Capturing packets from two server programs in single solaris box

Similar Messages

• Capture Changes from Sql Server  using Oracle Streams  - Destination Oracle

  Is it possible to capture changes made to tables in Sql Server database and propagate the changes to Oracle Database using Oracle Streams and Heterogeneous Gateway. I see plenty of information about pushing data from Oracle to Sql server, but I haven't been able to find much information about going the other way. Currently we are using sql server 2005 replication to accomplish this. We are looking into the possibility of replacing it with streams.

  the brief understanding i have is that there is nothing out of the tin that Oracle provides to stream between SQL Server and Oracle. The senario is documented in Oracle docs however and says you need to implement the SQL Server side to grabe changes and submit to Oracle stream queues.
  i'm sure i've seen third parties who sell software to do this.
  If you know otherwise please let me know. Also wasn;t aware one could push from SQL Server to Oracle. Is this something only avail in SQL Server 2005 or does 200 also have it? How are you doing this?
  Cheers

• Capturing images from two web camera in real time

  Hi,
  I need to compare two pictures from two webcameras. I will make some easy computing on them, so there should be no speed problem, but i dont know how can i take each picture? is there any action which is called each time a frame comes? do sb have some sample code?
  thanks
  JJ

  Here's source code I posted to capture a frame from one webcam.
  http://forum.java.sun.com/thread.jspa?threadID=570463&tstart=25
  Lots of people have problems with multiple cameras, something to do with the
  Windows USB channels and failing to detect/select between the two.
  So, capturing frames from 1 web cam is relatively straightforward, but you may have serious problems with two or more.
  regards,
  Owen

• Resend captured packets from cisco ios? (tcpreplay w/o WireShark)

  Hello again,
  As the title of the thread implies, is there a way to replay captured packets (as in a pcap file from the EPC protocol) from cisco ios? I am trying a work around by calling it from a connected computer, but I can't launch tcpreplay dynamically from an EEM script (mainly because I can't target the host OS from the EEM scope).
  Basically I am capturing packets in order to delay them until some arbitrary time determined by another (or even the same) EEM script. Is there a function I don't know about that I can call to put previously captured packets (stored in a pcap file) directly back on the bus as if nothing happened?
  Thanks in advance,
  -Heath

  You can't replay packets right now.  The upcoming onePK APIs will allow you to do this, however.  If you want to call tcpreplay from your EEM policy, you could send a trap to the host, which triggers the excution, or use the Remote Command Shell policy from http://www.cisco.com/go/easy to telnet/SSH to the host from the device to run the command.

• Is it possible to install Two iAS 6.5 SP2 instances on a single solaris box

  Hi,
  I have iPlanet Application server 6.0 SP2 installed on sun solaris 2.7.
  Now, I want to install one more instance of iAS (same version) on the same solaris box. Just wondering, is it possible, because i think in case of Sun One Apps Server 7 its not possible.
  If its possible, is there any specific configuration I have to make ?
  Thanks in advance,
  Prakash

  Hello,
  I think it is possible to have two instances of IAS 6.5 on one machine because last year I had similar situation with IAS 6.5 Enterprise - I instaled it twice and put them in cluster. Things were just fine.
  Each creation of instance of app server meant new installation of IAS software in different install folder, where second one used Directory Server installed durring the first installation.
  I remember that I had only one Directory Server installation where each IAS instance had its own space for configuration data (by specifying diferent name for "IAS global config params" during the installation) and different set of port numbers for IAS processes. Finnaly, I put these two instances in a cluster...
  IAS 7.0 (Sun One App server 7.0) has different approach regarding creating and configuring several app server instances, because creating one more instance of app server doesn't mean another installation of software...
  Regards
  Vladimir

• RV82 Dual WAN and online banking. Packets from two IP's

  Hi all
  I have a RV082 set up with two different ISP's (load balancing). A while ago the users started to get problems with online banking. It looks like the bank system set up more than one "channel" to/from the end user, and that the bank systems will not accept that packets are coming from 2 different public IP's. I have solved this by binding all HTTPS traffic to WAN1.
  Is this a good solution or is there a better way to deal with this? I'm afraid this will "unbalance" my network as many services like Netflix and Youtube is HTTPS.
  Are there any other online services that may have problems with a load balancing setup?
  If WAN1 goes down. Will WAN2 start to transport HTTPS even though HTTPS is bound to WAN1?
  I also have a similar issue with alert mail from the router (goes to wrong ISP every second time), but this seems to be fixed in the last firmware:
  "Email account authentication is configurable for email alert."
  Thanks in advance
  Jone

  Hello Jone,
  Your solution is correct.  Certain types of secure connection like HTTPS or SSH will not work if you keep switching the source IP, because it breaks the three-way handshake.  To prevent that you setup protocol binding as you have.  You can do the same thing for any other traffic that always needs to go out a certain WAN port.  
  If the WAN connection you have selected to protocol bind traffic to goes down, it will failover to the other WAN until the connection recovers.  
  I haven't seen too many online services that have issues with load balancing, it is mostly with secure connections, namely HTTPS.  I did try to get Netflix into HTTPS mode, but I could never get an encrypted connection, but your best bet is to monitor and observe the network to see how it affects you.
  I want to say the line you are quoting has to do with configuring authentication to an SMTP server to send e-mail alerts, rather then selecting a WAN port to use, however if you protocol bind SMTP to the WAN you would like it to use that should no longer be an issue.
  Hope that helps,
  Christopher Ebert - Advanced Network Support Engineer
  Cisco Small Business Support Center
  *please rate helpful posts*

• Capturing changes from remote server

  hi all
  i have MYSQL as my remote database and a local oracle server
  now my switch inserts cdr ie call details report in mysql
  i have an application in .net that takes this raw data, formats it and puts it in oracle in which i have some procedures to process.
  i am thinking of another approach
  1>can i write triggers in oracle watching tables in remote mysql
  which can fire my procedures as soon as a row is inserted in mysql
  2>also can i replicate a table from mysql in oracle ie changes made there are reflected in the oracle table
  3>also if this feasible will it be efficient than my current way given the same set of procedures and environment
  please help with the right approach
  thanks in advance

  jclarke2,
  I'm not sure I understand what you're trying to ask... If the second report already includes the status column in the SELECT clause then all you need to do is run that report after the status has been changed to see the new value (refresh the report).
  Or are these reports based on different tables? Can you please provide more details?
  Regards,
  Dan
  http://danielmcghan.us
  http://sourceforge.net/projects/tapigen
  http://sourceforge.net/projects/plrecur
  You can reward this reply by marking it as either Helpful or Correct ;-)

• Insert data from two rows into a single row in a new table

  Hi
  i have a table like the following
  Deptno Dname      Salary
  10     Computer     2000
  10     Computer     4000
  10     Computer     3000
  10     Science     6000
  10     Science 1000
  10     Science     4000
  10     Science     10000
  I want to insert data into a new table like the following
  Deptno MaxSalCom     Minsalcom MinSalSci     MaxSaSci
  10     2000     4000      1000     10000
  Deptno--As in Table1
  MaxSalCom--Maximum salary for Dname " Computer"
  Minsalcom--Minimum salary for Dname " Computer"
  MaxSalSci--Maximum salary for Dname " Science"
  MinsalSci--Minimum salary for Dname " Science"
  Please help me how to go about it

  with data as
  (select 10 dno, 'Computer' dname, 2000 sal FROM dual
  union all
  select 10, 'Computer', 4000 FROM dual
  union all
  select 10, 'Computer', 3000 FROM dual
  UNION all
  select 10, 'Science', 6000 FROM dual
  union all
  select 10, 'Science', 1000 FROM dual
  union all
  select 10, 'Science', 4000 FROM dual
  union all
  select 10, 'Science', 10000 FROM dual
  select dno, min(decode(dname,'Computer',sal)) min_sal_comp , max(decode(dname,'Computer',sal)) max_sal_comp,
  min(decode(dname,'Science',sal))min_sal_sci , max(decode(dname,'Science',sal)) max_sal_sci
  from data
  group by dno;

• Sharing iTunes libraries from two accounts on the same physical box

  I have two users set up for fast user switching on a single box. both users are active. each has its own copy of iTunes running, each with its own library, each set up to share. the firewall has iTunes sharing enabled.
  from a separate copy of iTunes on a different box, I can see both libraries posted for sharing. if I try to open one of them (belonging to the administrator account), sharing works as advertised. if I try to open the other, loading times out, and the share fails with error code 3359.
  is the problem that only one copy of iTunes on a physical box can be shared at a time? or is there some other configuration issue I've not taken account of?
  thanks
  G5   Mac OS X (10.4.5)   iTunes 6.0.3

  thanks for your response.
  if you've submitted a feature request, it may be a lost cause for the moment. what I find, however, is that if both are logged on and active, it's the one that started first that's available.
  regards.

• Two FTP ports on a single solaris server

  can i have two FTP ports on single Solaris server ? If yes, HOW ??

  Hi adiyakiran,
  This is possible in third party ftp server wu-ftpd. you can download it from http://www.sunfreeware.com.
  read wu-ftpd faq URL: http://www.wu-ftpd.org/wu-ftpd-faq.html
  Testing on a different port number then ftp:21
  This can be done from the command line or with a special definition in /etc/services ,/etc/inetd.conf. For command-line, look up -P and -p in the ftpaccess(5) manpage.
  To set up with special definitions, add 2 ports with consecutive numbers in /etc/services, and then start wu-ftpd on these ports. Add to /etc/services something like :
  ftptest 4021/tcp #command port
  ftptest-data 4020/tcp #data port
  Then start wu-ftpd from /etc/inetd.conf like :
  ftptest stream tcp nowait root /usr/etc/in.ftpd in.ftpd
  The key is the name 'ftptest' which associates the port assignment in the /etc/services file to that in the inetd.conf file. Make certain the choice of ports in /etc/services (4021 and 4020 above) are from the local use list and don't conflict with other port assignments (see RFC1700, ASSIGNED NUMBERS). One important subtlety. The data
  port is not really derived from the data port declaration in the /etc/services file. The FTP specification (RFC765) states the data port is defined as one less than the command port. However, including the data port declaration in the /etc/services file prevents it from being accidentally assigned to something else.
  Thanks.
  regards,
  senthilkumar.
  SUN - DTS

• How to upload a file from application server?

  Hi experts,
  I am going to create a conversion program using call function 'HR_INFOTYPE_OPERATION'.In my conversion I am going to upload per_area,emp_subgroup,payroll_area,work contract and orgn_key for the infotype IT0001 and the input file is from application server.I am using check boxes for these 5 fields and  for the fields I am selecting the checkbox.I want to upload the datas in the IT0001 using HR_INFOTYPE_OPERATION.That is using the call transaction function.Its urgent give me some ideas or codings for that infotype updating.
  Thanks,
  Sakthi.C

  Hi
  you can use <b>open dataset for input</b>,<b>Read dataset</b> for uploading data from a application server.
  Message was edited by:
          Raghu Reddy

• Is it possible to drag and drop an arrangement from another software program such as band-In -Box to garage band

  is it possible to drag and drop an arrangement from another music program like Band-ina-box into garage band

  GarageBand for iPad is a pretty closed system.
  The Song File
  You can only open GarageBand for iPad Song Files with the extension .band. Please note that those files look the same as the ones form GarageBand 11. However, they are only upwards compatible but not downward compatible. GarageBand iOS -> GarageBand OSX -> Logic.
  Audio Files
  You can import a wide variety of Audio Files into GarageBand (via iTunes File Sharing) to use in your Song. But any material from another app has to be mixed down first. Either as a single stereo mix or you mix each track separately and then import those separate files ("stems") into GarageBand. This is a typical procedure to move material to a different app,for example for mixing.
  Hope that helps
  Edgar Rothermich
  http://DingDingMusic.com
  'I may receive some form of compensation, financial or otherwise, from my recommendation or link.'

• Taking data from two different server in a single table

  Hi All,
  can u plz tell me i want take a data from a two different server in a single table
  Thanks,
  Bell.

  Again, you have written the same sentence. I have 2 servers Server1 and Server2 and one table called my_table (You or God knows where this table is).
  Now tell us what you want to do ?
  Sidhu
  http://amardeepsidhu.blogspot.com

• Getting "IPSEC(epa_des_crypt): decrypted packet failed SA identity check" messages on packets from only one of two far-end sources sharing the same tunnel, the other source works fine. What exactly does this error mean?

  One computer at COMPANY-A is attempting to communicate with two
  computers located at COMPANY-B, via an IPsec tunnel between the
  two companies.
  All communications are via TCP protocol.
  All devices present public IP addresses to one another, although they
  may have RFC 1918 addresses on other interfaces, and NAT may be in use
  on the COMPANY-B side.  (NAT is not being used on the COMPANY-A side.)
  The players:(Note: first three octets have been changed for security reasons)
  COMPANY-A computer      1.2.3.161
  COMPANY-A router        1.2.3.8 (also IPsec peer)
  COMPANY-A has 1.2.3.0/24 with no subnetting.
  COMPANY-B router        4.5.6.228 (also IPsec peer)
  COMPANY-B computer #1   4.5.7.94 (this one has no issues)
  COMPANY-B computer #2   4.5.7.29 (this one fails)
  COMPANY-B has 4.5.6.0/23 subnetted in various ways.
  COMPANY-B also has 9.10.11.0/24, but it is not involved in the issue.
  What works:
  The COMPANY-A computer 1.2.3.161 can communicate via the single IPsec
  tunnel to COMPANY-B computer #1 4.5.7.94 without problems.
  The "show crypto session detail" command shows Inbound/Outbound packets
  flowing in the dec'ed and enc'ed positions.
  What doesn't:
  When the COMPANY-A computer 1.2.3.161 attempts to communicate
  via the single IPsec tunnel with the COMPANY-B computer #2 4.5.7.29,
  the COMPANY-A router eventually reports five of these messages:
  Oct  9 15:24:54.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:24:57.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:25:03.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:25:15.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:25:39.329: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:26:27.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  and the "show crypto session detail" shows inbound packets being dropped.
  The COMPANY-A computer that opens the TCP connection never gets past the
  SYN_SENT phase of the TCP connection whan trying to communicate with the
  COMPANY-B computer #2, and the repeated error messages are the retries of
  the SYN packet.
  On the COMPANY-A side, this IPsec configuration has been set up on a 3745,
  a 3725, and some 76xx routers were tried, all with similar behavior,
  with packets from one far-end computer passing fine, and packets from
  another far-end computer in the same netblock passing through the same
  IPsec tunnel failing with the "failed SA identity" error.
  The COMPANY-A computer directs all packets headed to COMPANY-B via the
  COMPANY-A router at 1.2.3.8 with this set of route settings:
  netstat -r -n
  Kernel IP routing table
  Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
  4.5.7.0         1.2.3.8         255.255.255.0   UG        0 0          0 eth3
  1.2.3.8.0       0.0.0.0         255.255.255.0   U         0 0          0 eth3
  10.1.0.0        0.0.0.0         255.255.240.0   U         0 0          0 eth0
  169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth3
  10.0.0.0        10.1.1.1        255.0.0.0       UG        0 0          0 eth0
  0.0.0.0         1.2.3.1         0.0.0.0         UG        0 0          0 eth3
  The first route line shown is selected for access to both COMPANY-B computers.
  The COMPANY-A router (IPsec tunnel endpoint, 1.2.3.8) has this
  configuration:
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  lifetime 28800
  crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 4.5.6.228
  crypto ipsec security-association lifetime seconds 86400
  crypto ipsec transform-set COMPANY-B01 esp-3des esp-sha-hmac
  crypto map COMPANY-BMAP1 10 ipsec-isakmp
  description COMPANY-B VPN
  set peer 4.5.6.228
  set transform-set COMPANY-B01
  set pfs group2
  match address 190
  interface FastEthernet0/0
  ip address 1.2.3.8 255.255.255.0
  no ip redirects
  ip virtual-reassembly
  duplex auto
  speed auto
  no cdp enable
  crypto map COMPANY-BMAP1
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 1.2.3.1
  ip route 10.0.0.0 255.0.0.0 10.1.1.1
  ip route 1.2.3.8.0 255.255.255.0 FastEthernet0/0
  access-list 190 permit ip host 1.2.3.161 4.5.7.0 0.0.0.255
  access-list 190 permit ip host 1.2.3.161 9.10.11.0 0.0.0.255
  bridge 1 protocol ieee
  One of the routers tried had this IOS/hardware configuration:
  Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(25c),
  RELEASE SOFTWARE (fc2)
  isco 3725 (R7000) processor (revision 0.1) with 115712K/15360K bytes of memory.
  Processor board ID XXXXXXXXXXXXXXX
  R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
  2 FastEthernet interfaces
  4 ATM interfaces
  DRAM configuration is 64 bits wide with parity disabled.
  55K bytes of NVRAM.
  31296K bytes of ATA System CompactFlash (Read/Write)
  250368K bytes of ATA Slot0 CompactFlash (Read/Write)
  Configuration register is 0x2102
  #show crypto sess
  Crypto session current status
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
    IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
          Active SAs: 0, origin: crypto map
  #show crypto sess det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.5.6.228
        Desc: (none)
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
            Capabilities:(none) connid:1 lifetime:06:26:27
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 651 drop 16 life (KB/Sec) 4496182/23178
          Outbound: #pkts enc'ed 574 drop 2 life (KB/Sec) 4496279/23178
    IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
          Active SAs: 0, origin: crypto map
          Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
          Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
  The COMPANY-B device on their end of the IPsec VPN is a Juniper SSG1000
  Version 6.1 (ScreenOS)
  We only have a limited view into the Juniper device configuration.
  What we were allowed to see was:
  COMPANY-B-ROUTER(M)-> sh config | incl COMPANY-A
  set address "Untrust" "oss-COMPANY-A-1.2.3.161" 1.2.3.161 255.255.255.255
  set ike gateway "COMPANY-A-1-GW" address 1.2.3.8 Main outgoing-interface "ethernet2/1" preshare xxxxxxxxxxxxxxxxxxxxxx  proposal "pre-g2-3des-sha"
  set vpn "COMPANY-A-1-IKE" gateway "COMPANY-A-1-GW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha-28800"
  set policy id 2539 from "Untrust" to "Trust"  "oss-COMPANY-A-1.2.3.161" "9.10.11.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2500
  set policy id 2500 from "Trust" to "Untrust"  "9.10.11.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2539
  set policy id 2541 from "Trust" to "Untrust"  "4.5.7.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2540
  set policy id 2540 from "Untrust" to "Trust"  "oss-COMPANY-A-1.2.3.161" "4.5.7.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2541
  COMPANY-B-ROUTER(M)->
  I suspect that this curious issue is due to a configuration setting on the
  Juniper device, but neither party has seen this error before.  COMPANY-B
  operates thousands of IPsec VPNs and they report that this is a new error
  for them too.  The behavior that allows traffic from one IP address to
  work and traffic from another to end up getting this error is also unique.
  As only the Cisco side emits any error message at all, this is the only
  clue we have as to what is going on, even if this isn't actually an IOS
  problem.
  What we are looking for is a description of exactly what the Cisco
  IOS error message:
  IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  is complaining about, and if there are any known causes of the behavior
  described that occur when running IPsec between Cisco IOS and a Juniper
  SSG device.  Google reports many other incidents of the same error
  message (but not the "I like that IP address but hate this one" behavior),
  and not just with a Juniper device on the COMPANY-B end, but for those cases,
  not one was found where the solution was described.
  It is hoped that with a better explanation of the error message
  and any known issues with Juniper configuration settings causing
  this error, we can have COMPANY-B make adjustments to their device.
  Or, if there is a setting change needed on the COMPANY-A router,
  that can also be implemented.
  Thanks in advance for your time in reading this, and any ideas.

  Hello Harish,
  It is believed that:
  COMPANY-B computer #1   4.5.7.94 (this one has no issues)
  COMPANY-B computer #2   4.5.7.29 (this one fails)
  both have at least two network interfaces, one with a public IP address
  (which we are supposedly conversing with) and one with a RFC 1918 type
  address.   COMPANY-B is reluctant to disclose details of their network or
  servers setup, so this is not 100% certain.
  Because of that uncertainty, it occurred to me that perhaps COMPANY-B
  computer #2 might be incorrectly routing via the RFC 1918 interface.
  In theory, such packets should have been blocked by the access-list on both
  COMPANY-A router, and should not have even made it into the IPsec VPN
  if the Juniper access settings work as it appears they should.  So I turned up
  debugging on COMPANY-A router so that I could see the encrypted and
  decrypted packet hex dumps.
  I then hand-disassembled the decoded ACK packet IP header received just
  prior to the "decrypted packet failed SA check" error being emitted and
  found the expected source and destination IP addresses (4.5.7.29 and 1.2.3.161),
  in the unecapsulated packet.  I also found the expected port numbers of the TCP
  conversation that was trying to be established in the TCP header.  So, it
  looks like COMPANY-B computer #2 is emitting the packets out the right
  interface.
  The IP packet header of the encrypted packet showed the IP addresses of the
  two routers at each terminus of the IPsec VPN, but since I don't know what triggers
  the "SA check" error message or what it is complaining about, I don't know what
  other clues to look for in the packet dumps.
  As to your second question, "can you check whether both encapsulation and
  decapsulation happening in 'show crypto ipsec sa'",   the enc'ed/dec'ed
  counters were both going up by the correct quantities.  When communicating
  with the uncooperative COMPANY-B computer #2, you would also see the
  received Drop increment for each packet decrypted.  When communicating
  with the working COMPANY-B computer #1, the Drop counters would not
  increment, and the enc'ed/dec'ed would both increment.
  #show crypto sess det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.5.6.228
        Desc: (none)
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
            Capabilities:(none) connid:1 lifetime:07:59:54
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 376 drop 5 life (KB/Sec) 4458308/28784
          Outbound: #pkts enc'ed 401 drop 3 life (KB/Sec) 4458308/28784
  Attempt a TCP communication to COMPANY-B computer #2...
  show crypto sess det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.5.6.228
        Desc: (none)
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
            Capabilities:(none) connid:1 lifetime:07:59:23
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 376 drop 6 life (KB/Sec) 4458307/28753
          Outbound: #pkts enc'ed 402 drop 3 life (KB/Sec) 4458307/28753
  Note Inbound "drop" changed from 5 to 6.  (I didn't let it sit for all
  the retries.)
  #show crypto ipsec sa
  interface: FastEthernet0/0
      Crypto map tag: COMPANY-BMAP1, local addr 1.2.3.8
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (1.2.3.161/255.255.255.255/0/0)
     remote ident (addr/mask/prot/port): (4.5.7.0/255.255.255.0/0/0)
     current_peer 4.5.6.228 port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 402, #pkts encrypt: 402, #pkts digest: 402
      #pkts decaps: 376, #pkts decrypt: 376, #pkts verify: 376
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 3, #recv errors 6
       local crypto endpt.: 1.2.3.8, remote crypto endpt.: 4.5.6.228
       path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
       current outbound spi: 0xDF2CC59C(3744253340)
    inbound esp sas:
        spi: 0xD9D2EBBB(3654478779)
          transform: esp-3des esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2004, flow_id: SW:4, crypto map: COMPANY-BMAP1
          sa timing: remaining key lifetime (k/sec): (4458307/28600)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0xDF2CC59C(3744253340)
          transform: esp-3des esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2003, flow_id: SW:3, crypto map: COMPANY-BMAP1
          sa timing: remaining key lifetime (k/sec): (4458307/28600)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:
  The "send" errors appear to be related to the tunnel reverting to a
  DOWN state after periods of inactivity, and you appear to get one
  each time the tunnel has to be re-negotiated and returned to
  an ACTIVE state.  There is no relationship between Send errors
  incrementing and working/non-working TCP conversations to the
  two COMPANY-B servers.
  Thanks for pondering this very odd behavior.

• Is it possible to use Aperture to make a new image from two existing ones--ie, in a new jpg? I essentially want to create a collage that I can then print as a single image, rather than in a book. Any advice will be most welcome!

  Is it possible to use Aperture to make a new jpg from two existing ones? I'd essentially like to create a photo collage (without using existing templates) that I can then print as a single image, rather than in a book. Any advice will be most welcome! Thanks.

  https://discussions.apple.com/message/15678716#15678716
  (Added)
  The main point is that Aperture is used to make digital negatives as good as they can be (for the uses you define), but it does not ADD date to your digital negatives, nor does it produce NEW combination files.  For those tasks you need a Graphics program.
  Message was edited by: Kirby Krieger