[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Browser disconnects with eBay



> > LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=28516 I don't think these have
> much informational value, and I only understand what the LEN, TTL, and
> ID fields are. So far, OK.

the TOS has to deal with CoS, Class of Service, and you'll probably only
see this field in use for video/audio streaming.  it is mostly used for
QoS routing, it is fairly useful in some cases, but not here.  i have no
idea what PREC is, looks like i need to whip out the tcp/ip source drivers
again.

> > SPT=80 DPT=2970
> They're connecting from their webserver (hence the source port (SPT) of 80).
> The destination port (DPT) I'm guessing is on my machine. So far, OK.

yeah, your browser sets a listen for webbrowsing usually in the 2900-3100
range.  i have seen this on my proxy server at work and on my desktop with
opera.

> > WINDOW=0 RES=0x00 ACK URGP=0
> I'm not sure if these have any value either.

WINDOW is something that I should know, but it is eluding me right now.
But the ACK apparently is ACK'ing something that you did, was there a SYN
that was also a bad packet or just this one?

> Anyone have any ideas as to why the firewall is seeing this as a "bad
> packet" and dropping the connection? I can't see why it's dropping the
> connection.

do you have examples of other ones?  also, would it be possible to get a
tcpdump or a snoop of the traffic when one of these failures occurs?  and
could a normal packet be caught as well, one that works between the two,
for comparisons sake?

> Can I fix it? Or is eBay doing weird DNS/load balancing stuff that's
> not really working right, and I'm just SOL?

i bet that their load balacning servers might be hurking all over your
packets with some bad header writes but, without doing this myself, i
dunno.

tighe

--
Tighe		w00t		blumnky
	"I am anger incarnate."
	"Oh yeah?  I toss poo."


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.