Event: NULL TCP PACKET

Hello all,
we are incrementally receiving a lot of MARS events that comes from Cisco IDS, all those events are “ NULL TCP PACKET”, and the destination is always the same, a smtp ironport machine trough the 25 port, from diferent public IPs.
Does anybody have a similar scenario? What can we do?
Thanks

Hi,
The signature version 364 and the IPS version is 6.1 (1) E2.
It is suppoused that is a single TCP packet with none of the SYN, ACK,FIN or RST flags.
It comes from different public IP's that comes from different ISP's.
Regards
Izaskun

Similar Messages

  • My MBP has started to send out TCP packets larger than the MTU on the NIC - is there any place that this can be overriden?

    Got a very weird issue here and wondering if anyone has any other ideas. Basically over the wired NIC only, my Mac has started to send out large HTTP/HTTPS packets from the browser (> 1500 bytes) Captures show packet sizes from 2000 all the way to 4000 sometimes. This happens in Firefox and Chrome so doesn't appear to be application related.
    This causes fragmentation issues and traffic drops which basically causes most of my websites and  tools to crash and burn (and I get all sorts of SSL errors from applications, etc).
    It appears to be limited to just TCP packets as pings with the DF bit set will not send any larger than 1500 bytes.
    However if I switch to wireless, everything works fine and captures show the correct maximum packet size of 1500 for all packets leaving my client.
    The MTU on the  en0 interface is 1500 as per ifconfig and I made sure that it was set to 1500 in Network config panel (because there is an option for jumbo frames there which bumps up the MTU).
    A packet capture also shows that during the three way handshake the TCP MSS is successfully sent and negotiated as 1480, but then it appears to ignore that when sending packets later in the TCP stream.
    I've rebooted, upgraded to 10.7.4, checked the "sysctl" outputs and matched against a Mac not having the issue.
    This is the newest MBP 15 inch model.
    Any other ideas on things to check?

    Have you used any sort of "tuner" software? You are obviously an advanced user. Sometimes we hack things up and forget about it later. If you are sure you didn't do that, maybe poke around with IPv6 settings. Supposedly people are trying to enable that and it is going to be a disaster.

  • Double TNS datagrams in one TCP packet

    I have the following Problem:
    During a database Connection over an IPSec - tunnel between a Fortigate and a Juniper firewall the connection stalls.
    This is exactly reproducible with on select or bulk insert statement. Neither OCI or thin changes the behavior. Without the tunnel(f.e. LAN or ISDN connect)
    there no problem an no duplicate TNS.
    I have logged the TCP traffic with wireshark on both sides and noticed that I have two tns datagrams in one TCP packet.
    I use different IPSec tunnels and haven only problems with this one. Do you have a hint whats going on?
    BTW: I change sdu and tdu sizes. This changes the point in time of the stall (double tns).
    Here is the Wireshark Log:
    519     1128.135566     192.168.197.33     10.4.100.73     TNS     Request, Data (6), Data
    520     1128.135912     192.168.197.33     10.4.100.73     TNS     Request, Data (6), Data
    521     1128.179202     10.4.100.73     192.168.197.33     TCP     [TCP Window Update] ncube-lm > 64542 [ACK] Seq=7203 Ack=2341 Win=65535 Len=0
    522     1128.202975     10.4.100.73     192.168.197.33     TCP     ncube-lm > 64542 [ACK] Seq=7203 Ack=3691 Win=64185 Len=0
    523     1128.213284     10.4.100.73     192.168.197.33     TNS     Response, Marker (12), Attention
    524     1128.213516     10.4.100.73     192.168.197.33     TNS     Response, Marker (12), Attention
    525     1128.213557     192.168.197.33     10.4.100.73     TCP     64542 > ncube-lm [ACK] Seq=4265 Ack=7225 Win=64201 Len=0
    526     1128.217649     192.168.197.33     10.4.100.73     TNS     Request, Marker (12), Attention
    527     1128.255460     10.4.100.73     192.168.197.33     TCP     [TCP Dup ACK 524#1] ncube-lm > 64542 [ACK] Seq=7225 Ack=3691 Win=65535 Len=0
    * 528     1128.501575     192.168.197.33     10.4.100.73     TNS     [TCP Retransmission] Request, Marker (12), Attention
    529     1128.588704     10.4.100.73     192.168.197.33     TCP     ncube-lm > 64542 [ACK] Seq=7225 Ack=4276 Win=64950 Len=0
    Here the connection stalls, but does not terminate. The data transmission is not finished.
    The * packet has the following header information:
    Frame 528: 639 bytes on wire (5112 bits), 639 bytes captured (5112 bits)
    Ethernet II, Src: FujitsuT_92:f0:b5 (00:19:99:92:f0:b5), Dst: Fortinet_25:ea:de (00:09:0f:25:ea:de)
    Internet Protocol, Src: 192.168.197.33 (192.168.197.33), Dst: 10.4.100.73 (10.4.100.73)
    Transmission Control Protocol, Src Port: 64542 (64542), Dst Port: ncube-lm (1521), Seq: 3691, Ack: 7225, Len: 585
    Transparent Network Substrate Protocol
    Packet Length: 574
    Packet Checksum: 0x0000
    Packet Type: Data (6)
    Reserved Byte: 00
    Header Checksum: 0x0000
    Data
    Transparent Network Substrate Protocol
    Packet Length: 11
    Packet Checksum: 0x0000
    Packet Type: Marker (12)
    Reserved Byte: 00
    Header Checksum: 0x0000
    Attention
    Marker Type: Data Marker - 1 Data Bytes (0x01)
    Marker Data Byte: 0x00
    Marker Data Byte: 0x02
    Any idea?

    Ben wrote:
    Convert dbl to U64 then use swap words. Swap Words is polymorphic and will adapt the the data type you prest to it.
    Ben
    Convert is a bad idea here.you want to typecast instead.
    Rolf Kalbermatter
    Rolf Kalbermatter
    CIT Engineering Netherlands
    a division of Test & Measurement Solutions

  • Asp drop - First TCP packet not SYN (tcp-not-syn)

    I have many tcp-not-syn:
    First TCP packet not SYN (tcp-not-syn)                                46841247
    For sure it is not a routing issue cause ie 10.32.3.230 usually can connect to 192.168.16.2 which is a proxy server. Sometimes it can't and I get the
    tcp-not-syn error. So after a capture I got the following,
    ASA# capture asp-drop type asp-drop tcp-not-syn
    ASA# sh capture asp-drop | i 10.32.3.230
    2397: 16:11:31.904295 802.1Q vlan#8 P0 10.32.3.230.2322 > 192.168.16.2.8080: R 556133793:556133793(0) win 0
    2398: 16:11:31.905272 802.1Q vlan#8 P0 10.32.3.230.2322 > 192.168.16.2.8080: R 556133793:556133793(0) win 0
    2400: 16:11:31.908583 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2401: 16:11:31.908613 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2402: 16:11:31.908629 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2403: 16:11:31.908659 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2404: 16:11:31.908766 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2405: 16:11:31.908796 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2406: 16:11:31.908812 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) ack 4258924744 win 0
    2407: 16:11:31.909071 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2408: 16:11:31.909102 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2409: 16:11:31.909132 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2410: 16:11:31.910490 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2411: 16:11:31.910521 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2412: 16:11:31.910551 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2413: 16:11:31.910566 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2414: 16:11:31.911192 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2415: 16:11:31.911207 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2416: 16:11:31.911238 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2417: 16:11:31.915205 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2418: 16:11:31.915235 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2419: 16:11:31.915296 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
    2420: 16:11:31.915327 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2421: 16:11:31.915357 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2422: 16:11:31.915815 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
    2432: 16:11:33.102426 802.1Q vlan#8 P0 10.32.3.230.2317 > 192.168.16.2.8080: R 4189536219:4189536219(0) win 0
    2433: 16:11:33.102457 802.1Q vlan#8 P0 10.32.3.230.2317 > 192.168.16.2.8080: R 4189536219:4189536219(0) win 0
    2434: 16:11:33.102487 802.1Q vlan#8 P0 10.32.3.230.2317 > 192.168.16.2.8080: R 4189536219:4189536219(0) win 0
    syslog message says:
    deny tcp (no connection) from 10.32.3.78/1646 to 192.168.16.2/8080 flags RST on interface inside
    The question is how can I define it is:
    1. the proxy 192.168.16.2 itself is too slow responding to the syn packet sent from the client 10.32.3.78
    2. a reset is sent by the proxy 192.168.16.2 and then forwarded by the ASA to the client 10.32.3.78
    3. an idle timeout tuning needed on firewall
    4. anything else
    Thanks

    Hi,
    Since it is a RST packet coming from client IP destined to proxy server IP on ASA's interface (of course with no associated connection in ASA state table), ASA will drop it as first tcp packet not syn.
    When a packet arrives on ASA, it checks to see if it belongs to an existing flow, if not, it has to be a new connection but since SYN flag is not set here, it gets dropped under above reason code.
    Now, you would probabaly want to capture the entire traffic stream from client to server on ASA interface to understand what caused those resets. May be client sent some new requests (SYN's) and proxy was too busy to respond. Again, complete capture in pcap would be needed for further analysis.
    Regards,
    Sourav Kakkar

  • Sending TCP packets to many IP addresses after downloading a program

    I constantly monitor UDP and TCP packets sent to IP addresses on my Windows 7 computer. After downloading a free online program to convert media video files, I soon noticed my computer constantly and rapidly sending out packets to more
    than 10 IP addresses (and quite a few were going to China, Russia and Germany). I tried a search on my hard drive for the file that contained those specific IP addresses and found nothing.
    Note: For Viewing Folders, I do not hide operating system files, and I show hidden files, folders and drives.
    Then I  tried searching my windows registry (via REGEDIT) for those IP addresses and found nothing.
    I assumed these IP addresses may have been hidden and included in a .dll file. I could not find an answer on the internet to determine where these hacking IP addresses originated from, so I deleted the program and rebooted.
    The problem still existed, so I had to restore to a previous backup date. The restore fixed the problem.  I am so confused. If I wasn't monitoring my connections I would never have known about this hacking flaw in Windows 7 security. I
    still don't know what type of file(s) were causing this problem. Or what causes my computer to send unsolicited packets to so many IP addresses (to domestic, foreign and hostile locations). 

    Message to members... DO NOT download the software in this area.
    Contains malicious code.
    Thank you FangZhou Chen for your response. I am not exactly sure which of these two programs (listed below) was the culprit for this problem, but I do know that both programs have issues with malicious code. Understand I have used both of these programs
    in the past, but stopped using them because of these issues. The Freeware #1 was my favorite and was user friendly, until the malicious code was added, and may be the real culprit.
    Malicious Freeware #1: Any Video Converter (program name: avc-free.exe)
    This program contains PUP.Optional.OpenCandy - While PUP.Optional.OpenCandy is not technically a virus, this PUP can be extremely annoying and quite difficult to get rid of. It comes loaded with adware, which as anyone who has been infected by adware can tell
    you, can drive you to the brink of insanity with its relentless adverts, plus it will very likely hijack your browser and install a strange and unwanted toolbar on your machine too. Not only do unwanted toolbars get in the way but they can direct you to websites
    that the creators want you to visit and can in general make using your computer a real user-unfriendly experience. PUP.Optional.OpenCandy is also a form of spyware which enables it to be installed deep within your PC’s operating system so that it is harder
    for you to find – and therefore delete.
    Link to site:              any-video-converter.com/products/for_video_free/             
    Link to download program:  any-video-converter.com/download-avc-free.php
    Malicious Freeware #2: SUPER © Media Converter Encoder
    This program is bundled with other software. I don't remember the malicious type or effects.
    Link to site:             erightsoft.com/SUPER.html
    Link to download program:  erightsoft.info/GetFile3.php?SUPERsetup.exe
    Hope this helps. Again thanks! God Bless.
    P.S. - Excellent tools in cleaning up maleware have been to use Malwarebytes, AdwCleaner and  HitmanPro (both recommended by the malwarebytes.org website).

  • WRT54GX2: TCP packets blocked (except SYN/SYN-ACK) to internet

    I'm using WRT54GX2 with latest FW 1.01.22 and I've been running into internet connectivity with one of my laptop (Toshiba MX35-S149 using Atheros). From this laptop DNS/ping works to the internet (UDP/ICMP) but all of the TCP data packets from the internet are being blocked by the router (I think). All of the other PC's continue to work with no problem.
    Rebooting the router (power cycle) causes thing to work again for this laptop but after some time (15-20 minutes or so) once again the problem comes back. I've already spent about 3 hours with support on this but no luck.
     I did a packet capture on the laptop and any HTTP request show TCP SYN, SYN-ACK packets but no data packets. The laptop continues to do the retransmission. At this point I can still PING and DNS resolve any of the names.
    The HTTP to the router's page (192.168.1.1) continues to work without any problem (still using the wireless NIC). Hard-wiring the laptop to router works fine.
    I asked the support if I can do a packet capture on the router itself but I was told "That is not possible".
    I'll add the packet capture files later today.
    Any help is appreciated as I don't think I'll get any help from the tech-support.
    TIA,
    Navras

    Interesting - I have a similar problem however I am trying to block packets going out. So you say that it allows the TCP for a little while then later it is blocked.
    Why are you trying to pass TCP into the computer specifically?
    Do you have a firewall on your laptop that you can check the logs off?
    I have been with support for my issue which is basically the BLOCKED SERVICES options are all greyed out. I need to block udp/tcp packets from going out on exactly the same router, same firmware as yours. They just read scripts from their help desk manuals and do not really seem to understand problems that are NOT in the scripts. Too bad I was hoping after cisco took over linksys would get better at customer support, not the other way.
    I saw a post previously that states that the same router DOES NOT HAVE the blocked services as a function. The manual and screen seem to indicate otherwise.
    Interesting...let us know what happens.
    danee

  • Cisco 3750 --- Mark TCP packets from port 80 with DSCP ef

    Good afternoon,
    I am trying to mark outgoing traffic from a web server with value of DSCP ef
    When I am doing a traffic capture all TCP packets have tos 0x0
    If I marked UDP packets, or icmp packets, I can see it with in trafic capture, but not TCP traffic.
    This is my config,
    mls qos
    ip access-list extended MARK-HTTP-ACL
      permit tcp host 10.10.10.10 eq www any
    class-map match-any HTTP-CM
    match access-group name MARK-HTTP-ACL
    policy-map PRIORITY-PM
    class HTTP-CM
      set dscp ef
    interface GigabitEthernet1/0/11
    switchport access vlan 20
    switchport mode access
    spanning-tree portfast
    mls qos trust dscp
    service-policy input PRIORITY-PM
    Can anybody can help me to understand, why I cannot mark TCP packets?
    Thank you

    Yes.  You need to eliminate the things I've said to eliminate with the other side.  Ensure your configs are matching exactly.  They probably are, whatever, just make sure of it because it's easy.  You both need to run packet captures on your interfaces both in and out to even begin to have an idea of where to look.
    The more info you can have just one person responsible for the better.  What I mean by that is, it's typically a nice step for the 'bigger end' to have the 'smaller end's' config file to look at.
    If you are seeing packets come in your inside, leave your outside, and never make it to his inside, then take it a step at a time.
    If you're seeing them come in his interface and never come back out, you know where to look.
    Set your caps to a single host to single host if need be, and generate traffic accordingly.
    You need to narrow down where NOT to look so that you know where TO look.  I would say then, and only then, do you get the ISP involved.  Once you're sure the problem exists between his edge device and your edge device.
    I do exactly this for a living on a daily basis...day after day after day.  I'm responsible for over 200 IPSec s2s connections and thousands of SSL VPN sessions.  I always start the exact same way...from the very bottom.

  • TCP packet out of state: First packet isn't SYN & Outlook is trying to retrieve data from the Microsoft Exchange Server [CAS-ARray]

    We are transitioning from Exchange 2003 to Exchange 2010.  We found Outlook online mode (non-cached mode) have many warning "Outlook is trying to retrieve data from the Microsoft Exchange Server [CAS-ARray]", usually happen when users tried to open
    address book but sometimes even normal operation like click the Send button.  The problem does not affect OWA and extremely rare when Outlook is running in cached mode.  Check the firewall logs, we notice a lot of "TCP Packet Out of State" drops.
    We have a lot from the CAS/HT to DC/GC on TCP_3268 and LDAP.  And the errors are "TCP packet out of state: First packet isn't SYN" with tcp_flags FIN-ACK, PUSH-ACK.
    We also have a lot from CAS/HT to the Outlook Clients on the static RPC port (TCP_59933).   And the errors are "TCP packet out of state: First packet isn't SYN" with tcp_flags FIN-ACK, PUSH-ACK and RST-ACK, ACK.
    This happens even on Outlook 2010 which I though it has TCP Keep Alive implmented to keep the session active within 1 hour. 
    Can somebody tell me if these out-of-state are the cause of our problem?  And how to fix it?
    THANK 1,000,000

    Hello AndyHWC,
    I did some consulting with our CAS team and received the following feedback to your post:
    It is difficult to determine what is causing resets without seeing the captures first hand however, the concern is that you are seeing dropped packets on the firewall logs.  Where is this firewall located?
    Based on the description "Check the firewall logs, we notice a lot of "TCP Packet Out of State" drops." and "We have a lot from the CAS/HT to DC/GC on TCP_3268 and
    LDAP." indicates to me that the firewall is between CAS and GC.  This not supported under any circumstances and would explain the issue they are seeing with clients trying to "retrieve data from the GC".
    If there is not a firewall between the GC and CAS then a Microsoft support engineer would need to have concurrent Netmon Captures from client, CAS, GC during the
    issue to analyze.  If only one GC exists consider adding another GC to handle the client requests and for fault tolerance.
    Also verify that all NIC card drivers are updated to the latest driver version
    More information about firewalls with Exchange 2007/2010
    http://msexchangeteam.com/archive/2009/10/21/452929.aspx
    http://technet.microsoft.com/en-us/library/bb232184(EXCHG.80).aspx
    You can install the Client Access server role on an Exchange 2007 computer that is running any other server roles except for the Edge Transport server role. You
    cannot install the Client Access server role on a computer that is installed in a cluster. Installation of a Client Access server in a perimeter network is not supported.
    http://technet.microsoft.com/en-us/library/dd577077(EXCHG.80).aspx
    “The Installation of a Client Access Server in a Perimeter Network Is Not Supported
    Issue You may want to install an Exchange 2007 Client Access server in a perimeter network. However, this type of installation is not supported in Exchange
    2007.
    Cause The Exchange 2007 Client Access server role is not supported in any configuration in which a firewall is located between the Client Access server
    and a Mailbox server or a domain controller. This includes firewall devices, firewall programs, or any program or device that is designed to restrict traffic between two network locations.
    For correct operation, Client Access servers require typical domain connectivity to domain controllers and global catalog servers. Because any devices
    or programs that restrict or reduce access to domain controllers or global catalog servers may affect the correct operation of the Client Access server, we do not support this type of configuration.
    Resolution To resolve this issue, move the Client Access servers to the internal network. For more information about the ports that Exchange 2007 uses
    for various services, see Data Path Security Reference.”
    Thanks,
    Kevin Ca - MSFT
    Kevin Ca - MSFT

  • IS IT POSSIBLE TO SEND TCP PACKET WITH THE SOCKET?

    Hello everybody iam programing HIJACK attack with jbuilder8 that consiste to detecte a communication between the client and server (tcp session or tcp connexion) and read all informations from this tcp packet(like N�ACK,N� SEQ..) and finnaly send a tcp packet with false information. I have make this project with C under linux(red hat9) compiled with GCC and i have used raw socket like this:
    int creat_socket(char *interface)
    int fd;
    struct ifreq ifr;
    struct sockaddr_ll sll;
    if ((fd=socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)))==-1)//creat socket {
         perror("socket");
         return -1;
    memset(&ifr, 0, sizeof(struct ifreq));//remplir ifr par des '0'
    strcpy(ifr.ifr_name, interface);//copier le nom de l'interface ds ifr_name
    if (ioctl(fd, SIOCGIFINDEX, &ifr)==-1)//Retrouve le num�ro d'interface et le place dans ifr_ifindex.
         perror("ioctl");
         return -1;
    memset(&sll, 0, sizeof(struct sockaddr_ll));//remplir sll par des '0'
    sll.sll_family=PF_PACKET;
    sll.sll_ifindex=ifr.ifr_ifindex;
    sll.sll_protocol=htons(ETH_P_ALL);
    if (bind(fd, (struct sockaddr *)&sll, sizeof(struct sockaddr_ll))==-1)//lie le socket a l'interface
         perror("bind");
         return -1;
    if (ioctl(fd, SIOCGIFFLAGS, &ifr)==-1)//Lire les attributs actifs du p�riph�rique
         perror("ioctl");
         return -1;
    ifr.ifr_flags|=IFF_PROMISC;//Interface en mode promiscuous
    if (ioctl(fd, SIOCSIFFLAGS, &ifr)==-1)////ecrire les attributs actifs du p�riph�rique
         perror("ioctl");
         return -1;
    return fd;
    PROBLEM : I want to know if it�s possible to make that in java because i had search and i have found just the client and server socket but i want a socket to send tcp Packet? Thank you.

    hello i had found the ROCKSAW (http://www.savarese.org/software/rocksaw.html ) and i had used in my program, but when the program arrived in:
    socket_send=new RawSocket();
    i had this error:
    java.lang.UnsupportedClassVersionError: org/savarese/rocksaw/net/RawSocket (Unsupported major.minor version 49.0)
         at java.lang.ClassLoader.defineClass0(Native Method)
         at java.lang.ClassLoader.defineClass(ClassLoader.java:502)
         at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
         at java.net.URLClassLoader.defineClass(URLClassLoader.java:250)
         at java.net.URLClassLoader.access$100(URLClassLoader.java:54)
         at java.net.URLClassLoader$1.run(URLClassLoader.java:193)
         at java.security.AccessController.doPrivileged(Native Method)
         at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
         at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
         at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
         at java.lang.ClassLoader.loadClass(ClassLoader.java:255)
         at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:315)
         at hijack.M_HIJACK.tcpsend(M_HIJACK.java:345)
         at hijack.M_HIJACK.injection_actionPerformed(M_HIJACK.java:611)
         at hijack.M_HIJACK_injection_actionAdapter.actionPerformed(M_HIJACK.java:861)
         at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1764)
         at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1817)
         at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:419)
         at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:257)
         at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:245)
         at java.awt.Component.processMouseEvent(Component.java:5093)
         at java.awt.Component.processEvent(Component.java:4890)
         at java.awt.Container.processEvent(Container.java:1566)
         at java.awt.Component.dispatchEventImpl(Component.java:3598)
         at java.awt.Container.dispatchEventImpl(Container.java:1623)
         at java.awt.Component.dispatchEvent(Component.java:3439)
         at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3450)
         at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3165)
         at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3095)
         at java.awt.Container.dispatchEventImpl(Container.java:1609)
         at java.awt.Component.dispatchEvent(Component.java:3439)
         at java.awt.EventQueue.dispatchEvent(EventQueue.java:450)
         at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:197)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:144)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:136)
         at java.awt.EventDispatchThread.run(EventDispatchThread.java:99)
    i think that is a problem with a version of JDK (i have jdk1.4) so if you have an idea please help me

  • Some tcp packets are dropped using socketfilter

    I user socketfilter to intercept tcp packet,but I find that not all of the tcp packet can be intercepted.For examle,I open chrome browser and  
    browse video website,as a result I miss some packets for HTTP  commucication. Thanks very much. My English is not good,I am sorry.
    Waiting for your help.

    Oh dear. That confirms my fear that somehow you have got output files into your source files, maybe you published to that folder.
    Within a version of RH, you could correct that, albeit with quite a bit of work.
    http://www.robowizard.com/RoboWizard/NewProject.htm#MonthlyScry/062004.htm
    However, what you are trying to do is upgrade an output file and the process is not designed for that.  You have to decide on the least work. Uninstall RH8 and install RH7, fix the problem and then upgrade or just get on with redoing those dropdowns in RH8.
    See www.grainge.org for RoboHelp and Authoring tips

  • Reading or changing sequence number in TCP packets

    I don't know wether this is feasible,But you're my last chance to figure out something else.Can i read the sequence number that comes inside the TCP header in the incomming packets?This sound illogical but since there is a method for getting the IP of the sender(And that IP exits in the IP header Network layer i),then the sequence number (TCP header inside the Transport layer)must exits in the packet.Can i read it?
    -And an even more illogical question? can i change that sequence number or the acknowlege number to form a new packet ? Its like converting a packet to and from a packet object to a string of bits ?
    I know excatly where the sequence and acknowledge numbers are located (after how many bits) inside the TCP header?

    ejp wrote:
    first off I'm wanna appply this to javame application and jpcap have some native code i dunno how to use it on a cell phone.You cant.You can migrate the code to work on a mobile phone, in theory. This is unlikely to be worth it even if you succeed.
    I was thinking if i can change the acknowledge numberYou can't.Like sticking your hand in a blender. Its simpler to say you can't but I say you shouldn't want to.
    i can order the server i'm connected to to send the data from a specific byte no sequentially.Use a protocol that already understands that. HTTP and FTP spring to mind.There are existing protocols for this which work and your phone is likely to support HTTP with XHTML basic already.
    -Drop this packet and then form another packet with the same info as if it were formed automatically except replaciong the acknolwedge number with the size of my buffered data + 1.TCP/IP will never let this work even if you could do it, which you can't. You cannot skip data this way. This is not what acknowledgements and sequence numbers are for.
    I also know that some protocols support requesting files from a specific byte(like HTTP) but i wanna do it inside the network layer not the application layerWhy?You prefer the blender, I see.

  • Import / Export and TCP packets relay

    Hi All,
    Any idea what relationship Export/ Import on a local box has on the TCP/IP packets ? I see tremendous amount of packets (42000 / sec) on a Windows 64 bit box while doing Import / Export. Its from an 8i to 10g so the Import / Export.

    On a local server you don't need to use TCP/IP.
    Generally speaking export is just a series of SELECTs. The nomal array interface applies, the size of the array is indicated by the buffer parameter.
    One array is fragment by sqlnet in packages of SDU size, default 2048 bytes.
    These packages are being fragmented by the network card, as the default MTU is 1500 bytes.
    Sybrand Bakker
    Senior Oracle DBA

  • Capturing and storiing a TCP packet in a database

    How to capture and store a TCP or ARP packet in a database. I have used the captor class for capturing but I
    could not store. Give suggestion

    Why couldn't you store the captured packet?

  • Tcp packets application

    hi, i would like to be able to capture application packets eg from yahoo . Next i have to extract the destination port and ip address...is there anyway to do it? I have to use tcp sockets.
    Is there anyway to do this? Basically, I make a connection between to peer computers, then applications are supposed to use this connection ...any help, advice, code would be appreciated
    So for example, yahoo would send the packets to the listening program on the same machine, the listening program then sends the packets over to the other peer listening program on another machine and then this peer listening program sends the packets back to yahoo allowign communication

    Java doesn't have the lowlevel raw-sockets support for IP required for packet sniffing. c.f. snort.
    You could implement a caching proxy server to implement these requirements..

  • How to read contents of TCP packets in Internet

    i want to get the IP address of a packet from the remote host in Internet and read what each fields mean for designing a firewall
    with address and service filters and acting as a applicaiton gateway?
    so i want to read headers and other fields of the incoming packets
    and authenicate it
    which package and class can we be used for this in Java?

    You can't - java doesn't do raw sockets.
    You can use JNI for this.
    There are OS dependencies as well. Some versions of windows will require additional drivers to do this.
    You can roll your own or start here... http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html

Maybe you are looking for

  • Problem Creating an ABAP Proxy based on a WSDL which uses extensions.

    Hi all, I'm trying to create an Asset in Salesforce using ABAP. I can generate the ABAP Proxy OK, (from the SalesForce Enterprise WSDL I created)  but the Asset definition does not exist. I think my issue stems from the fact that the SalesForce WSDL

  • Automatically copy formulas to new row

    How do I automatically copy formulas from the previous row to a newly created row in Numbers? Some of the templates included with Numbers 09, such as the Checking Register do this. I apologize if this question has already been asked and answered, but

  • Can't relocate many missing files on iTunes 11, please HELP

    Hi, I have this problem with iTunes. I moved all my music to a new folder and not about 1200 files can not be located. I tried everything i could find in forums and YouTube, nothing worked. I created a new folder and copied all songs, without folders

  • Query to get the Customer Contacts

    Hi all, Pls tell me the qyery to get the customer contacts like telephone number, fax number details. Thanks in advance

  • Using own created system status

    Hi, my customer doesn't want to use user statuses and I have created a new system status instead and assigned it to the object type using the transactions BS12 and BS22. But now I have the problem that this new system status is not visible as an avai