Hi all,
i have done a lot of combination with the setup files and read a lot of
documents but i cant fix this. Has somenone setup succesfully solaris
10 and the default installed ipf 4.0.2?
I captured a tcp connection between client and yahoo.com on port 80.
It looks really strange. After the handshake a "HTTP GET" is send, but
there is no respons to this. A few "GETs" later a yahoo paket arrived
but it dont looks like the first paket im waiting for. Has someone an
idea that happens with the rest of the communication?
Thanks for your help...
Listening on sppp0 on the server shows me the following communication:
15:13:26.374343 IP (tos 0x0, ttl 63, id 57276, offset 0, flags [DF], length:
60) 217.83.88.2.2257 > 216.109.118.78.80: S [tcp sum ok]
1682490789:1682490789(0) win 5840 <mss 1460,sackOK,timestamp 4725273
0,nop,wscale 2>
0x0000: 4500 003c dfbc 4000 3f06 dbed d953 5802 E..<[EMAIL PROTECTED]
0x0010: d86d 764e 08d1 0050 6448 c5a5 0000 0000 .mvN...PdH......
0x0020: a002 16d0 63b3 0000 0204 05b4 0402 080a ....c...........
0x0030: 0048 1a19 0000 0000 0103 0302 .H..........
15:13:26.485889 IP (tos 0x0, ttl 57, id 15355, offset 0, flags [DF], length:
60) 216.109.118.78.80 > 217.83.88.2.2257: S [tcp sum ok]
1909975709:1909975709(0) ack 1682490790 win 65535 <mss 1460,nop,wscale
1,nop,nop,timestamp 3271846869 4725273>
0x0000: 4500 003c 3bfb 4000 3906 85af d86d 764e E..<;[EMAIL PROTECTED]
0x0010: d953 5802 0050 08d1 71d7 ea9d 6448 c5a6 .SX..P..q...dH..
0x0020: a012 ffff f224 0000 0204 05b4 0103 0301 .....$..........
0x0030: 0101 080a c304 6bd5 0048 1a19 ......k..H..
15:13:26.486130 IP (tos 0x0, ttl 63, id 57278, offset 0, flags [DF], length:
52) 217.83.88.2.2257 > 216.109.118.78.80: . [tcp sum ok] 1:1(0) ack 1 win
1460 <nop,nop,timestamp 4725385 3271846869>
0x0000: 4500 0034 dfbe 4000 3f06 dbf3 d953 5802 [EMAIL PROTECTED]
0x0010: d86d 764e 08d1 0050 6448 c5a6 71d7 ea9e .mvN...PdH..q...
0x0020: 8010 05b4 17c6 0000 0101 080a 0048 1a89 .............H..
0x0030: c304 6bd5 ..k.
15:13:26.486548 IP (tos 0x0, ttl 63, id 57280, offset 0, flags [DF], length:
331) 217.83.88.2.2257 > 216.109.118.78.80: P [tcp sum ok] 1:280(279) ack 1
win 1460 <nop,nop,timestamp 4725385 3271846869>
0x0000: 4500 014b dfc0 4000 3f06 dada d953 5802 [EMAIL PROTECTED]
0x0010: d86d 764e 08d1 0050 6448 c5a6 71d7 ea9e .mvN...PdH..q...
0x0020: 8018 05b4 7330 0000 0101 080a 0048 1a89 ....s0.......H..
0x0030: c304 6bd5 4745 5420 2f20 4854 5450 2f31 ..k.GET./.HTTP/1
0x0040: 2e31 0d0a 436f 6e6e 6563 7469 6f6e 3a20 .1..Connection:.
0x0050: 4b65 6570 2d41 6c69 7665 0d0a 4163 6365 Keep-Alive..Acce
0x0060: 7074 3a20 7465 7874 2f68 746d 6c2c 2069 pt:.text/html,.i
0x0070: 6d61 6765 2f6a 7065 672c 2069 6d61 6765 mage/jpeg,.image
0x0080: 2f70 6e67 2c20 7465 7874 2f2a 2c20 696d /png,.text/*,.im
0x0090: 6167 652f 2a2c 202a 2f2a 0d0a 4163 6365 age/*,.*/*..Acce
0x00a0: 7074 2d45 6e63 6f64 696e 673a 2078 2d67 pt-Encoding:.x-g
0x00b0: 7a69 702c 2078 2d64 6566 6c61 7465 2c20 zip,.x-deflate,.
0x00c0: 677a 6970 2c20 6465 666c 6174 650d 0a41 gzip,.deflate..A
0x00d0: 6363 6570 742d 4368 6172 7365 743a 2069 ccept-Charset:.i
0x00e0: 736f 2d38 3835 392d 312c 2075 7466 2d38 so-8859-1,.utf-8
0x00f0: 3b71 3d30 2e35 2c20 2a3b 713d 302e 350d ;q=0.5,.*;q=0.5.
0x0100: 0a41 6363 6570 742d 4c61 6e67 7561 6765 .Accept-Language
0x0110: 3a20 656e 0d0a 486f 7374 3a20 7777 772e :.en..Host:.www.
0x0120: 7961 686f 6f2e 636f 6d0d 0a43 6f6f 6b69 yahoo.com..Cooki
0x0130: 653a 2046 5042 3d6b 6375 6d65 6a6d 3863 e:.FPB=kcumejm8c
0x0140: 3131 6736 7263 670d 0a0d 0a 11g6rcg....
15:13:26.821980 IP (tos 0x0, ttl 63, id 57282, offset 0, flags [DF], length:
331) 217.83.88.2.2257 > 216.109.118.78.80: P [tcp sum ok] 1:280(279) ack 1
win 1460 <nop,nop,timestamp 4725721 3271846869>
0x0000: 4500 014b dfc2 4000 3f06 dad8 d953 5802 [EMAIL PROTECTED]
0x0010: d86d 764e 08d1 0050 6448 c5a6 71d7 ea9e .mvN...PdH..q...
0x0020: 8018 05b4 71e0 0000 0101 080a 0048 1bd9 ....q........H..
0x0030: c304 6bd5 4745 5420 2f20 4854 5450 2f31 ..k.GET./.HTTP/1
0x0040: 2e31 0d0a 436f 6e6e 6563 7469 6f6e 3a20 .1..Connection:.
0x0050: 4b65 6570 2d41 6c69 7665 0d0a 4163 6365 Keep-Alive..Acce
0x0060: 7074 3a20 7465 7874 2f68 746d 6c2c 2069 pt:.text/html,.i
0x0070: 6d61 6765 2f6a 7065 672c 2069 6d61 6765 mage/jpeg,.image
0x0080: 2f70 6e67 2c20 7465 7874 2f2a 2c20 696d /png,.text/*,.im
0x0090: 6167 652f 2a2c 202a 2f2a 0d0a 4163 6365 age/*,.*/*..Acce
0x00a0: 7074 2d45 6e63 6f64 696e 673a 2078 2d67 pt-Encoding:.x-g
0x00b0: 7a69 702c 2078 2d64 6566 6c61 7465 2c20 zip,.x-deflate,.
0x00c0: 677a 6970 2c20 6465 666c 6174 650d 0a41 gzip,.deflate..A
0x00d0: 6363 6570 742d 4368 6172 7365 743a 2069 ccept-Charset:.i
0x00e0: 736f 2d38 3835 392d 312c 2075 7466 2d38 so-8859-1,.utf-8
0x00f0: 3b71 3d30 2e35 2c20 2a3b 713d 302e 350d ;q=0.5,.*;q=0.5.
0x0100: 0a41 6363 6570 742d 4c61 6e67 7561 6765 .Accept-Language
0x0110: 3a20 656e 0d0a 486f 7374 3a20 7777 772e :.en..Host:.www.
0x0120: 7961 686f 6f2e 636f 6d0d 0a43 6f6f 6b69 yahoo.com..Cooki
0x0130: 653a 2046 5042 3d6b 6375 6d65 6a6d 3863 e:.FPB=kcumejm8c
0x0140: 3131 6736 7263 670d 0a0d 0a 11g6rcg....
15:13:27.493863 IP (tos 0x0, ttl 63, id 57284, offset 0, flags [DF], length:
331) 217.83.88.2.2257 > 216.109.118.78.80: P [tcp sum ok] 1:280(279) ack 1
win 1460 <nop,nop,timestamp 4726393 3271846869>
0x0000: 4500 014b dfc4 4000 3f06 dad6 d953 5802 [EMAIL PROTECTED]
0x0010: d86d 764e 08d1 0050 6448 c5a6 71d7 ea9e .mvN...PdH..q...
0x0020: 8018 05b4 6f40 0000 0101 080a 0048 1e79 [EMAIL PROTECTED]
0x0030: c304 6bd5 4745 5420 2f20 4854 5450 2f31 ..k.GET./.HTTP/1
0x0040: 2e31 0d0a 436f 6e6e 6563 7469 6f6e 3a20 .1..Connection:.
0x0050: 4b65 6570 2d41 6c69 7665 0d0a 4163 6365 Keep-Alive..Acce
0x0060: 7074 3a20 7465 7874 2f68 746d 6c2c 2069 pt:.text/html,.i
0x0070: 6d61 6765 2f6a 7065 672c 2069 6d61 6765 mage/jpeg,.image
0x0080: 2f70 6e67 2c20 7465 7874 2f2a 2c20 696d /png,.text/*,.im
0x0090: 6167 652f 2a2c 202a 2f2a 0d0a 4163 6365 age/*,.*/*..Acce
0x00a0: 7074 2d45 6e63 6f64 696e 673a 2078 2d67 pt-Encoding:.x-g
0x00b0: 7a69 702c 2078 2d64 6566 6c61 7465 2c20 zip,.x-deflate,.
0x00c0: 677a 6970 2c20 6465 666c 6174 650d 0a41 gzip,.deflate..A
0x00d0: 6363 6570 742d 4368 6172 7365 743a 2069 ccept-Charset:.i
0x00e0: 736f 2d38 3835 392d 312c 2075 7466 2d38 so-8859-1,.utf-8
0x00f0: 3b71 3d30 2e35 2c20 2a3b 713d 302e 350d ;q=0.5,.*;q=0.5.
0x0100: 0a41 6363 6570 742d 4c61 6e67 7561 6765 .Accept-Language
0x0110: 3a20 656e 0d0a 486f 7374 3a20 7777 772e :.en..Host:.www.
0x0120: 7961 686f 6f2e 636f 6d0d 0a43 6f6f 6b69 yahoo.com..Cooki
0x0130: 653a 2046 5042 3d6b 6375 6d65 6a6d 3863 e:.FPB=kcumejm8c
0x0140: 3131 6736 7263 670d 0a0d 0a 11g6rcg....
15:13:27.619910 IP (tos 0x0, ttl 57, id 15933, offset 0, flags [DF], length:
100) 216.109.118.78.80 > 217.83.88.2.2257: . [tcp sum ok] 5793:5841(48) ack
280 win 33304 <nop,nop,timestamp 3271846982 4726393>
0x0000: 4500 0064 3e3d 4000 3906 8345 d86d 764e E..d>[EMAIL PROTECTED]
0x0010: d953 5802 0050 08d1 71d8 013e 6448 c6bd .SX..P..q..>dH..
0x0020: 8010 8218 8244 0000 0101 080a c304 6c46 .....D........lF
0x0030: 0048 1e79 7269 616c 2073 697a 653d 2d31 .H.yrial.size=-1
0x0040: 3e3c 623e 266e 6273 703b 2053 6561 7263 ><b> .Searc
0x0050: 6820 666f 723a 266e 6273 703b 3c2f 623e h.for: </b>
0x0060: 3c2f 666f </fo
15:13:27.620164 IP (tos 0x0, ttl 63, id 57286, offset 0, flags [DF], length:
52) 217.83.88.2.2257 > 216.109.118.78.80: . [tcp sum ok] 280:280(0) ack 1 win
1460 <nop,nop,timestamp 4726519 3271846869>
0x0000: 4500 0034 dfc6 4000 3f06 dbeb d953 5802 [EMAIL PROTECTED]
0x0010: d86d 764e 08d1 0050 6448 c6bd 71d7 ea9e .mvN...PdH..q...
0x0020: 8010 05b4 1241 0000 0101 080a 0048 1ef7 .....A.......H..
0x0030: c304 6bd5 ..k.
8 packets captured
12 packets received by filter
0 packets dropped by kernel
On client side I get the following:
15:13:28.864023 IP (tos 0x0, ttl 64, id 57276, offset 0, flags [DF], length:
60) 192.168.1.4.51381 > 216.109.118.78.80: S [tcp sum ok]
1682490789:1682490789(0) win 5840 <mss 1460,sackOK,timestamp 4725273
0,nop,wscale 2>
0x0000: 4500 003c dfbc 4000 4006 4a97 c0a8 0104 E..<[EMAIL
PROTECTED]@.J.....
0x0010: d86d 764e c8b5 0050 6448 c5a5 0000 0000 .mvN...PdH......
0x0020: a002 16d0 1378 0000 0204 05b4 0402 080a .....x..........
0x0030: 0048 1a19 0000 0000 0103 0302 .H..........
15:13:28.975939 IP (tos 0x0, ttl 56, id 15355, offset 0, flags [DF], length:
60) 216.109.118.78.80 > 192.168.1.4.51381: S [tcp sum ok]
1909975709:1909975709(0) ack 1682490790 win 65535 <mss 1460,nop,wscale
1,nop,nop,timestamp 3271846869 4725273>
0x0000: 4500 003c 3bfb 4000 3806 f658 d86d 764e E..<;[EMAIL PROTECTED]
0x0010: c0a8 0104 0050 c8b5 71d7 ea9d 6448 c5a6 .....P..q...dH..
0x0020: a012 ffff a1e9 0000 0204 05b4 0103 0301 ................
0x0030: 0101 080a c304 6bd5 0048 1a19 ......k..H..
15:13:28.975993 IP (tos 0x0, ttl 64, id 57278, offset 0, flags [DF], length:
52) 192.168.1.4.51381 > 216.109.118.78.80: . [tcp sum ok] 1:1(0) ack 1 win
1460 <nop,nop,timestamp 4725385 3271846869>
0x0000: 4500 0034 dfbe 4000 4006 4a9d c0a8 0104 [EMAIL
PROTECTED]@.J.....
0x0010: d86d 764e c8b5 0050 6448 c5a6 71d7 ea9e .mvN...PdH..q...
0x0020: 8010 05b4 c78a 0000 0101 080a 0048 1a89 .............H..
0x0030: c304 6bd5 ..k.
15:13:28.976357 IP (tos 0x0, ttl 64, id 57280, offset 0, flags [DF], length:
331) 192.168.1.4.51381 > 216.109.118.78.80: P [tcp sum ok] 1:280(279) ack 1
win 1460 <nop,nop,timestamp 4725385 3271846869>
0x0000: 4500 014b dfc0 4000 4006 4984 c0a8 0104 [EMAIL
PROTECTED]@.I.....
0x0010: d86d 764e c8b5 0050 6448 c5a6 71d7 ea9e .mvN...PdH..q...
0x0020: 8018 05b4 22f5 0000 0101 080a 0048 1a89 ...."........H..
0x0030: c304 6bd5 4745 5420 2f20 4854 5450 2f31 ..k.GET./.HTTP/1
0x0040: 2e31 0d0a 436f 6e6e 6563 7469 6f6e 3a20 .1..Connection:.
0x0050: 4b65 6570 2d41 6c69 7665 0d0a 4163 6365 Keep-Alive..Acce
0x0060: 7074 3a20 7465 7874 2f68 746d 6c2c 2069 pt:.text/html,.i
0x0070: 6d61 6765 2f6a 7065 672c 2069 6d61 6765 mage/jpeg,.image
0x0080: 2f70 6e67 2c20 7465 7874 2f2a 2c20 696d /png,.text/*,.im
0x0090: 6167 652f 2a2c 202a 2f2a 0d0a 4163 6365 age/*,.*/*..Acce
0x00a0: 7074 2d45 6e63 6f64 696e 673a 2078 2d67 pt-Encoding:.x-g
0x00b0: 7a69 702c 2078 2d64 6566 6c61 7465 2c20 zip,.x-deflate,.
0x00c0: 677a 6970 2c20 6465 666c 6174 650d 0a41 gzip,.deflate..A
0x00d0: 6363 6570 742d 4368 6172 7365 743a 2069 ccept-Charset:.i
0x00e0: 736f 2d38 3835 392d 312c 2075 7466 2d38 so-8859-1,.utf-8
0x00f0: 3b71 3d30 2e35 2c20 2a3b 713d 302e 350d ;q=0.5,.*;q=0.5.
0x0100: 0a41 6363 6570 742d 4c61 6e67 7561 6765 .Accept-Language
0x0110: 3a20 656e 0d0a 486f 7374 3a20 7777 772e :.en..Host:.www.
0x0120: 7961 686f 6f2e 636f 6d0d 0a43 6f6f 6b69 yahoo.com..Cooki
0x0130: 653a 2046 5042 3d6b 6375 6d65 6a6d 3863 e:.FPB=kcumejm8c
0x0140: 3131 6736 7263 670d 0a0d 0a 11g6rcg....
15:13:29.311756 IP (tos 0x0, ttl 64, id 57282, offset 0, flags [DF], length:
331) 192.168.1.4.51381 > 216.109.118.78.80: P [tcp sum ok] 1:280(279) ack 1
win 1460 <nop,nop,timestamp 4725721 3271846869>
0x0000: 4500 014b dfc2 4000 4006 4982 c0a8 0104 [EMAIL
PROTECTED]@.I.....
0x0010: d86d 764e c8b5 0050 6448 c5a6 71d7 ea9e .mvN...PdH..q...
0x0020: 8018 05b4 21a5 0000 0101 080a 0048 1bd9 ....!........H..
0x0030: c304 6bd5 4745 5420 2f20 4854 5450 2f31 ..k.GET./.HTTP/1
0x0040: 2e31 0d0a 436f 6e6e 6563 7469 6f6e 3a20 .1..Connection:.
0x0050: 4b65 6570 2d41 6c69 7665 0d0a 4163 6365 Keep-Alive..Acce
0x0060: 7074 3a20 7465 7874 2f68 746d 6c2c 2069 pt:.text/html,.i
0x0070: 6d61 6765 2f6a 7065 672c 2069 6d61 6765 mage/jpeg,.image
0x0080: 2f70 6e67 2c20 7465 7874 2f2a 2c20 696d /png,.text/*,.im
0x0090: 6167 652f 2a2c 202a 2f2a 0d0a 4163 6365 age/*,.*/*..Acce
0x00a0: 7074 2d45 6e63 6f64 696e 673a 2078 2d67 pt-Encoding:.x-g
0x00b0: 7a69 702c 2078 2d64 6566 6c61 7465 2c20 zip,.x-deflate,.
0x00c0: 677a 6970 2c20 6465 666c 6174 650d 0a41 gzip,.deflate..A
0x00d0: 6363 6570 742d 4368 6172 7365 743a 2069 ccept-Charset:.i
0x00e0: 736f 2d38 3835 392d 312c 2075 7466 2d38 so-8859-1,.utf-8
0x00f0: 3b71 3d30 2e35 2c20 2a3b 713d 302e 350d ;q=0.5,.*;q=0.5.
0x0100: 0a41 6363 6570 742d 4c61 6e67 7561 6765 .Accept-Language
0x0110: 3a20 656e 0d0a 486f 7374 3a20 7777 772e :.en..Host:.www.
0x0120: 7961 686f 6f2e 636f 6d0d 0a43 6f6f 6b69 yahoo.com..Cooki
0x0130: 653a 2046 5042 3d6b 6375 6d65 6a6d 3863 e:.FPB=kcumejm8c
0x0140: 3131 6736 7263 670d 0a0d 0a 11g6rcg....
15:13:29.983651 IP (tos 0x0, ttl 64, id 57284, offset 0, flags [DF], length:
331) 192.168.1.4.51381 > 216.109.118.78.80: P [tcp sum ok] 1:280(279) ack 1
win 1460 <nop,nop,timestamp 4726393 3271846869>
0x0000: 4500 014b dfc4 4000 4006 4980 c0a8 0104 [EMAIL
PROTECTED]@.I.....
0x0010: d86d 764e c8b5 0050 6448 c5a6 71d7 ea9e .mvN...PdH..q...
0x0020: 8018 05b4 1f05 0000 0101 080a 0048 1e79 .............H.y
0x0030: c304 6bd5 4745 5420 2f20 4854 5450 2f31 ..k.GET./.HTTP/1
0x0040: 2e31 0d0a 436f 6e6e 6563 7469 6f6e 3a20 .1..Connection:.
0x0050: 4b65 6570 2d41 6c69 7665 0d0a 4163 6365 Keep-Alive..Acce
0x0060: 7074 3a20 7465 7874 2f68 746d 6c2c 2069 pt:.text/html,.i
0x0070: 6d61 6765 2f6a 7065 672c 2069 6d61 6765 mage/jpeg,.image
0x0080: 2f70 6e67 2c20 7465 7874 2f2a 2c20 696d /png,.text/*,.im
0x0090: 6167 652f 2a2c 202a 2f2a 0d0a 4163 6365 age/*,.*/*..Acce
0x00a0: 7074 2d45 6e63 6f64 696e 673a 2078 2d67 pt-Encoding:.x-g
0x00b0: 7a69 702c 2078 2d64 6566 6c61 7465 2c20 zip,.x-deflate,.
0x00c0: 677a 6970 2c20 6465 666c 6174 650d 0a41 gzip,.deflate..A
0x00d0: 6363 6570 742d 4368 6172 7365 743a 2069 ccept-Charset:.i
0x00e0: 736f 2d38 3835 392d 312c 2075 7466 2d38 so-8859-1,.utf-8
0x00f0: 3b71 3d30 2e35 2c20 2a3b 713d 302e 350d ;q=0.5,.*;q=0.5.
0x0100: 0a41 6363 6570 742d 4c61 6e67 7561 6765 .Accept-Language
0x0110: 3a20 656e 0d0a 486f 7374 3a20 7777 772e :.en..Host:.www.
0x0120: 7961 686f 6f2e 636f 6d0d 0a43 6f6f 6b69 yahoo.com..Cooki
0x0130: 653a 2046 5042 3d6b 6375 6d65 6a6d 3863 e:.FPB=kcumejm8c
0x0140: 3131 6736 7263 670d 0a0d 0a 11g6rcg....
15:13:30.110014 IP (tos 0x0, ttl 56, id 15933, offset 0, flags [DF], length:
100) 216.109.118.78.80 > 192.168.1.4.51381: . [tcp sum ok] 5793:5841(48) ack
280 win 33304 <nop,nop,timestamp 3271846982 4726393>
0x0000: 4500 0064 3e3d 4000 3806 f3ee d86d 764e E..d>[EMAIL PROTECTED]
0x0010: c0a8 0104 0050 c8b5 71d8 013e 6448 c6bd .....P..q..>dH..
0x0020: 8010 8218 3209 0000 0101 080a c304 6c46 ....2.........lF
0x0030: 0048 1e79 7269 616c 2073 697a 653d 2d31 .H.yrial.size=-1
0x0040: 3e3c 623e 266e 6273 703b 2053 6561 7263 ><b> .Searc
0x0050: 6820 666f 723a 266e 6273 703b 3c2f 623e h.for: </b>
0x0060: 3c2f 666f </fo
15:13:30.110059 IP (tos 0x0, ttl 64, id 57286, offset 0, flags [DF], length:
52) 192.168.1.4.51381 > 216.109.118.78.80: . [tcp sum ok] 280:280(0) ack 1
win 1460 <nop,nop,timestamp 4726519 3271846869>
0x0000: 4500 0034 dfc6 4000 4006 4a95 c0a8 0104 [EMAIL
PROTECTED]@.J.....
0x0010: d86d 764e c8b5 0050 6448 c6bd 71d7 ea9e .mvN...PdH..q...
0x0020: 8010 05b4 c205 0000 0101 080a 0048 1ef7 .............H..
0x0030: c304 6bd5 ..k.
8 packets captured
8 packets received by filter
0 packets dropped by kernel
