Date: Thu, 10 Jun 1999 23:21:40 +0200 From: Stefan `Sec` Zehl <sec@42.org> To: freebsd-questions@freebsd.org Cc: opp@muffin.org Subject: tcp sequence numbers aren't in sequece :) Message-ID: <19990610232140.B17240@matrix.42.org>
next in thread | raw e-mail | index | archive | help
I'm not really expecting an answer here, because it's probably a winsux
bug. But I'll take my chance anyway.
Today I was debugging why someone in our (switched) lan couldn't send
Mail.
a quick tcpdump revealed the following:
[.. all normal ...]
929015471.500826 ewok.smtp > ref201.1579: P 127:134(7) ack 477 win 17520 (DF) (ttl 64, id 16436)
"250 ok\n"
929015471.502014 ref201.1579 > ewok.smtp: P 477:483(6) ack 134 win 8627 (DF) [tos 0x10] > (ttl 128, id 22034)
"DATA\n\r"
929015471.596899 ewok.smtp > ref201.1579: . ack 483 win 17520 (DF) (ttl 64, id 16438)
929015480.076121 ewok.smtp > ref201.1579: P 134:147(13) ack 483 win 17520 (DF) (ttl 64, id 16468)
"354 go ahead\n"
[ this is where it gets wired ]
929015480.091100 ref201.1579 > ewok.smtp: P 1943:2503(560) ack 147 win 8614 (DF) [tos > 0x10] (ttl 128, id 22546)
last ack'd packet was '483' now he sends '1943'
929015480.091461 ewok.smtp > ref201.1579: . ack 483 win 17520 (DF) (ttl 64, id 16469)
hey ref201, i still need data starting at 483...
929015480.102461 ref201.1579 > ewok.smtp: P 3963:4501(538) ack 147 win 8614 (DF) [tos > 0x10] (ttl 128, id 23058)
blah blah blah...
929015480.102721 ewok.smtp > ref201.1579: . ack 483 win 17520 (DF) (ttl 64, id 16471)
hey! do you here me?
929015480.111333 ref201.1579 > ewok.smtp: P 5961:6499(538) ack 147 win 8614 (DF) [tos > 0x10] (ttl 128, id 23826)
foop munch blearg...
[ and so on ]
929015480.111577 ewok.smtp > ref201.1579: . ack 483 win 17520 (DF) (ttl 64, id 16472)
929015480.118386 ref201.1579 > ewok.smtp: P 7959:8497(538) ack 147 win 8614 (DF) [tos > 0x10] (ttl 128, id 24338)
929015480.118603 ewok.smtp > ref201.1579: . ack 483 win 17520 (DF) (ttl 64, id 16473)
929015480.125682 ref201.1579 > ewok.smtp: P 9957:10495(538) ack 147 win 8614 (DF) [tos > 0x10] (tt l 128, id 24850)
929015480.125907 ewok.smtp > ref201.1579: . ack 483 win 17520 (DF) (ttl 64, id 16474)
And finally handgs completely at that point.
The boxes involved were eowk="FreeBSD 2.2.1-RELEASE" running sendmail and
ref201="Windows NT Workstation" running Netscape4.x trying to send a
mail with a 200-300k Attachment.
The funny thing is, short mails (a couple of lines text) did not exhibit
this problem.
So I'm asking if somebody saw something like this, or has an idea what
this could be.
CU,
Sec
--
McAffee gibt's wohl für FreeBSD. Der soll auch versteckte Viren in
/sbin/init finden. :-)) - Joerg Wunsch am 21.8.97 in de.comp.os.bsd
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990610232140.B17240>