El día Wednesday, July 25, 2007 a las 11:48:27PM -0700, Phil Dibowitz escribió:
> Matthias Apitz wrote:
> > Phil, I'm talking about this pkg (the very last one in my posting from
> > today):
> >
> > 13:30:08.499026 IP 10.0.1.40.2546 > xxx.xxx.xxx.xxx.3233: S
> > 49301289:49301289(0) ack 979701897 win 23360 <mss 536>
>
> I misunderstood, sorry. This packet is not part of the same connection as
> the rest of the packets in your output. Both the source and destination
> ports don't match, nor do the sequence or ack numbers. That's a SYN+ACK to
> some _other_ SYN not shown in your output. That's why Carson pointed out
> that you didn't include the relevant SYN.
I've now watched the cam with tcpdump in a laptop plug'ed in
into a hub together with the cam; it turned out that there was
a 1st SYN from xxx.xxx.xxx.xxx.3233 --> 10.0.1.40.2546 which was
not to be seen in the firewall because it came in via a VPN
tunnel we have to the remote side as well; normally routing
for xxx.xxx.xxx.xxx should not go through the VPN but through
the firewall and IPF, thats why the SYN+ACK as a response to
the 1st SYN was seen by tcpdump in the firewall;
in short: we have here some asymmetric routing issue which I
have to solve out;
Thanks again to Carson and Phil insisting in the missing SYN.
matthias
--
Matthias Apitz
Manager Technical Support - OCLC PICA GmbH
Gruenwalder Weg 28g - 82041 Oberhaching - Germany
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <[EMAIL PROTECTED]> - w http://www.oclcpica.org/ http://www.UnixArea.de/
b http://gurucubano.blogspot.com/
OCLC PICA GmbH, Geschaeftsfuehrer: Christine Magin-Weeger, Norbert Weinberger
Sitz der Gesellschaft: Oberhaching, HRB Muenchen: 113261
