On Mar 21, 2007, at 5:03 PM, Torbjorn Granlund wrote:
When vm attempts to make a TCP connection (e.g., on port 25) to
smtp.swox.se I see the following traffic on the router:
22:46:27.015389 IP vm.se.lsoft.com.47218 > smtp.swox.se.smtp: S
27523124:27523124(0) win 8192 <mss 1420,wscale
0,nop,nop,nop,timestamp 1888741492 0>
22:46:27.015523 IP smtp.swox.se.smtp > vm.se.lsoft.com.47218: S
1745147473:1745147473(0) ack 3530628660 win 57344 <mss 1460>
22:46:27.056277 IP vm.se.lsoft.com.47218 > smtp.swox.se.smtp: R
3530628660:3530628660(0) win 0
I.e., the vm box appears to dislike the SYNACK from smtp.swox.se, and
sends an RST. One might ask if it is the fault of vm or of
The second line should have been smtp.swox.se.smtp SYN+ACK'ing the
ISN of 27523124. vm is sending a RST to that because the sequence
#'s don't match. It's also odd that the set of options being listed
don't correspond at all...if you run the tcpdump for several minutes,
can you track down other SYN requests which do correspond?
Sometimes this kind of re-writing can happen if natd or PF is
attempting to translate the packets, perhaps when they shouldn't if
both sides of your router box are using routable IPs....
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"