES=0x00 ACK URGP=0
Sep  2 17:50:16 badpkt:DROP:IN=eth0 OUT=eth1 SRC=216.32.120.133 DST=192.168.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=28849 PROTO=TCP SPT=80 DPT=3492 WINDOW=0 RES=0x00 ACK URGP=0

> also, would it be possible to get a tcpdump or a snoop of the traffic 

Refresh my memory on how to do this.... :+)
I have ethereal if that's a better tool than tcpdump.

And should I do this on my box or the firewall?

Mike808/
-- 
() Join the ASCII ribbon campaign against HTML email and Microsoft-specific
/\ attachments. If I wanted to read HTML, I would have visited your website!
Support open standards.


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: Browser disconnects with eBay
  - From: Tighe Schlottog <emry@icephyre.net>

References:
- Re: Browser disconnects with eBay
  - From: Tighe Schlottog <emry@icephyre.net>

Prev by Date: Re: Browser disconnects with eBay
Next by Date: Re: Browser disconnects with eBay
Prev by thread: Re: Browser disconnects with eBay
Next by thread: Re: Browser disconnects with eBay
Index(es):
- Date
- Thread