Capturing packets from two server programs in single solaris box
Hi,
Greetings.
I observe that snoop is not capturing packets exchanged between two server process which are running in a same solaris machine.
Are there any options with snoop, so that it is possible to capture the
packets between two server processes in a single machine ?
Thanks in advance.
BR, RK
Snoop? No. Packets to the same machine never reach the DLPI layer which is where snoop is looking.
There are some 'dtrace' scripts on Solaris 10 that attempt to view the contents as they go within the machine. They should work with most interfaces.
I don't know of any good solution for Solaris 9.
Darren
Similar Messages
-
Capture Changes from Sql Server using Oracle Streams - Destination Oracle
Is it possible to capture changes made to tables in Sql Server database and propagate the changes to Oracle Database using Oracle Streams and Heterogeneous Gateway. I see plenty of information about pushing data from Oracle to Sql server, but I haven't been able to find much information about going the other way. Currently we are using sql server 2005 replication to accomplish this. We are looking into the possibility of replacing it with streams.
the brief understanding i have is that there is nothing out of the tin that Oracle provides to stream between SQL Server and Oracle. The senario is documented in Oracle docs however and says you need to implement the SQL Server side to grabe changes and submit to Oracle stream queues.
i'm sure i've seen third parties who sell software to do this.
If you know otherwise please let me know. Also wasn;t aware one could push from SQL Server to Oracle. Is this something only avail in SQL Server 2005 or does 200 also have it? How are you doing this?
Cheers -
Capturing images from two web camera in real time
Hi,
I need to compare two pictures from two webcameras. I will make some easy computing on them, so there should be no speed problem, but i dont know how can i take each picture? is there any action which is called each time a frame comes? do sb have some sample code?
thanks
JJHere's source code I posted to capture a frame from one webcam.
http://forum.java.sun.com/thread.jspa?threadID=570463&tstart=25
Lots of people have problems with multiple cameras, something to do with the
Windows USB channels and failing to detect/select between the two.
So, capturing frames from 1 web cam is relatively straightforward, but you may have serious problems with two or more.
regards,
Owen -
Resend captured packets from cisco ios? (tcpreplay w/o WireShark)
Hello again,
As the title of the thread implies, is there a way to replay captured packets (as in a pcap file from the EPC protocol) from cisco ios? I am trying a work around by calling it from a connected computer, but I can't launch tcpreplay dynamically from an EEM script (mainly because I can't target the host OS from the EEM scope).
Basically I am capturing packets in order to delay them until some arbitrary time determined by another (or even the same) EEM script. Is there a function I don't know about that I can call to put previously captured packets (stored in a pcap file) directly back on the bus as if nothing happened?
Thanks in advance,
-HeathYou can't replay packets right now. The upcoming onePK APIs will allow you to do this, however. If you want to call tcpreplay from your EEM policy, you could send a trap to the host, which triggers the excution, or use the Remote Command Shell policy from http://www.cisco.com/go/easy to telnet/SSH to the host from the device to run the command.
-
Is it possible to install Two iAS 6.5 SP2 instances on a single solaris box
Hi,
I have iPlanet Application server 6.0 SP2 installed on sun solaris 2.7.
Now, I want to install one more instance of iAS (same version) on the same solaris box. Just wondering, is it possible, because i think in case of Sun One Apps Server 7 its not possible.
If its possible, is there any specific configuration I have to make ?
Thanks in advance,
PrakashHello,
I think it is possible to have two instances of IAS 6.5 on one machine because last year I had similar situation with IAS 6.5 Enterprise - I instaled it twice and put them in cluster. Things were just fine.
Each creation of instance of app server meant new installation of IAS software in different install folder, where second one used Directory Server installed durring the first installation.
I remember that I had only one Directory Server installation where each IAS instance had its own space for configuration data (by specifying diferent name for "IAS global config params" during the installation) and different set of port numbers for IAS processes. Finnaly, I put these two instances in a cluster...
IAS 7.0 (Sun One App server 7.0) has different approach regarding creating and configuring several app server instances, because creating one more instance of app server doesn't mean another installation of software...
Regards
Vladimir -
RV82 Dual WAN and online banking. Packets from two IP's
Hi all
I have a RV082 set up with two different ISP's (load balancing). A while ago the users started to get problems with online banking. It looks like the bank system set up more than one "channel" to/from the end user, and that the bank systems will not accept that packets are coming from 2 different public IP's. I have solved this by binding all HTTPS traffic to WAN1.
Is this a good solution or is there a better way to deal with this? I'm afraid this will "unbalance" my network as many services like Netflix and Youtube is HTTPS.
Are there any other online services that may have problems with a load balancing setup?
If WAN1 goes down. Will WAN2 start to transport HTTPS even though HTTPS is bound to WAN1?
I also have a similar issue with alert mail from the router (goes to wrong ISP every second time), but this seems to be fixed in the last firmware:
"Email account authentication is configurable for email alert."
Thanks in advance
JoneHello Jone,
Your solution is correct. Certain types of secure connection like HTTPS or SSH will not work if you keep switching the source IP, because it breaks the three-way handshake. To prevent that you setup protocol binding as you have. You can do the same thing for any other traffic that always needs to go out a certain WAN port.
If the WAN connection you have selected to protocol bind traffic to goes down, it will failover to the other WAN until the connection recovers.
I haven't seen too many online services that have issues with load balancing, it is mostly with secure connections, namely HTTPS. I did try to get Netflix into HTTPS mode, but I could never get an encrypted connection, but your best bet is to monitor and observe the network to see how it affects you.
I want to say the line you are quoting has to do with configuring authentication to an SMTP server to send e-mail alerts, rather then selecting a WAN port to use, however if you protocol bind SMTP to the WAN you would like it to use that should no longer be an issue.
Hope that helps,
Christopher Ebert - Advanced Network Support Engineer
Cisco Small Business Support Center
*please rate helpful posts* -
Capturing changes from remote server
hi all
i have MYSQL as my remote database and a local oracle server
now my switch inserts cdr ie call details report in mysql
i have an application in .net that takes this raw data, formats it and puts it in oracle in which i have some procedures to process.
i am thinking of another approach
1>can i write triggers in oracle watching tables in remote mysql
which can fire my procedures as soon as a row is inserted in mysql
2>also can i replicate a table from mysql in oracle ie changes made there are reflected in the oracle table
3>also if this feasible will it be efficient than my current way given the same set of procedures and environment
please help with the right approach
thanks in advancejclarke2,
I'm not sure I understand what you're trying to ask... If the second report already includes the status column in the SELECT clause then all you need to do is run that report after the status has been changed to see the new value (refresh the report).
Or are these reports based on different tables? Can you please provide more details?
Regards,
Dan
http://danielmcghan.us
http://sourceforge.net/projects/tapigen
http://sourceforge.net/projects/plrecur
You can reward this reply by marking it as either Helpful or Correct ;-) -
Insert data from two rows into a single row in a new table
Hi
i have a table like the following
Deptno Dname Salary
10 Computer 2000
10 Computer 4000
10 Computer 3000
10 Science 6000
10 Science 1000
10 Science 4000
10 Science 10000
I want to insert data into a new table like the following
Deptno MaxSalCom Minsalcom MinSalSci MaxSaSci
10 2000 4000 1000 10000
Deptno--As in Table1
MaxSalCom--Maximum salary for Dname " Computer"
Minsalcom--Minimum salary for Dname " Computer"
MaxSalSci--Maximum salary for Dname " Science"
MinsalSci--Minimum salary for Dname " Science"
Please help me how to go about itwith data as
(select 10 dno, 'Computer' dname, 2000 sal FROM dual
union all
select 10, 'Computer', 4000 FROM dual
union all
select 10, 'Computer', 3000 FROM dual
UNION all
select 10, 'Science', 6000 FROM dual
union all
select 10, 'Science', 1000 FROM dual
union all
select 10, 'Science', 4000 FROM dual
union all
select 10, 'Science', 10000 FROM dual
select dno, min(decode(dname,'Computer',sal)) min_sal_comp , max(decode(dname,'Computer',sal)) max_sal_comp,
min(decode(dname,'Science',sal))min_sal_sci , max(decode(dname,'Science',sal)) max_sal_sci
from data
group by dno; -
Sharing iTunes libraries from two accounts on the same physical box
I have two users set up for fast user switching on a single box. both users are active. each has its own copy of iTunes running, each with its own library, each set up to share. the firewall has iTunes sharing enabled.
from a separate copy of iTunes on a different box, I can see both libraries posted for sharing. if I try to open one of them (belonging to the administrator account), sharing works as advertised. if I try to open the other, loading times out, and the share fails with error code 3359.
is the problem that only one copy of iTunes on a physical box can be shared at a time? or is there some other configuration issue I've not taken account of?
thanks
G5 Mac OS X (10.4.5) iTunes 6.0.3thanks for your response.
if you've submitted a feature request, it may be a lost cause for the moment. what I find, however, is that if both are logged on and active, it's the one that started first that's available.
regards. -
Two FTP ports on a single solaris server
can i have two FTP ports on single Solaris server ? If yes, HOW ??
Hi adiyakiran,
This is possible in third party ftp server wu-ftpd. you can download it from http://www.sunfreeware.com.
read wu-ftpd faq URL: http://www.wu-ftpd.org/wu-ftpd-faq.html
Testing on a different port number then ftp:21
This can be done from the command line or with a special definition in /etc/services ,/etc/inetd.conf. For command-line, look up -P and -p in the ftpaccess(5) manpage.
To set up with special definitions, add 2 ports with consecutive numbers in /etc/services, and then start wu-ftpd on these ports. Add to /etc/services something like :
ftptest 4021/tcp #command port
ftptest-data 4020/tcp #data port
Then start wu-ftpd from /etc/inetd.conf like :
ftptest stream tcp nowait root /usr/etc/in.ftpd in.ftpd
The key is the name 'ftptest' which associates the port assignment in the /etc/services file to that in the inetd.conf file. Make certain the choice of ports in /etc/services (4021 and 4020 above) are from the local use list and don't conflict with other port assignments (see RFC1700, ASSIGNED NUMBERS). One important subtlety. The data
port is not really derived from the data port declaration in the /etc/services file. The FTP specification (RFC765) states the data port is defined as one less than the command port. However, including the data port declaration in the /etc/services file prevents it from being accidentally assigned to something else.
Thanks.
regards,
senthilkumar.
SUN - DTS -
How to upload a file from application server?
Hi experts,
I am going to create a conversion program using call function 'HR_INFOTYPE_OPERATION'.In my conversion I am going to upload per_area,emp_subgroup,payroll_area,work contract and orgn_key for the infotype IT0001 and the input file is from application server.I am using check boxes for these 5 fields and for the fields I am selecting the checkbox.I want to upload the datas in the IT0001 using HR_INFOTYPE_OPERATION.That is using the call transaction function.Its urgent give me some ideas or codings for that infotype updating.
Thanks,
Sakthi.CHi
you can use <b>open dataset for input</b>,<b>Read dataset</b> for uploading data from a application server.
Message was edited by:
Raghu Reddy -
is it possible to drag and drop an arrangement from another music program like Band-ina-box into garage band
GarageBand for iPad is a pretty closed system.
The Song File
You can only open GarageBand for iPad Song Files with the extension .band. Please note that those files look the same as the ones form GarageBand 11. However, they are only upwards compatible but not downward compatible. GarageBand iOS -> GarageBand OSX -> Logic.
Audio Files
You can import a wide variety of Audio Files into GarageBand (via iTunes File Sharing) to use in your Song. But any material from another app has to be mixed down first. Either as a single stereo mix or you mix each track separately and then import those separate files ("stems") into GarageBand. This is a typical procedure to move material to a different app,for example for mixing.
Hope that helps
Edgar Rothermich
http://DingDingMusic.com
'I may receive some form of compensation, financial or otherwise, from my recommendation or link.' -
Taking data from two different server in a single table
Hi All,
can u plz tell me i want take a data from a two different server in a single table
Thanks,
Bell.Again, you have written the same sentence. I have 2 servers Server1 and Server2 and one table called my_table (You or God knows where this table is).
Now tell us what you want to do ?
Sidhu
http://amardeepsidhu.blogspot.com -
One computer at COMPANY-A is attempting to communicate with two
computers located at COMPANY-B, via an IPsec tunnel between the
two companies.
All communications are via TCP protocol.
All devices present public IP addresses to one another, although they
may have RFC 1918 addresses on other interfaces, and NAT may be in use
on the COMPANY-B side. (NAT is not being used on the COMPANY-A side.)
The players:(Note: first three octets have been changed for security reasons)
COMPANY-A computer 1.2.3.161
COMPANY-A router 1.2.3.8 (also IPsec peer)
COMPANY-A has 1.2.3.0/24 with no subnetting.
COMPANY-B router 4.5.6.228 (also IPsec peer)
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
COMPANY-B has 4.5.6.0/23 subnetted in various ways.
COMPANY-B also has 9.10.11.0/24, but it is not involved in the issue.
What works:
The COMPANY-A computer 1.2.3.161 can communicate via the single IPsec
tunnel to COMPANY-B computer #1 4.5.7.94 without problems.
The "show crypto session detail" command shows Inbound/Outbound packets
flowing in the dec'ed and enc'ed positions.
What doesn't:
When the COMPANY-A computer 1.2.3.161 attempts to communicate
via the single IPsec tunnel with the COMPANY-B computer #2 4.5.7.29,
the COMPANY-A router eventually reports five of these messages:
Oct 9 15:24:54.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:24:57.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:03.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:15.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:39.329: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:26:27.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
and the "show crypto session detail" shows inbound packets being dropped.
The COMPANY-A computer that opens the TCP connection never gets past the
SYN_SENT phase of the TCP connection whan trying to communicate with the
COMPANY-B computer #2, and the repeated error messages are the retries of
the SYN packet.
On the COMPANY-A side, this IPsec configuration has been set up on a 3745,
a 3725, and some 76xx routers were tried, all with similar behavior,
with packets from one far-end computer passing fine, and packets from
another far-end computer in the same netblock passing through the same
IPsec tunnel failing with the "failed SA identity" error.
The COMPANY-A computer directs all packets headed to COMPANY-B via the
COMPANY-A router at 1.2.3.8 with this set of route settings:
netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
4.5.7.0 1.2.3.8 255.255.255.0 UG 0 0 0 eth3
1.2.3.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.1.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3
10.0.0.0 10.1.1.1 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth3
The first route line shown is selected for access to both COMPANY-B computers.
The COMPANY-A router (IPsec tunnel endpoint, 1.2.3.8) has this
configuration:
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 4.5.6.228
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set COMPANY-B01 esp-3des esp-sha-hmac
crypto map COMPANY-BMAP1 10 ipsec-isakmp
description COMPANY-B VPN
set peer 4.5.6.228
set transform-set COMPANY-B01
set pfs group2
match address 190
interface FastEthernet0/0
ip address 1.2.3.8 255.255.255.0
no ip redirects
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map COMPANY-BMAP1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.2.3.1
ip route 10.0.0.0 255.0.0.0 10.1.1.1
ip route 1.2.3.8.0 255.255.255.0 FastEthernet0/0
access-list 190 permit ip host 1.2.3.161 4.5.7.0 0.0.0.255
access-list 190 permit ip host 1.2.3.161 9.10.11.0 0.0.0.255
bridge 1 protocol ieee
One of the routers tried had this IOS/hardware configuration:
Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(25c),
RELEASE SOFTWARE (fc2)
isco 3725 (R7000) processor (revision 0.1) with 115712K/15360K bytes of memory.
Processor board ID XXXXXXXXXXXXXXX
R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
2 FastEthernet interfaces
4 ATM interfaces
DRAM configuration is 64 bits wide with parity disabled.
55K bytes of NVRAM.
31296K bytes of ATA System CompactFlash (Read/Write)
250368K bytes of ATA Slot0 CompactFlash (Read/Write)
Configuration register is 0x2102
#show crypto sess
Crypto session current status
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:06:26:27
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 651 drop 16 life (KB/Sec) 4496182/23178
Outbound: #pkts enc'ed 574 drop 2 life (KB/Sec) 4496279/23178
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
The COMPANY-B device on their end of the IPsec VPN is a Juniper SSG1000
Version 6.1 (ScreenOS)
We only have a limited view into the Juniper device configuration.
What we were allowed to see was:
COMPANY-B-ROUTER(M)-> sh config | incl COMPANY-A
set address "Untrust" "oss-COMPANY-A-1.2.3.161" 1.2.3.161 255.255.255.255
set ike gateway "COMPANY-A-1-GW" address 1.2.3.8 Main outgoing-interface "ethernet2/1" preshare xxxxxxxxxxxxxxxxxxxxxx proposal "pre-g2-3des-sha"
set vpn "COMPANY-A-1-IKE" gateway "COMPANY-A-1-GW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha-28800"
set policy id 2539 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "9.10.11.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2500
set policy id 2500 from "Trust" to "Untrust" "9.10.11.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2539
set policy id 2541 from "Trust" to "Untrust" "4.5.7.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2540
set policy id 2540 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "4.5.7.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2541
COMPANY-B-ROUTER(M)->
I suspect that this curious issue is due to a configuration setting on the
Juniper device, but neither party has seen this error before. COMPANY-B
operates thousands of IPsec VPNs and they report that this is a new error
for them too. The behavior that allows traffic from one IP address to
work and traffic from another to end up getting this error is also unique.
As only the Cisco side emits any error message at all, this is the only
clue we have as to what is going on, even if this isn't actually an IOS
problem.
What we are looking for is a description of exactly what the Cisco
IOS error message:
IPSEC(epa_des_crypt): decrypted packet failed SA identity check
is complaining about, and if there are any known causes of the behavior
described that occur when running IPsec between Cisco IOS and a Juniper
SSG device. Google reports many other incidents of the same error
message (but not the "I like that IP address but hate this one" behavior),
and not just with a Juniper device on the COMPANY-B end, but for those cases,
not one was found where the solution was described.
It is hoped that with a better explanation of the error message
and any known issues with Juniper configuration settings causing
this error, we can have COMPANY-B make adjustments to their device.
Or, if there is a setting change needed on the COMPANY-A router,
that can also be implemented.
Thanks in advance for your time in reading this, and any ideas.Hello Harish,
It is believed that:
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
both have at least two network interfaces, one with a public IP address
(which we are supposedly conversing with) and one with a RFC 1918 type
address. COMPANY-B is reluctant to disclose details of their network or
servers setup, so this is not 100% certain.
Because of that uncertainty, it occurred to me that perhaps COMPANY-B
computer #2 might be incorrectly routing via the RFC 1918 interface.
In theory, such packets should have been blocked by the access-list on both
COMPANY-A router, and should not have even made it into the IPsec VPN
if the Juniper access settings work as it appears they should. So I turned up
debugging on COMPANY-A router so that I could see the encrypted and
decrypted packet hex dumps.
I then hand-disassembled the decoded ACK packet IP header received just
prior to the "decrypted packet failed SA check" error being emitted and
found the expected source and destination IP addresses (4.5.7.29 and 1.2.3.161),
in the unecapsulated packet. I also found the expected port numbers of the TCP
conversation that was trying to be established in the TCP header. So, it
looks like COMPANY-B computer #2 is emitting the packets out the right
interface.
The IP packet header of the encrypted packet showed the IP addresses of the
two routers at each terminus of the IPsec VPN, but since I don't know what triggers
the "SA check" error message or what it is complaining about, I don't know what
other clues to look for in the packet dumps.
As to your second question, "can you check whether both encapsulation and
decapsulation happening in 'show crypto ipsec sa'", the enc'ed/dec'ed
counters were both going up by the correct quantities. When communicating
with the uncooperative COMPANY-B computer #2, you would also see the
received Drop increment for each packet decrypted. When communicating
with the working COMPANY-B computer #1, the Drop counters would not
increment, and the enc'ed/dec'ed would both increment.
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:54
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 5 life (KB/Sec) 4458308/28784
Outbound: #pkts enc'ed 401 drop 3 life (KB/Sec) 4458308/28784
Attempt a TCP communication to COMPANY-B computer #2...
show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:23
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 6 life (KB/Sec) 4458307/28753
Outbound: #pkts enc'ed 402 drop 3 life (KB/Sec) 4458307/28753
Note Inbound "drop" changed from 5 to 6. (I didn't let it sit for all
the retries.)
#show crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: COMPANY-BMAP1, local addr 1.2.3.8
protected vrf: (none)
local ident (addr/mask/prot/port): (1.2.3.161/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (4.5.7.0/255.255.255.0/0/0)
current_peer 4.5.6.228 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 402, #pkts encrypt: 402, #pkts digest: 402
#pkts decaps: 376, #pkts decrypt: 376, #pkts verify: 376
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 3, #recv errors 6
local crypto endpt.: 1.2.3.8, remote crypto endpt.: 4.5.6.228
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0xDF2CC59C(3744253340)
inbound esp sas:
spi: 0xD9D2EBBB(3654478779)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xDF2CC59C(3744253340)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: SW:3, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
The "send" errors appear to be related to the tunnel reverting to a
DOWN state after periods of inactivity, and you appear to get one
each time the tunnel has to be re-negotiated and returned to
an ACTIVE state. There is no relationship between Send errors
incrementing and working/non-working TCP conversations to the
two COMPANY-B servers.
Thanks for pondering this very odd behavior. -
Is it possible to use Aperture to make a new jpg from two existing ones? I'd essentially like to create a photo collage (without using existing templates) that I can then print as a single image, rather than in a book. Any advice will be most welcome! Thanks.
https://discussions.apple.com/message/15678716#15678716
(Added)
The main point is that Aperture is used to make digital negatives as good as they can be (for the uses you define), but it does not ADD date to your digital negatives, nor does it produce NEW combination files. For those tasks you need a Graphics program.
Message was edited by: Kirby Krieger
Maybe you are looking for
-
Multiple SSID channel question
I have 2 (for now) Aironet 1231g access points setup. They each have two SSIDs being broadcast on each one, both are the same two SSIDs. The question is, can can two different ssids from a single ap broadcast on the same channel. That means I would h
-
Where can I buy pentalobe screwdrivers for MacBook Pros?
Where can I buy Pentalobe screwdrivers for the MacBook Pro?
-
Hi experts I want to create a java map. My requirement is given below. I/P xml>> <?xml version="1.0" encoding="UTF-8"?> <TradeplaceMessage productionMode="production" xmlns="http://zhm....."> <TransportEnvelope> <Routing><To>abcd</To><From> I want to
-
Labview FPGA: Why not have local variable without indicator?
In Labview FPGA, to transfer data among parallel loops, there are three ways or maybe more, local variable, global variable and block memory. The problem with local variable is that it needs an indicator along with, not like global variable. I was th
-
HT5437 Is it necessary to use a computer to set up Apple TV?
I only use an iPad and would like to install Apple TV. Is it necessary to configure with A computer with a USB port?