OK, I just restarted the win2k box and tried again. I logged in using
telnet and ran a tcpdump as I tried to ftp in. I kinda exaggerated a bit,
it only takes 1:05 to log in, it just seems like an eternity. But that
still seems like an awful long while. Anywho, here's the dump: (rei is the
name of my win2k box, lain the RH)
Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet socket
tcpdump: listening on all devices
15:10:01.343140 eth0 < rei.3007 > lain.telnet: . 3474649585:3474649585(0)
ack 587445513 win 17204 (DF)
15:10:01.343140 eth0 > lain.telnet > rei.3007: P 1:114(113) ack 0 win 5840
(DF) [tos 0x10]
15:10:01.543140 eth0 < rei.3007 > lain.telnet: . 0:0(0) ack 114 win 17091
(DF)
15:10:01.543140 eth0 > lain.telnet > rei.3007: P 114:311(197) ack 0 win 5840
(DF) [tos 0x10]
15:10:01.743140 eth0 < rei.3007 > lain.telnet: . 0:0(0) ack 311 win 16894
(DF)
15:10:01.743140 eth0 > lain.telnet > rei.3007: P 311:486(175) ack 0 win 5840
(DF) [tos 0x10]
15:10:01.943140 eth0 < rei.3007 > lain.telnet: . 0:0(0) ack 486 win 16719
(DF)
15:10:01.943140 eth0 > lain.telnet > rei.3007: P 486:661(175) ack 0 win 5840
(DF) [tos 0x10]
15:10:02.143140 eth0 < rei.3007 > lain.telnet: . 0:0(0) ack 661 win 16544
(DF)
15:10:02.143140 eth0 > lain.telnet > rei.3007: P 661:836(175) ack 0 win 5840
(DF) [tos 0x10]
15:10:02.343140 eth0 < rei.3007 > lain.telnet: . 0:0(0) ack 836 win 16369
(DF)
15:10:02.343140 eth0 > lain.telnet > rei.3007: P 836:1011(175) ack 0 win
5840 (DF) [tos 0x10]
15:10:02.543140 eth0 < rei.3007 > lain.telnet: . 0:0(0) ack 1011 win 16194
(DF)
15:10:02.543140 eth0 > lain.telnet > rei.3007: P 1011:1187(176) ack 0 win
5840 (DF) [tos 0x10]
15:10:02.623140 eth0 < rei.3008 > lain.ftp: S 3482043153:3482043153(0) win
16384 <mss 1460,nop,nop,sackOK> (DF)
15:10:02.623140 eth0 > lain.ftp > rei.3008: S 627678757:627678757(0) ack
3482043154 win 5840 <mss 1460,nop,nop,sack
OK> (DF)
15:10:02.623140 eth0 < rei.3008 > lain.ftp: . 1:1(0) ack 1 win 17520 (DF)
15:10:02.623140 eth0 > lain.1026 > rei.auth: S 624427470:624427470(0) win
5840 <mss 1460,sackOK,timestamp 50559 0,n
op,wscale 0> (DF)
15:10:02.623140 eth0 < rei.auth > lain.1026: R 0:0(0) ack 624427471 win 0
15:10:02.633140 eth0 > lain.1029 > 207.217.126.81.domain: 8137+ PTR?
2.10.10.10.in-addr.arpa. (41) (DF)
15:10:02.633140 eth0 > lain.1030 > 207.217.126.81.domain: 59993+ PTR?
81.126.217.207.in-addr.arpa. (45) (DF)
15:10:02.743140 eth0 < rei.3007 > lain.telnet: . 0:0(0) ack 1187 win 17520
(DF)
15:10:02.743140 eth0 > lain.telnet > rei.3007: P 1187:1887(700) ack 0 win
5840 (DF) [tos 0x10]
15:10:02.943140 eth0 < rei.3007 > lain.telnet: . 0:0(0) ack 1887 win 16820
(DF)
15:10:07.643140 eth0 > lain.1031 > 207.217.77.82.domain: 59993+ PTR?
81.126.217.207.in-addr.arpa. (45) (DF)
15:10:07.643140 eth0 > lain.1032 > 207.217.77.82.domain: 8137+ PTR?
2.10.10.10.in-addr.arpa. (41) (DF)
15:10:10.653140 eth0 >
27 packets received by filter
99 packets are not read yet
And after I connected, I opened the telnet window and stopped TCP dump. I
see it says I lost a few second in there between 15:10:02 and 15:10:07, but
it was much longer than 5 secs ... how odd ... well, it's not a major
problem, I've got plenty of others to worry about, but again thanks for all
the help. This list rocks.
Justin
