El día Wednesday, July 25, 2007 a las 10:51:04PM -0700, Phil Dibowitz escribió:
> On Thu, Jul 26, 2007 at 07:35:38AM +0200, Matthias Apitz wrote:
> > Hello Carson,
> >
> > Thanks for pointing that out; I did not realized the 'ack' flag and was
> > only focused on the 'S'; it is now clear why the pkg can not pass the
> > IPF firewall;
> >
> > but it remains a question; I collected all the traffic for the IP
> > 10.0.1.40 and this is what was captured:
> >
> > Why 10.0.1.40 sends out a SYN to the remote side having 'ack' turned on
> > and having set the destination port to n+1 of the source port of the
> > established connection? Do you have an idea about?
>
> Where do you see that? Source port is 3232 in the first packet:
...
Phil, I'm talking about this pkg (the very last one in my posting from
today):
13:30:08.499026 IP 10.0.1.40.2546 > xxx.xxx.xxx.xxx.3233: S
49301289:49301289(0) ack 979701897 win 23360 <mss 536>
the dst port is in fact 3233 while in the 1st SYN-SYN-ACK hand-shaked
connection the src port was 3232:
13:30:07.989088 IP xxx.xxx.xxx.xxx.3232 > 10.0.1.40.1720: S
356680283:356680283(0) win 8192 <mss 1460>
13:30:07.994005 IP 10.0.1.40.1720 > xxx.xxx.xxx.xxx.3232: S
85446234:85446234(0) ack 356680284 win 23360 <mss 536>
13:30:08.153383 IP xxx.xxx.xxx.xxx.3232 > 10.0.1.40.1720: . ack 1 win 8192
I'm clear now?
matthias
--
Matthias Apitz
Manager Technical Support - OCLC PICA GmbH
Gruenwalder Weg 28g - 82041 Oberhaching - Germany
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <[EMAIL PROTECTED]> - w http://www.oclcpica.org/ http://www.UnixArea.de/
b http://gurucubano.blogspot.com/
OCLC PICA GmbH, Geschaeftsfuehrer: Christine Magin-Weeger, Norbert Weinberger
Sitz der Gesellschaft: Oberhaching, HRB Muenchen: 113261
