Double TNS datagrams in one TCP packet

Similar Messages

• WRT54GX2: TCP packets blocked (except SYN/SYN-ACK) to internet

  I'm using WRT54GX2 with latest FW 1.01.22 and I've been running into internet connectivity with one of my laptop (Toshiba MX35-S149 using Atheros). From this laptop DNS/ping works to the internet (UDP/ICMP) but all of the TCP data packets from the internet are being blocked by the router (I think). All of the other PC's continue to work with no problem.
  Rebooting the router (power cycle) causes thing to work again for this laptop but after some time (15-20 minutes or so) once again the problem comes back. I've already spent about 3 hours with support on this but no luck.
   I did a packet capture on the laptop and any HTTP request show TCP SYN, SYN-ACK packets but no data packets. The laptop continues to do the retransmission. At this point I can still PING and DNS resolve any of the names.
  The HTTP to the router's page (192.168.1.1) continues to work without any problem (still using the wireless NIC). Hard-wiring the laptop to router works fine.
  I asked the support if I can do a packet capture on the router itself but I was told "That is not possible".
  I'll add the packet capture files later today.
  Any help is appreciated as I don't think I'll get any help from the tech-support.
  TIA,
  Navras

  Interesting - I have a similar problem however I am trying to block packets going out. So you say that it allows the TCP for a little while then later it is blocked.
  Why are you trying to pass TCP into the computer specifically?
  Do you have a firewall on your laptop that you can check the logs off?
  I have been with support for my issue which is basically the BLOCKED SERVICES options are all greyed out. I need to block udp/tcp packets from going out on exactly the same router, same firmware as yours. They just read scripts from their help desk manuals and do not really seem to understand problems that are NOT in the scripts. Too bad I was hoping after cisco took over linksys would get better at customer support, not the other way.
  I saw a post previously that states that the same router DOES NOT HAVE the blocked services as a function. The manual and screen seem to indicate otherwise.
  Interesting...let us know what happens.
  danee

• Cisco 3750 --- Mark TCP packets from port 80 with DSCP ef

  Good afternoon,
  I am trying to mark outgoing traffic from a web server with value of DSCP ef
  When I am doing a traffic capture all TCP packets have tos 0x0
  If I marked UDP packets, or icmp packets, I can see it with in trafic capture, but not TCP traffic.
  This is my config,
  mls qos
  ip access-list extended MARK-HTTP-ACL
    permit tcp host 10.10.10.10 eq www any
  class-map match-any HTTP-CM
  match access-group name MARK-HTTP-ACL
  policy-map PRIORITY-PM
  class HTTP-CM
    set dscp ef
  interface GigabitEthernet1/0/11
  switchport access vlan 20
  switchport mode access
  spanning-tree portfast
  mls qos trust dscp
  service-policy input PRIORITY-PM
  Can anybody can help me to understand, why I cannot mark TCP packets?
  Thank you

  Yes.  You need to eliminate the things I've said to eliminate with the other side.  Ensure your configs are matching exactly.  They probably are, whatever, just make sure of it because it's easy.  You both need to run packet captures on your interfaces both in and out to even begin to have an idea of where to look.
  The more info you can have just one person responsible for the better.  What I mean by that is, it's typically a nice step for the 'bigger end' to have the 'smaller end's' config file to look at.
  If you are seeing packets come in your inside, leave your outside, and never make it to his inside, then take it a step at a time.
  If you're seeing them come in his interface and never come back out, you know where to look.
  Set your caps to a single host to single host if need be, and generate traffic accordingly.
  You need to narrow down where NOT to look so that you know where TO look.  I would say then, and only then, do you get the ISP involved.  Once you're sure the problem exists between his edge device and your edge device.
  I do exactly this for a living on a daily basis...day after day after day.  I'm responsible for over 200 IPSec s2s connections and thousands of SSL VPN sessions.  I always start the exact same way...from the very bottom.

• TCP packet out of state: First packet isn't SYN & Outlook is trying to retrieve data from the Microsoft Exchange Server [CAS-ARray]

  We are transitioning from Exchange 2003 to Exchange 2010.  We found Outlook online mode (non-cached mode) have many warning "Outlook is trying to retrieve data from the Microsoft Exchange Server [CAS-ARray]", usually happen when users tried to open
  address book but sometimes even normal operation like click the Send button.  The problem does not affect OWA and extremely rare when Outlook is running in cached mode.  Check the firewall logs, we notice a lot of "TCP Packet Out of State" drops.
  We have a lot from the CAS/HT to DC/GC on TCP_3268 and LDAP.  And the errors are "TCP packet out of state: First packet isn't SYN" with tcp_flags FIN-ACK, PUSH-ACK.
  We also have a lot from CAS/HT to the Outlook Clients on the static RPC port (TCP_59933).   And the errors are "TCP packet out of state: First packet isn't SYN" with tcp_flags FIN-ACK, PUSH-ACK and RST-ACK, ACK.
  This happens even on Outlook 2010 which I though it has TCP Keep Alive implmented to keep the session active within 1 hour. 
  Can somebody tell me if these out-of-state are the cause of our problem?  And how to fix it?
  THANK 1,000,000

  Hello AndyHWC,
  I did some consulting with our CAS team and received the following feedback to your post:
  It is difficult to determine what is causing resets without seeing the captures first hand however, the concern is that you are seeing dropped packets on the firewall logs.  Where is this firewall located?
  Based on the description "Check the firewall logs, we notice a lot of "TCP Packet Out of State" drops." and "We have a lot from the CAS/HT to DC/GC on TCP_3268 and
  LDAP." indicates to me that the firewall is between CAS and GC.  This not supported under any circumstances and would explain the issue they are seeing with clients trying to "retrieve data from the GC".
  If there is not a firewall between the GC and CAS then a Microsoft support engineer would need to have concurrent Netmon Captures from client, CAS, GC during the
  issue to analyze.  If only one GC exists consider adding another GC to handle the client requests and for fault tolerance.
  Also verify that all NIC card drivers are updated to the latest driver version
  More information about firewalls with Exchange 2007/2010
  http://msexchangeteam.com/archive/2009/10/21/452929.aspx
  http://technet.microsoft.com/en-us/library/bb232184(EXCHG.80).aspx
  You can install the Client Access server role on an Exchange 2007 computer that is running any other server roles except for the Edge Transport server role. You
  cannot install the Client Access server role on a computer that is installed in a cluster. Installation of a Client Access server in a perimeter network is not supported.
  http://technet.microsoft.com/en-us/library/dd577077(EXCHG.80).aspx
  “The Installation of a Client Access Server in a Perimeter Network Is Not Supported
  Issue You may want to install an Exchange 2007 Client Access server in a perimeter network. However, this type of installation is not supported in Exchange
  2007.
  Cause The Exchange 2007 Client Access server role is not supported in any configuration in which a firewall is located between the Client Access server
  and a Mailbox server or a domain controller. This includes firewall devices, firewall programs, or any program or device that is designed to restrict traffic between two network locations.
  For correct operation, Client Access servers require typical domain connectivity to domain controllers and global catalog servers. Because any devices
  or programs that restrict or reduce access to domain controllers or global catalog servers may affect the correct operation of the Client Access server, we do not support this type of configuration.
  Resolution To resolve this issue, move the Client Access servers to the internal network. For more information about the ports that Exchange 2007 uses
  for various services, see Data Path Security Reference.”
  Thanks,
  Kevin Ca - MSFT
  Kevin Ca - MSFT

• My MBP has started to send out TCP packets larger than the MTU on the NIC - is there any place that this can be overriden?

  Got a very weird issue here and wondering if anyone has any other ideas. Basically over the wired NIC only, my Mac has started to send out large HTTP/HTTPS packets from the browser (> 1500 bytes) Captures show packet sizes from 2000 all the way to 4000 sometimes. This happens in Firefox and Chrome so doesn't appear to be application related.
  This causes fragmentation issues and traffic drops which basically causes most of my websites and  tools to crash and burn (and I get all sorts of SSL errors from applications, etc).
  It appears to be limited to just TCP packets as pings with the DF bit set will not send any larger than 1500 bytes.
  However if I switch to wireless, everything works fine and captures show the correct maximum packet size of 1500 for all packets leaving my client.
  The MTU on the  en0 interface is 1500 as per ifconfig and I made sure that it was set to 1500 in Network config panel (because there is an option for jumbo frames there which bumps up the MTU).
  A packet capture also shows that during the three way handshake the TCP MSS is successfully sent and negotiated as 1480, but then it appears to ignore that when sending packets later in the TCP stream.
  I've rebooted, upgraded to 10.7.4, checked the "sysctl" outputs and matched against a Mac not having the issue.
  This is the newest MBP 15 inch model.
  Any other ideas on things to check?

  Have you used any sort of "tuner" software? You are obviously an advanced user. Sometimes we hack things up and forget about it later. If you are sure you didn't do that, maybe poke around with IPv6 settings. Supposedly people are trying to enable that and it is going to be a disaster.

• I did a backup from all my files saved in old external hd to time capsule. After that double checked and recover one file from TC to mac air and it worked just perfect. Today went through TC to recover another file and none of them were there?

  I did a backup from all my files saved in old external hd to time capsule. After that double checked and recover one file from TC to mac air and it worked just perfect. Today went through TC to recover another file and none of them were there?Anybody has a clue what happened?

  renatocremonese wrote:
  I want to use it for backing up my Mac.
  It's good for that . . . 
  But also I don't keep all my stuff in my Mac.
  But not for that. 
  This older and not day-by-day usage files I want to store in the time machine.
  You can do that (see below), but how are you going to back them up?   If your only copies are on the TC, when (not if) it fails, you risk losing your only copy of the data.
  Is it possible to split TC in two partitions.
  No, but there are some workarounds, including making a fixed-size disk image on it to "reserve" some space.  See #Q3 in Using Time Machine with a Time Capsule.
  But you still won't have backups of the stuff you put there.
  You don't say what kind of Mac you have.  If it's a desktop model, just keep the external HD connected to it, and let Time Machine back it up along with your internal HD.
  However, it sounds like you may have a laptop, where that's not going to be convenient.  In that case, your best bet might be to copy the external HD to a disk image on the TC as above, then keep the HD in a safe place.
  To finish, when i enter the TC and go through the Time line how can I get a file from there and move it back to Mac hd.
  Via the "Star Wars" display, per #15 in Time Machine - Frequently Asked Questions.
  You might also want to review the Time Machine Tutorial, and perhaps browse the rest of the FAQ.

• I install at the new update cc2014 but for some reason in my computer appear double app the old one and the new  but the new dose not gave the setup that I have in my old version! What happen ?

  I install at the new update cc2014 but for some reason in my computer appear double app the old one and the new  but the new dose not gave the setup that I have in my old version! What happen ?

  Seriously, I doubt that your answer helped Erik.  He has two issues.
  He installed the new program and has a double icon folders with software. One for the new &  one for the old.  (I have this same problem.)
  He must have attempted to open one of the products and no longer see his personal settings transferred over.  (The install will ask to have those settings migrating, but you have to accept it. eh, I could be wrong; but, that what i remembered doing.
  I concur with his first. 
  However, i can not get any of my products to work.  Ie. have to constantly click on icon to open; once open i get a unexpected error and have to close. I'm on a mac pro w/ latest os system.
  In addition, I have tried to uninstall the older by clicking on the application's manager icon.; Unfortunately, it shuts down at each attempt.  Therefore, I am unable to un-install the old product or the new. 
  Possibly, we were hoping that the new product would be simply updated if an old recent was already installed. 
  Instead, the installation simply created a new icon and the new folder with product.

• Event: NULL TCP PACKET

  Hello all,
  we are incrementally receiving a lot of MARS events that comes from Cisco IDS, all those events are “ NULL TCP PACKET”, and the destination is always the same, a smtp ironport machine trough the 25 port, from diferent public IPs.
  Does anybody have a similar scenario? What can we do?
  Thanks

  Hi,
  The signature version 364 and the IPS version is 6.1 (1) E2.
  It is suppoused that is a single TCP packet with none of the SYN, ACK,FIN or RST flags.
  It comes from different public IP's that comes from different ISP's.
  Regards
  Izaskun

• Hi, I have a Iphone 4s and I have a problem because I can't change from one screen to another by dragging my finger, it does't respond, in addition to access to an icon I have to double click instead of one.

  I can't change from one screen to another by dragging my finger, it does't respond, in addition to access to an icon I have to double click instead of one.

  That's correct.  Unless you can magically unlock your 4S, you can't sync it.  It's broken.  Had you been using the phone properly, you would have been synching it frequently and would have had a recent backup from which to restore your iPhone 5.

• Computer dies when connecting Double Dragon All-in-One Driver

  I connected a DVD drive with the Double Dragon All in One Driver, via it's USB cable, to my Toshiba Satellite T115 S1100. I have done this numerous times before and there has been no problem. On this occasion I moved the power cable from the DVD to the power socket on the unit and as I inserted it the computer hard drive clicked and the computer went dead. It is now as dead as 'a dodo' and I assuming that there has been a power surge through the USB cable. Does anyone have any thoughts or have I 'toasted' the motherboard or some other part of the computer? Many thanks Peter
  Solved!
  Go to Solution.

  I contacted Toshiba, who were very helpful but were unable to suggest a solution, without seeing the machine.
  However, I took the battery out, whilst I was working on another laptop. When I returned and placed the battery back in, lo and behold, it came on and seems to be unaffected by whatever happened. So many thanks to anyone who may have viewed this blog, but the issue is solved.  Peter 

• Asp drop - First TCP packet not SYN (tcp-not-syn)

  I have many tcp-not-syn:
  First TCP packet not SYN (tcp-not-syn)                                46841247
  For sure it is not a routing issue cause ie 10.32.3.230 usually can connect to 192.168.16.2 which is a proxy server. Sometimes it can't and I get the
  tcp-not-syn error. So after a capture I got the following,
  ASA# capture asp-drop type asp-drop tcp-not-syn
  ASA# sh capture asp-drop | i 10.32.3.230
  2397: 16:11:31.904295 802.1Q vlan#8 P0 10.32.3.230.2322 > 192.168.16.2.8080: R 556133793:556133793(0) win 0
  2398: 16:11:31.905272 802.1Q vlan#8 P0 10.32.3.230.2322 > 192.168.16.2.8080: R 556133793:556133793(0) win 0
  2400: 16:11:31.908583 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2401: 16:11:31.908613 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2402: 16:11:31.908629 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2403: 16:11:31.908659 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2404: 16:11:31.908766 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2405: 16:11:31.908796 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2406: 16:11:31.908812 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) ack 4258924744 win 0
  2407: 16:11:31.909071 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2408: 16:11:31.909102 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2409: 16:11:31.909132 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2410: 16:11:31.910490 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2411: 16:11:31.910521 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2412: 16:11:31.910551 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2413: 16:11:31.910566 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2414: 16:11:31.911192 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2415: 16:11:31.911207 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2416: 16:11:31.911238 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2417: 16:11:31.915205 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2418: 16:11:31.915235 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2419: 16:11:31.915296 802.1Q vlan#8 P0 10.32.3.230.2321 > 192.168.16.2.8080: R 1839687588:1839687588(0) win 0
  2420: 16:11:31.915327 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2421: 16:11:31.915357 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2422: 16:11:31.915815 802.1Q vlan#8 P0 10.32.3.230.2320 > 192.168.16.2.8080: R 55902087:55902087(0) win 0
  2432: 16:11:33.102426 802.1Q vlan#8 P0 10.32.3.230.2317 > 192.168.16.2.8080: R 4189536219:4189536219(0) win 0
  2433: 16:11:33.102457 802.1Q vlan#8 P0 10.32.3.230.2317 > 192.168.16.2.8080: R 4189536219:4189536219(0) win 0
  2434: 16:11:33.102487 802.1Q vlan#8 P0 10.32.3.230.2317 > 192.168.16.2.8080: R 4189536219:4189536219(0) win 0
  syslog message says:
  deny tcp (no connection) from 10.32.3.78/1646 to 192.168.16.2/8080 flags RST on interface inside
  The question is how can I define it is:
  1. the proxy 192.168.16.2 itself is too slow responding to the syn packet sent from the client 10.32.3.78
  2. a reset is sent by the proxy 192.168.16.2 and then forwarded by the ASA to the client 10.32.3.78
  3. an idle timeout tuning needed on firewall
  4. anything else
  Thanks

  Hi,
  Since it is a RST packet coming from client IP destined to proxy server IP on ASA's interface (of course with no associated connection in ASA state table), ASA will drop it as first tcp packet not syn.
  When a packet arrives on ASA, it checks to see if it belongs to an existing flow, if not, it has to be a new connection but since SYN flag is not set here, it gets dropped under above reason code.
  Now, you would probabaly want to capture the entire traffic stream from client to server on ASA interface to understand what caused those resets. May be client sent some new requests (SYN's) and proxy was too busy to respond. Again, complete capture in pcap would be needed for further analysis.
  Regards,
  Sourav Kakkar

• Sending TCP packets to many IP addresses after downloading a program

  I constantly monitor UDP and TCP packets sent to IP addresses on my Windows 7 computer. After downloading a free online program to convert media video files, I soon noticed my computer constantly and rapidly sending out packets to more
  than 10 IP addresses (and quite a few were going to China, Russia and Germany). I tried a search on my hard drive for the file that contained those specific IP addresses and found nothing.
  Note: For Viewing Folders, I do not hide operating system files, and I show hidden files, folders and drives.
  Then I  tried searching my windows registry (via REGEDIT) for those IP addresses and found nothing.
  I assumed these IP addresses may have been hidden and included in a .dll file. I could not find an answer on the internet to determine where these hacking IP addresses originated from, so I deleted the program and rebooted.
  The problem still existed, so I had to restore to a previous backup date. The restore fixed the problem.  I am so confused. If I wasn't monitoring my connections I would never have known about this hacking flaw in Windows 7 security. I
  still don't know what type of file(s) were causing this problem. Or what causes my computer to send unsolicited packets to so many IP addresses (to domestic, foreign and hostile locations). 

  Message to members... DO NOT download the software in this area.
  Contains malicious code.
  Thank you FangZhou Chen for your response. I am not exactly sure which of these two programs (listed below) was the culprit for this problem, but I do know that both programs have issues with malicious code. Understand I have used both of these programs
  in the past, but stopped using them because of these issues. The Freeware #1 was my favorite and was user friendly, until the malicious code was added, and may be the real culprit.
  Malicious Freeware #1: Any Video Converter (program name: avc-free.exe)
  This program contains PUP.Optional.OpenCandy - While PUP.Optional.OpenCandy is not technically a virus, this PUP can be extremely annoying and quite difficult to get rid of. It comes loaded with adware, which as anyone who has been infected by adware can tell
  you, can drive you to the brink of insanity with its relentless adverts, plus it will very likely hijack your browser and install a strange and unwanted toolbar on your machine too. Not only do unwanted toolbars get in the way but they can direct you to websites
  that the creators want you to visit and can in general make using your computer a real user-unfriendly experience. PUP.Optional.OpenCandy is also a form of spyware which enables it to be installed deep within your PC’s operating system so that it is harder
  for you to find – and therefore delete.
  Link to site:              any-video-converter.com/products/for_video_free/             
  Link to download program:  any-video-converter.com/download-avc-free.php
  Malicious Freeware #2: SUPER © Media Converter Encoder
  This program is bundled with other software. I don't remember the malicious type or effects.
  Link to site:             erightsoft.com/SUPER.html
  Link to download program:  erightsoft.info/GetFile3.php?SUPERsetup.exe
  Hope this helps. Again thanks! God Bless.
  P.S. - Excellent tools in cleaning up maleware have been to use Malwarebytes, AdwCleaner and  HitmanPro (both recommended by the malwarebytes.org website).

• IS IT POSSIBLE TO SEND TCP PACKET WITH THE SOCKET?

  Hello everybody iam programing HIJACK attack with jbuilder8 that consiste to detecte a communication between the client and server (tcp session or tcp connexion) and read all informations from this tcp packet(like N�ACK,N� SEQ..) and finnaly send a tcp packet with false information. I have make this project with C under linux(red hat9) compiled with GCC and i have used raw socket like this:
  int creat_socket(char *interface)
  int fd;
  struct ifreq ifr;
  struct sockaddr_ll sll;
  if ((fd=socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)))==-1)//creat socket {
       perror("socket");
       return -1;
  memset(&ifr, 0, sizeof(struct ifreq));//remplir ifr par des '0'
  strcpy(ifr.ifr_name, interface);//copier le nom de l'interface ds ifr_name
  if (ioctl(fd, SIOCGIFINDEX, &ifr)==-1)//Retrouve le num�ro d'interface et le place dans ifr_ifindex.
       perror("ioctl");
       return -1;
  memset(&sll, 0, sizeof(struct sockaddr_ll));//remplir sll par des '0'
  sll.sll_family=PF_PACKET;
  sll.sll_ifindex=ifr.ifr_ifindex;
  sll.sll_protocol=htons(ETH_P_ALL);
  if (bind(fd, (struct sockaddr *)&sll, sizeof(struct sockaddr_ll))==-1)//lie le socket a l'interface
       perror("bind");
       return -1;
  if (ioctl(fd, SIOCGIFFLAGS, &ifr)==-1)//Lire les attributs actifs du p�riph�rique
       perror("ioctl");
       return -1;
  ifr.ifr_flags|=IFF_PROMISC;//Interface en mode promiscuous
  if (ioctl(fd, SIOCSIFFLAGS, &ifr)==-1)////ecrire les attributs actifs du p�riph�rique
       perror("ioctl");
       return -1;
  return fd;
  PROBLEM : I want to know if it�s possible to make that in java because i had search and i have found just the client and server socket but i want a socket to send tcp Packet? Thank you.

  hello i had found the ROCKSAW (http://www.savarese.org/software/rocksaw.html ) and i had used in my program, but when the program arrived in:
  socket_send=new RawSocket();
  i had this error:
  java.lang.UnsupportedClassVersionError: org/savarese/rocksaw/net/RawSocket (Unsupported major.minor version 49.0)
       at java.lang.ClassLoader.defineClass0(Native Method)
       at java.lang.ClassLoader.defineClass(ClassLoader.java:502)
       at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
       at java.net.URLClassLoader.defineClass(URLClassLoader.java:250)
       at java.net.URLClassLoader.access$100(URLClassLoader.java:54)
       at java.net.URLClassLoader$1.run(URLClassLoader.java:193)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
       at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:255)
       at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:315)
       at hijack.M_HIJACK.tcpsend(M_HIJACK.java:345)
       at hijack.M_HIJACK.injection_actionPerformed(M_HIJACK.java:611)
       at hijack.M_HIJACK_injection_actionAdapter.actionPerformed(M_HIJACK.java:861)
       at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1764)
       at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1817)
       at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:419)
       at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:257)
       at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:245)
       at java.awt.Component.processMouseEvent(Component.java:5093)
       at java.awt.Component.processEvent(Component.java:4890)
       at java.awt.Container.processEvent(Container.java:1566)
       at java.awt.Component.dispatchEventImpl(Component.java:3598)
       at java.awt.Container.dispatchEventImpl(Container.java:1623)
       at java.awt.Component.dispatchEvent(Component.java:3439)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3450)
       at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3165)
       at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3095)
       at java.awt.Container.dispatchEventImpl(Container.java:1609)
       at java.awt.Component.dispatchEvent(Component.java:3439)
       at java.awt.EventQueue.dispatchEvent(EventQueue.java:450)
       at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:197)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:144)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:136)
       at java.awt.EventDispatchThread.run(EventDispatchThread.java:99)
  i think that is a problem with a version of JDK (i have jdk1.4) so if you have an idea please help me

• Some tcp packets are dropped using socketfilter

  I user socketfilter to intercept tcp packet,but I find that not all of the tcp packet can be intercepted.For examle,I open chrome browser and  
  browse video website,as a result I miss some packets for HTTP  commucication. Thanks very much. My English is not good,I am sorry.
  Waiting for your help.

  Oh dear. That confirms my fear that somehow you have got output files into your source files, maybe you published to that folder.
  Within a version of RH, you could correct that, albeit with quite a bit of work.
  http://www.robowizard.com/RoboWizard/NewProject.htm#MonthlyScry/062004.htm
  However, what you are trying to do is upgrade an output file and the process is not designed for that.  You have to decide on the least work. Uninstall RH8 and install RH7, fix the problem and then upgrade or just get on with redoing those dropdowns in RH8.
  See www.grainge.org for RoboHelp and Authoring tips

• One TCP Write to send both Length & Data?

  I noticed that the "Flatten to string" VI has a (default) option to prepend the array/string size to the binary output string.  This got me thinking that I could use this rather than the typecast vi to convert my arbitrary data to a string, prepend the length and call TCP Write one time.  On the other side of the connection I would then do your standard two TCP Read calls, the first one being 4bytes for the length, the 2nd one being whatever the length that is returned.  However, no matter what I do, the 2nd TCP Read does not return anything.  Is there no way to do two TCP Reads on one TCP Write?  I thought 'buffered mode' might work, but it didn't.  If there is no way to do this, what is the point of the prepend length option on the Flatten to string? Apparently it has no network application if you have to send the length on its own TCP Write.

  I'm going to second what smercurio said. There is no problem with using two (or fifty) tcp reads to read data from one send. See attached example where I use two reads; you could modify it so that you read bytes one at a time using tcp read.
  More likely your problem is that tcp write is not sending what you think, and that's probably due to Flatten To String's "prepend length" option. Honestly, I recommend you NEVER use this option. If you want to send the length, just measure the string length and prepend it. At least then you'll always know what you're sending.
  The reason to avoid the auto-prepender is that does different things depending on the kind of input, and often that isn't what you want. It was introduced to LabView at the same time as the ill-considered "prepend array or string size" option in the LV 8+ Write To Binary File function (which also only fires in certain contexts, and which also defaults to true.) It just isn't an appropriate default in either case; not everyone out there programs in LabView and you shouldn't have to set "optional" arguments to false just to write binary files without corruption.
  -Rob
  The attached example is in LV 8.6 
  Message Edited by Rob Calhoun on 11-17-2008 02:07 PM
  Message Edited by Rob Calhoun on 11-17-2008 02:09 PM