After spending many hours looking at ipmon/ethereal logs, I believe I've found
a explanation (a bug?) for the following strange behaviour (Solaris 10u1):

I've got a non-global zone with Apache2 with dedicated IP and bound to 
interface e1000g2 of a Sun X4200 box. The global zone has a different dedicated 
IP bound to a different interface e1000g0.

When I point a browser at the web site, the HTML page often comes up 
immediately, but sometimes it will hang and only load when I press the reload 
browser button one or multiple times. This is reproducible with different 
browsers from different networks with or without DNS resolution. It's 
reproducible with other non-local zones configured alike and running different 
TCP based services (namely SSH or non-Apache HTTP).

This is what happens in a failing case (Ethereal client dump "dump_failed.txt" 
and IPF log "att1.txt" lines 1-3 pp): the incoming TCP SYN comes over interface 
e1000g2 (correct) and is passed by IPF. However, the non-global zone sends the 
TCP SYN-ACK package back over interface e1000g0, which is wrong and causes IPF 
to fail to build a correct state entry. Then, afterwards, the response packets 
from the webserver will be filtered by IPF, since it has no state entry.

In the success case (Ethereal client dump "dump_success.txt" and IPF log 
"att1.txt" lines 19-21 pp), the incoming TCP SYN is answered correctly by a TCP 
SYN-ACK both over interface e1000g2. IPF can build a state entry and all 
subsequent packets from the webserver reach the client.

=====
The non-global zone has this setup:

zonecfg:ws1> info
...snip...
net:
        address: 62.146.25.34
        physical: e1000g2
zonecfg:ws1> 

=====
The relevant (as of the IPF log) IPF rules are:

rule 1: block out log all                                                       
                            
rule 16: pass in log quick proto tcp from any to 62.146.25.34 port = 80  keep 
state

=====

If I didn't miss an important point, I suspect this to be a bug in Zones and/or 
IPF.

Any hints?
Thx,
Tobias
 
 
This message posted from opensolaris.org
No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.1.101         62.146.25.34          TCP      1079 > 
http [SYN] Seq=0 Len=0 MSS=1460

Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0x0269 (617)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde9d [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 
0, Len: 0
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 0    (relative sequence number)
    Header length: 28 bytes
    Flags: 0x0002 (SYN)
    Window size: 65535
    Checksum: 0x5c3c [correct]
    Options: (8 bytes)

No.     Time        Source                Destination           Protocol Info
      2 0.022698    62.146.25.34          192.168.1.101         TCP      http > 
1079 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452

Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea 
(00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 
(192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0x002f (47)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2ed8 [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1079 (1079), Seq: 
0, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: 1079 (1079)
    Sequence number: 0    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 28 bytes
    Flags: 0x0012 (SYN, ACK)
    Window size: 49368
    Checksum: 0xd017 [correct]
    Options: (8 bytes)

No.     Time        Source                Destination           Protocol Info
      3 0.022749    192.168.1.101         62.146.25.34          TCP      1079 > 
http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0

Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x026a (618)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdea4 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 
1, Ack: 1, Len: 0
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 65535
    Checksum: 0x19dc [incorrect, should be 0xbdac]

No.     Time        Source                Destination           Protocol Info
      4 0.022919    192.168.1.101         62.146.25.34          HTTP     GET / 
HTTP/1.1

Frame 4 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x026b (619)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdcfd [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 
1, Ack: 1, Len: 422
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Next sequence number: 423    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xcda5]
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      5 3.013084    192.168.1.101         62.146.25.34          HTTP     [TCP 
Retransmission] GET / HTTP/1.1

Frame 5 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x0276 (630)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdcf2 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 
1, Ack: 1, Len: 422
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Next sequence number: 423    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xcda5]
    SEQ/ACK analysis
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      6 9.029003    192.168.1.101         62.146.25.34          HTTP     [TCP 
Retransmission] GET / HTTP/1.1

Frame 6 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x027f (639)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdce9 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 
1, Ack: 1, Len: 422
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Next sequence number: 423    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xcda5]
    SEQ/ACK analysis
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      7 21.060827   192.168.1.101         62.146.25.34          HTTP     [TCP 
Retransmission] GET / HTTP/1.1

Frame 7 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x0284 (644)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdce4 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 
1, Ack: 1, Len: 422
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Next sequence number: 423    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xcda5]
    SEQ/ACK analysis
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      8 35.561984   192.168.1.101         62.146.25.34          TCP      1079 > 
http [FIN, ACK] Seq=423 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0

Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x029a (666)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde74 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 
423, Ack: 1, Len: 0
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 423    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0011 (FIN, ACK)
    Window size: 65535
    Checksum: 0x19dc [incorrect, should be 0xbc05]
No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.1.101         62.146.25.34          TCP      1083 > 
http [SYN] Seq=0 Len=0 MSS=1460

Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0x02a3 (675)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde63 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 
0, Len: 0
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 0    (relative sequence number)
    Header length: 28 bytes
    Flags: 0x0002 (SYN)
    Window size: 65535
    Checksum: 0x70ca [correct]
    Options: (8 bytes)

No.     Time        Source                Destination           Protocol Info
      2 0.020553    62.146.25.34          192.168.1.101         TCP      http > 
1083 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452

Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea 
(00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 
(192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0x006b (107)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2e9c [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 
0, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 0    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 28 bytes
    Flags: 0x0012 (SYN, ACK)
    Window size: 49368
    Checksum: 0xb530 [correct]
    Options: (8 bytes)

No.     Time        Source                Destination           Protocol Info
      3 0.020599    192.168.1.101         62.146.25.34          TCP      1083 > 
http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0

Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x02a4 (676)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde6a [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 
1, Ack: 1, Len: 0
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 65535
    Checksum: 0x19dc [incorrect, should be 0xa2c5]

No.     Time        Source                Destination           Protocol Info
      4 0.020746    192.168.1.101         62.146.25.34          HTTP     GET / 
HTTP/1.1

Frame 4 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x02a5 (677)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdcc3 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 
1, Ack: 1, Len: 422
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Next sequence number: 423    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xb2be]
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      5 0.071290    62.146.25.34          192.168.1.101         TCP      http > 
1083 [ACK] Seq=1 Ack=423 Win=49368 Len=0

Frame 5 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea 
(00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 
(192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x006c (108)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2ea3 [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 
1, Ack: 423, Len: 0
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 423    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 49368
    Checksum: 0xe046 [correct]

No.     Time        Source                Destination           Protocol Info
      6 0.075838    62.146.25.34          192.168.1.101         HTTP     
HTTP/1.1 200 OK (text/html)

Frame 6 (413 bytes on wire, 413 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea 
(00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 
(192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 399
    Identification: 0x006d (109)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2d3b [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 
1, Ack: 423, Len: 359
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 1    (relative sequence number)
    Next sequence number: 360    (relative sequence number)
    Acknowledgement number: 423    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 49368
    Checksum: 0x29b8 [correct]
Hypertext Transfer Protocol
Line-based text data: text/html

No.     Time        Source                Destination           Protocol Info
      7 0.095473    192.168.1.101         62.146.25.34          HTTP     GET 
/favicon.ico HTTP/1.1

Frame 7 (407 bytes on wire, 407 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 393
    Identification: 0x02aa (682)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdd03 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 
423, Ack: 360, Len: 353
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 423    (relative sequence number)
    Next sequence number: 776    (relative sequence number)
    Acknowledgement number: 360    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65176
    Checksum: 0x1b3d [incorrect, should be 0x1e0c]
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      8 0.139786    62.146.25.34          192.168.1.101         TCP      http > 
1083 [ACK] Seq=360 Ack=776 Win=49368 Len=0

Frame 8 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea 
(00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 
(192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x006e (110)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2ea1 [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 
360, Ack: 776, Len: 0
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 360    (relative sequence number)
    Acknowledgement number: 776    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 49368
    Checksum: 0xdd7e [correct]

No.     Time        Source                Destination           Protocol Info
      9 0.144850    62.146.25.34          192.168.1.101         HTTP     
HTTP/1.1 404 Not Found (text/html)

Frame 9 (464 bytes on wire, 464 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea 
(00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 
(192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 450
    Identification: 0x006f (111)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2d06 [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 
360, Ack: 776, Len: 410
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 360    (relative sequence number)
    Next sequence number: 770    (relative sequence number)
    Acknowledgement number: 776    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 49368
    Checksum: 0x7a71 [correct]
Hypertext Transfer Protocol
Line-based text data: text/html

No.     Time        Source                Destination           Protocol Info
     10 0.269307    192.168.1.101         62.146.25.34          TCP      1083 > 
http [ACK] Seq=776 Ack=770 Win=64766 [TCP CHECKSUM INCORRECT] Len=0

Frame 10 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 
(00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 
(62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x02af (687)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde5f [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 
776, Ack: 770, Len: 0
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 776    (relative sequence number)
    Acknowledgement number: 770    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 64766
    Checksum: 0x19dc [incorrect, should be 0x9fbe]
LINE    PACKET_DT       PACKET_FS       PACKET_IFC      RULE_NUMBER     
RULE_ACTION     SOURCE_IP       SOURCE_PORT     DEST_IP DEST_PORT       
PROTOCOL        TCP_FLAGS
1       08.05.2006 21:24:09     786741  e1000g2 16      p       84.56.16.159    
60693   62.146.25.34    80      tcp     S
2       08.05.2006 21:24:09     786863  e1000g0 16      p       62.146.25.34    
80      84.56.16.159    60693   tcp     AS
3       08.05.2006 21:24:09     808218  e1000g2 16      p       84.56.16.159    
60693   62.146.25.34    80      tcp     A
4       08.05.2006 21:24:09     837170  e1000g2 16      p       84.56.16.159    
60693   62.146.25.34    80      tcp     AP
5       08.05.2006 21:24:09     837189  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     A
6       08.05.2006 21:24:09     837479  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AP
7       08.05.2006 21:24:12     823801  e1000g2 16      p       84.56.16.159    
60693   62.146.25.34    80      tcp     AP
8       08.05.2006 21:24:12     823832  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     A
9       08.05.2006 21:24:13     210039  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AP
10      08.05.2006 21:24:18     839318  e1000g2 16      p       84.56.16.159    
60693   62.146.25.34    80      tcp     AP
11      08.05.2006 21:24:18     839351  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     A
12      08.05.2006 21:24:19     970040  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AP
13      08.05.2006 21:24:24     840073  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AF
14      08.05.2006 21:24:30     870503  e1000g2 16      p       84.56.16.159    
60693   62.146.25.34    80      tcp     AP
15      08.05.2006 21:24:30     870538  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     A
16      08.05.2006 21:24:33     480059  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AFP
17      08.05.2006 21:24:45     347464  e1000g2 16      p       84.56.16.159    
60693   62.146.25.34    80      tcp     AF
18      08.05.2006 21:24:45     347498  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     A
19      08.05.2006 21:24:47     857068  e1000g2 16      p       84.56.16.159    
60694   62.146.25.34    80      tcp     S
20      08.05.2006 21:24:47     857118  e1000g2 16      p       62.146.25.34    
80      84.56.16.159    60694   tcp     AS
21      08.05.2006 21:24:47     878257  e1000g2 16      p       84.56.16.159    
60694   62.146.25.34    80      tcp     A
22      08.05.2006 21:24:47     907630  e1000g2 16      p       84.56.16.159    
60694   62.146.25.34    80      tcp     AP
23      08.05.2006 21:24:47     907644  e1000g2 16      p       62.146.25.34    
80      84.56.16.159    60694   tcp     A
24      08.05.2006 21:24:47     907892  e1000g2 16      p       62.146.25.34    
80      84.56.16.159    60694   tcp     AP
25      08.05.2006 21:24:47     976361  e1000g2 16      p       84.56.16.159    
60694   62.146.25.34    80      tcp     AP
26      08.05.2006 21:24:47     976375  e1000g2 16      p       62.146.25.34    
80      84.56.16.159    60694   tcp     A
27      08.05.2006 21:24:47     976487  e1000g2 16      p       62.146.25.34    
80      84.56.16.159    60694   tcp     AP
28      08.05.2006 21:24:48     127599  e1000g2 16      p       84.56.16.159    
60694   62.146.25.34    80      tcp     A
29      08.05.2006 21:24:54     932569  e1000g2 16      p       84.56.16.159    
60693   62.146.25.34    80      tcp     AFP
30      08.05.2006 21:24:54     932595  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     A
31      08.05.2006 21:25:00     490052  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AFP
32      08.05.2006 21:25:02     980057  e1000g2 16      p       62.146.25.34    
80      84.56.16.159    60694   tcp     AF
33      08.05.2006 21:25:03     1890    e1000g2 16      p       84.56.16.159    
60694   62.146.25.34    80      tcp     A
34      08.05.2006 21:25:09     907916  e1000g2 16      p       84.56.16.159    
60694   62.146.25.34    80      tcp     AF
35      08.05.2006 21:25:09     907949  e1000g2 16      p       62.146.25.34    
80      84.56.16.159    60694   tcp     A
36      08.05.2006 21:25:42     948502  e1000g2 16      p       84.56.16.159    
60693   62.146.25.34    80      tcp     AFP
37      08.05.2006 21:25:42     948535  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     A
38      08.05.2006 21:25:54     500051  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AFP
39      08.05.2006 21:26:54     510046  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AFP
40      08.05.2006 21:27:54     520041  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AFP
41      08.05.2006 21:28:54     530040  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AFP
42      08.05.2006 21:29:54     540039  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AFP
43      08.05.2006 21:30:54     550039  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AFP
44      08.05.2006 21:31:54     560041  e1000g2 1       b       62.146.25.34    
80      84.56.16.159    60693   tcp     AFP
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to