Manipulating Raw IP and TCP headers / packets in 5.0

Similar Messages

• Import / Export and TCP packets relay

  Hi All,
  Any idea what relationship Export/ Import on a local box has on the TCP/IP packets ? I see tremendous amount of packets (42000 / sec) on a Windows 64 bit box while doing Import / Export. Its from an 8i to 10g so the Import / Export.

  On a local server you don't need to use TCP/IP.
  Generally speaking export is just a series of SELECTs. The nomal array interface applies, the size of the array is indicated by the buffer parameter.
  One array is fragment by sqlnet in packages of SDU size, default 2048 bytes.
  These packages are being fragmented by the network card, as the default MTU is 1500 bytes.
  Sybrand Bakker
  Senior Oracle DBA

• ACE Dup ACK and TCP Out-of-order

  Hi,
  I have a pair of FT ACE 4710 offloading https traffic to a couple of webservers. We are seeing very high network utilisation when I capture the client facing port of the active ACE. There appears to alot of duplicate ACKs and TCP out-of-order packets (as shown by wireshark). Does anyone know if this is a problem with the ACE or "normal"
  Thanks

  I've seen some similar behaviour with the ACE Module and Apache webservers. To mitigate this I've configured the following which seems to work.
  On the ACE Module
  parameter-map type http ALL-HEADERS
    persistence-rebalance
  parameter-map type connection TCP-OPTIONS
    set tcp syn-retry 5
    tcp-options timestamp allow
  policy-map multi-match test-policy
    class http-vip
      loadbalance vip inservice
      loadbalance policy http-test-pm
      loadbalance vip icmp-reply active
      appl-parameter http advanced-options ALL-HEADERS
      connection advanced-options TCP-OPTIONS
  On Apache here are the two test results with keepalive on and off
  httpd.conf
  KeepAlive Off
  MaxKeepAliveRequests 1024
  KeepAliveTimeout 30
  MK-ACE01/001# show serverfarm MK-FARM-sf
  serverfarm     : MK-FARM-sf, type: HOST
  total rservers : 8
                                                  ----------connections-----------
         real                  weight state        current    total      failures
     ---+---------------------+------+------------+----------+----------+---------
     rserver: MK-HOST10
         10.10.1.10:0          8      OPERATIONAL  321        510863     16442
     rserver: MK-HOST11
         10.10.1.11:0          8      OPERATIONAL  304        512718     16276
     rserver: MK-HOST12
         10.10.1.12:0          8      OPERATIONAL  286        524207     17257
     rserver: MK-HOST13
         10.10.1.13:0          8      OPERATIONAL  291        516987     16626
     rserver: MK-HOST14
         10.10.1.14:0          8      OPERATIONAL  291        513016     16594
     rserver: MK-HOST15
         10.10.1.15:0          8      OPERATIONAL  311        510177     16434
     rserver: MK-HOST16
         10.10.1.16:0          8      OPERATIONAL  345        516340     16708
     rserver: MK-HOST17
         10.10.1.17:0          8      OPERATIONAL  282        513046     16418
  httpd.conf
  KeepAlive On
  MaxKeepAliveRequests 1024
  KeepAliveTimeout 30
  MK-ACE01/001# show serverfarm MK-FARM-sf
  serverfarm     : MK-FARM-sf, type: HOST
  total rservers : 8
                                                  ----------connections-----------
         real                  weight state        current    total      failures
     ---+---------------------+------+------------+----------+----------+---------
     rserver: MK-HOST10
         10.10.1.10:0          8      OPERATIONAL  0          553        0
     rserver: MK-HOST11
         10.10.1.11:0          8      OPERATIONAL  0          551        0
     rserver: MK-HOST12
         10.10.1.12:0          8      OPERATIONAL  0          552        0
     rserver: MK-HOST13
         10.10.1.13:0          8      OPERATIONAL  0          555        0
     rserver: MK-HOST14
         10.10.1.14:0          8      OPERATIONAL  0          554        0
     rserver: MK-HOST15
         10.10.1.15:0          8      OPERATIONAL  0          551        0
     rserver: MK-HOST16
         10.10.1.16:0          8      OPERATIONAL  0          550        0
     rserver: MK-HOST17
         10.10.1.17:0          8      OPERATIONAL  0          550        0
  This seems to of reduced the large number or re-transmits and dup-acks.

• Getting the data from a TCP/IP packet

  I am dealing with an industrial network that sends and recieves data over TCP/IP between a sort of supervisory system running on Unix and some machines via a bridge that converts messages onto other non TCP/IP networks. This is all old legacy equipment and the bridge now need upgrading. However the original source code is not availiable and no-one is very sure of the messages being sent. I thought it was going to be easy knocking something together in Java to intercept these messages and test various things but have come up against big problems.
  The main problem being that all the data is binary meaning I cant use any of the reader or writer classes I am used too. I am trying to use either DataInputStream or BufferedInputStream to read data in but am struggling. Idealy I need to be able to read (once) the complete data content of each packet that is sent and I need to tell each time a new packet of data arrives so that I can process it as a complete packet. As far as I know there are no eof or eol or any other details that tell me how many bytes of data there are, and they do vary in length, but each packet is a seperate message or message reply.
  I was hoping that there might be someway of getting this information from the TCP/IP layers but cant see how to do it as that all seems to work invisibly. Nor can I see any methods to call on the stream classes that indicate how to tell the lenght of the latest packet or when a new packet has arrived. I am not sure how some of the methods like mark() and reset|() are supposed to be used so am not sure if I couuld use these but am desperate for any help or pointers in the right direction.

  The TCP/IP packets can represent complete messagesThere is no guarantee to this effect anywhere in TCP/IP. Consider the case where a single message requires multiple writes. Consider the case where a write contains the end of one message and the beginning of another. Consider the case where there are multiple messages in a single packet. Consider ... There are just too many of these cases.
  The TCP/IP takes care of numbering the packets so that they can be reasembled in the correct order. Each TCP/IP packet contains information about the size of data the packet contains ...Thank you, I do know how TCP works.
  so in theory if we could get at the TCP/IP layers we should be able to get this information.No. You can get all the packet information out of packets. What you can't get is message information, because it isn't in there. It's in the application protocol, which to TCP/IP is just a stream of bytes. You can get the stream of bytes that the application sent. What it means is up to you.
  I really need to be able to read each packet of data seperately to be able to do anything with itWhy? Given the lack of correlation between writes() and packets and reads() due to TCP streaming, what is the point? And if you want packets you already have them via your sniffer.
  From your first post:
  each packet is a seperate message or message reply.You can't rely on that. There is no guarantee of this anywhere in TCP/IP.
  I also direct your attention to the Nagle algorithm, which coalesces outgoing packets under common conditions.

• [solved] problems with timeouts and tcp retransmission

  I've recently upgraded my archlinux and am having real problems with the network.
  I have checked the configuation and all seems ok.
  Everything like DNS/Gateways/IPs all seem to be setup (not changed anything from when it was working before)
  I read about setting the MTU manually
  ifconfig eth0 mtu 1492
  I tried this but it doesn't seem to make any difference
  Looking at the packetflow on wireshark it seems that there are a huge amount of TCP Dup ACK and TCP Retransmission when trying to POST
  If I boot into windows everything is fine so unfortunately it seems that it might be something with linux
  Everything in linux seemed to be working ok before I upgraded
  Last edited by equilibrium (2009-12-05 15:13:14)

  seems that I am still unable to post from my arch system
  $ dmesg | grep sky2
  sky2 driver version 1.23
  sky2 0000:02:00.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
  sky2 0000:02:00.0: setting latency timer to 64
  sky2 0000:02:00.0: Yukon-2 EC chip revision 2
  sky2 0000:02:00.0: irq 29 for MSI/MSI-X
  sky2 eth0: addr xx:xx:xx:xx:xx:xx
  sky2 eth0: enabling interface
  sky2 eth0: Link is up at 100 Mbps, full duplex, flow control both
  $ ifconfig
  eth0 Link encap:Ethernet HWaddr 00:17:31:F4:ED:A2
  inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:1170 errors:0 dropped:0 overruns:0 frame:0
  TX packets:1362 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:1101154 (1.0 Mb) TX bytes:197742 (193.1 Kb)
  Interrupt:19
  lo Link encap:Local Loopback
  inet addr:127.0.0.1 Mask:255.0.0.0
  UP LOOPBACK RUNNING MTU:16436 Metric:1
  RX packets:4595 errors:0 dropped:0 overruns:0 frame:0
  TX packets:4595 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:541498 (528.8 Kb) TX bytes:541498 (528.8 Kb)
  /etc/rc.conf
  eth0="eth0 192.168.1.20 netmask 255.255.255.0 broadcast 192.168.1.255"
  INTERFACES=(eth0)
  gateway="default gw 192.168.1.1"
  ROUTES=(gateway)

• Solaris Kernel and TCP/IP Tuning Parameters (Continued)

  This page describes some configuration optimizations for Solaris hosts running ATG Page Serving instances (application servers) that will increase server efficiency.
  Note that these changes are specific to Solaris systems running ATG application servers (+page serving+ instances). Do not use these on a web server or database server. Those systems require entirely different settings.
  h3. Solaris 10 Kernel
  Adjust /etc/system (parameters below) and reboot the system.
  set rlim_fd_cur=4096
  set rlim_fd_max=4096
  set tcp:tcp_conn_hash_size=32768
  set shmsys:shminfo_shmmax=4294967295
  set autoup=900
  set tune_t_fsflushr=1h4. Set limits on file descriptors
  {color:blue}set rlim_fd_max = 4096{color}
  {color:blue}set rlim_fd_cur = 4096{color}
  Raise the file-descriptor limits to a maximum of 4096. Note that this tuning option was not mentioned in the "Sun Performance And Tuning" book.
  [http://download.oracle.com/docs/cd/E19082-01/819-2724/chapter2-32/index.html]
  h4. Increase the connection hash table size
  {color:blue}set tcp:tcp_conn_hash_size=8192{color}
  Increase the connection hash table size to make look-up's more efficient. The connection hash table size can be set only once, at boot time.
  [http://download.oracle.com/docs/cd/E19455-01/816-0607/chapter4-63/index.html]
  h4. Increase maximum shared memory segment size
  {color:blue}set shmsys:shminfo_shmmax=4294967295{color}
  Increase the maximum size of a system V shared memory segment that can be created from roughly 8MB to 4GB.
  This provides an adequate ceiling; it does not imply that shared memory segments of this size will be created.
  [http://download.oracle.com/docs/cd/E19683-01/816-7137/chapter2-74/index.html]
  h4. Increase memory allocated for dirty pages
  {color:blue}set autoup=900{color}
  Increase the amount of memory examined for dirty pages in each invocation and frequency of file system synchronizing operations.
  The value of autoup is also used to control whether a buffer is written out from the free list. Buffers marked with the B_DELWRI flag (which identifies file content pages that have changed) are written out whenever the buffer has been on the list for longer than autoup seconds. Increasing the value of autoup keeps the buffers in memory for a longer time.
  [http://download.oracle.com/docs/cd/E19082-01/819-2724/chapter2-16/index.html]
  h4. Specify the time between fsflush invocations
  Specifies the number of seconds between fsflush invocations.
  {color:blue}set tune_t_fsflushr=1{color}
  [http://download.oracle.com/docs/cd/E19082-01/819-2724/chapter2-105/index.html]
  Again, note that after adjusting any of the preceding kernel parameters you will need to reboot the Solaris server.
  h3. TCP
  ndd -set /dev/tcp tcp_time_wait_interval 60000
  ndd -set /dev/tcp tcp_conn_req_max_q 16384
  ndd -set /dev/tcp tcp_conn_req_max_q0 16384
  ndd -set /dev/tcp tcp_ip_abort_interval 60000
  ndd -set /dev/tcp tcp_keepalive_interval 7200000
  ndd -set /dev/tcp tcp_rexmit_interval_initial 4000
  ndd -set /dev/tcp tcp_rexmit_interval_max 10000
  ndd -set /dev/tcp tcp_rexmit_interval_min 3000
  ndd -set /dev/tcp tcp_smallest_anon_port 32768
  ndd -set /dev/tcp tcp_xmit_hiwat 131072
  ndd -set /dev/tcp tcp_recv_hiwat 131072
  ndd -set /dev/tcp tcp_naglim_def 1h4. Tuning the Time Wait Interval and TCP Connection Hash Table Size
  {color:blue}/usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 60000{color}
  The tcp_time_wait_interval is how long a connection stays in the TIME_WAIT state after it has been closed (default value 240000 ms or 4 minutes). With the default setting, this socket will remain for 4 minutes after you have closed the FTP connection. This is normal operating behavior. It is done to ensure that any slow packets on the network will arrive before the socket is completely shutdown. As a result, a future program that uses the same socket number won't get confused upon receipt of packets that were intended for the previous program.
  On a busy Web server a large backlog of connections waiting to close could build up and the kernel can become inefficient in locating an available TCP data structure. Therefore it is recommended to change this value to 60000 ms or 1 minute.
  h4. Tuning the maximum number of requests per IP address per port
  {color:blue}ndd -set /dev/tcp tcp_conn_req_max_q 16384{color}
  {color:blue}ndd -set /dev/tcp tcp_conn_req_max_q0 16384{color}
  The {color:blue}tcp_conn_req_max_q{color} and {color:blue}tcp_conn_req_max_q0{color} parameters are associated with the maximum number of requests that can be accepted per IP address per port. tcp_conn_req_max_q is the maximum number of incoming connections that can be accepted on a port. tcp_conn_req_max_q0 is the maximum number of “half-open” TCP connections that can exist for a port. The parameters are separated in order to allow the administrator to have a mechanism to block SYN segment denial of service attacks on Solaris.
  The default values are be too low for a non-trivial web server, messaging server or directory server installation or any server that expects more than 128 concurrent accepts or 4096 concurrent half-opens. Since the ATG application servers are behind a DMZ firewall, we needn't starve these values to ensure against DOS attack.
  h4. Tuning the total retransmission timeout value
  {color:blue}ndd -set /dev/tcp tcp_ip_abort_interval 60000{color}
  {color:blue}tcp_ip_abort_interval{color} specifies the default total retransmission timeout value for a TCP connection. For a given TCP connection, if TCP has been retransmitting for tcp_ip_abort_interval period of time and it has not received any acknowledgment from the other endpoint during this period, TCP closes this connection.
  h4. Tuning the Keep Alive interval value
  {color:blue}ndd -set /dev/tcp tcp_keepalive_interval 7200000{color}
  {color:blue}tcp_keepalive_interval{color} sets a probe interval that is first sent out after a TCP connection is idle on a system-wide basis.
  If SO_KEEPALIVE is enabled for a socket, the first keep-alive probe is sent out after a TCP connection is idle for two hours, the default value of the {color:blue}tcp_keepalive_interval{color} parameter. If the peer does not respond to the probe after eight minutes, the TCP connection is aborted.
  The {color:blue}tcp_rexmit_interval_*{color} values set the initial, minimum, and maximum retransmission timeout (RTO) values for a TCP connections, in milliseconds.
  h4. Tuning the TCP Window Size
  {color:blue}/usr/sbin/ndd -set /dev/tcp tcp_xmit_hiwat 65535{color}
  {color:blue}/usr/sbin/ndd -set /dev/tcp tcp_recv_hiwat 65535{color}
  Setting these two parameters controls the transmit buffer and receive window. We are tuning the kernel to set each window to 65535 bytes. If you set it to 65536 bytes (64K bytes) or more with Solaris 2.6, you trigger the TCP window scale option (RFC1323).
  h4. Tuning TCP Slow Start
  {color:blue}/usr/sinb/ndd -set /dev/tcp tcp_slow_start_initial 4{color}
  tcp_slow_start_initial is the number of packets initially sent until acknowledgment, the congestion window limit.
  h4. Tuning the default bytes to buffer
  {color:blue}ndd -set /dev/tcp tcp_naglim_def 1{color}
  {color:blue}tcp_naglim_def{color} is the default number of bytes to buffer. Each connection has its own copy of this value, which is set to the minimum of the MSS for the connection and the default value. When the application sets the TCP_NODELAY socket option, it changes the connection's copy of this value to 1. The idea behind this algorithm is to reduce the number of small packets transmitted across the wire by introducing a short (100ms) delay for packets smaller than some minimum.
  Changing the value of tcp_naglim_def to 1 will have the same effect (on connections established after the change) as if each application set the TCP_NODELAY option.
  {note}
  The current value of any of the TCP parameters can be displayed with the command ndd get. So to retrieve the current setting of the {color:blue}tcp_naglim_def parameter{color}, simply execute the command:\\
  {color:blue}ndd -get /dev/tcp tcp_naglim_def{color}
  {note}
  h3. References
  Solaris Tunable Parameters Reference Manual
  [http://download.oracle.com/docs/cd/E19455-01/816-0607/index.html]
  WebLogic Server Performance and Tuning
  [http://download.oracle.com/docs/cd/E11035_01/wls100/perform/OSTuning.html]

  For example,
  Socket.setSoTimeout() sets SO_TIMEOUT option and I
  want to what TCP parameter this option corresponds in
  the underlying TCP connection.This doesn't correspond to anything in the connection, it is an attribute of the API.
  The same questions
  arises fro other options from SocketOptions class.setTcpNoDelay() controls the Nagle algorithm. set{Send,Receive}BufferSize() controls the local socket buffers.
  Most of this is quite adequately described in the javadoc actually.

• ACE duplicate ack and tcp out-of-order errors

  Hi,
  I have just performed a capture using a NAM in my 6500 on the port attached to my ACE appliance.
  What i have noticed in the capture is a lot of duplicate ack errors and tcp out-of-sync errors.
  The reason we found this was becuase the link utilisation per session seems higher than we expected, hence are the errors adding to this and is there any way to remedy them?
  Thanks
  Scott

  Hi Scott,
  I'm not sure why you would see duplicate packets, although when you use SPAN, I know you can see them when you configure it to capture both directions on a VLAN.  This is because you see each packet as it enters and leaves the VLAN.  I don't know if that would apply to a NAM.
  One thing you could do is use the ACE 4710's built-in capture utility to see if you see the same symptoms from an alternative source.  This is covered in the Capturing Packet Information section of the configuration guides.
  Hope this helps,
  Sean

• ODBC - Excessive TCP/IP packets

  I'm trying to track down why reports from my WebApp are running so slow when connected to Oracle and I've discoverd that there is an unusually high amount of TCP/IP traffic between the Web Server and the Oracle Server as the report is being generated. When I connect my WebApp to SQL Server version of the database the reports run very fast.
  Using a Process Monitor I discovered that, when Connected to Oracle, a report that returns zero (0) rows generates 2,671 TCP/IP packets between IIS and the Oracle server, and it takes 16 seconds to generate the report. If I run the same report, but connected to SQL Server, there are only 35 TCP/IP packets and the report runs in less than 2 seconds.
  Is there some ODBC or Oracle configuration that I'm missing which is causing the excessive TCP/IP packets?
  Oracle Driver: 11g ( SQORA32.DLL ) version 11.02.00.03 dated 10/30/2011.
  Database: Oracle 11g
  Web Server: Windows Server 2008 32bit with IIS7

  922502 wrote:
  Fetch Buffer Size = 64000
  Looking at the TCP/IP packets, in almost all cases the length of the packet is less than 3k and at least 75% of them are less than 500 byte.
  These reports are created with Crystal Reports 2008.
  If I run the same report from Crystal Reports designer using the same ODBC driver against the same Oracle database there are only 8 TCP/IP packets.
  It just seems like there is some config issue between IIS and the ODBC driver.Check for the client (or driver side) trying to play clever by parsing SQL and doing extra work (generating nested SQLs) in order to validate and optimise that SQL. This was disabled in the driver layer by enabling an option called pass-thru in the past. It was a major cause of increasing the amount of SQL client-server traffic.

• How do I create, send and receive ethernet packets to UUT

  I need to create and send ethernet packets to control and communicate with an RF board. I would also like to receive ethernet packets back which would be parsed and interpreted.

  There you are!
  I was wondering how this project was going.
  As I said before, we need to know what protocol is being used.
  Let me eaxplain. (Please refer to the diagrams and tutorial on pages 752-755 of 2002 NI catalog.)
  802.3 is the spec for ethernet. It defines how packets will be transmitted on the wire.
  Real Life analogy:
  US Mail service.
  It moves messages from one place to another. It defines that messages should be in an envelope. The Envelope must have a address so they know where it should be delivered to. You should also have a return address (but this is not enforced). Inside the envelope, you can put any kind of message you want as long as the person recieving it knows how to read it. The
  reciever can look at the message and say "oh, this is english, I will read it in english".
  Ethernet is similar. Ethernet (ignoring the electrical specs) defines a packet as consisting of
  Source address (return address in US mail)
  Destination address (delivery address)
  Protocol (pretend there was a mark on the envelope that said this letter is in French).
  Data (the letter itself)
  Checksum (letter pages number as 1 of 4, 2 of 4, etc).
  So what you have told me so far is that you want to send a letter!
  You have been asking me how to comunicate with the other person but you have not told me what language they speak!
  There are many different languages (i.e. protocol's) possible with 802.3.
  Examples are
  TCP/IP ( say this is English)
  UDP (French)
  etc....
  LV has built in VI's to take a message and convert it to the protocol (lanuage) you want and send it on it's way.
  So my question to you once more is;
  What protocol are you using?
  Ben
  Ben Rayner
  I am currently active on.. MainStream Preppers
  Rayner's Ridge is under construction

• Testing iscsi and ocfs2: lost packets and freeze tests

  I have iscsi , ocfs2, asmlib installed on Centos4 (based upon j.hunter's article on building an iscsi/rac system). I am trying to confirm that these layers are functioning correctly and will not pose problems when clusterware/asm/rac is installed.
  What do you think of these test results?
  1. simultaneoulsly copying files from each node to the iscsi shared storage causes lots of lost packets and one of the 2 nodes will spend most of its time blocked by the other.
  2. Unplugging an ethernet cable causes the server to freeze after a few minutes. Plugging the cable back in does nothing to eleviate the hang problem.

  For performance, you need to tune your core network buffers and tcp network buffers (namely the [rw]mem_(default|max) and tcp_[rw]mem values. And you need to have a Gigabit network for such performance.
  For the hang situation, it looks like as if you are unplugging a SCSI device where it is not hot swappable. You can diagnose the problem using a serial console / netdump server / or Sysrq-w / Sysrq-T dumps.
  Ozgur Yuksel
  Enterprise Linux Support

• IPS and IDS- ARP Inbalance-of-Requests and TCP High Port Sweep

  Does anybody knows about ARP Inbalance-of-Requests and TCP High Port Sweep IPS signature? We've been receiving numerous numbers of alerts with this kind of signature in the IPS.
  Actually, I'm planning to tune these events in IPS and I really need your inputs if it is safe to tune. Based on my investigation, most of the source and destination IP's are internal to our network (e.g servers, workstation and other device).
  I think this is false positive incidents...
  Best regards,
  Carlou

  This will be a normal signature to see triggered if you are watching outbound traffic from your internal network. As long as the source of the traffic is your internal hosts, and the destination is external hosts, this is likely just normal behavior.
  This signature triggers when a single host sends TCP SYN packets to a number of different hosts, perhaps because of multiple web sessions going, or pop-up windows while web surfing.
  Check this bug-id:CSCsh94361

• TCP / UDP packets not reaching destination

  Hi all,
  I have an ASR at the hub of 3 different routing domains.
  I have two OSPF processes and one BGP process all on the same ASR.
  BGP routes are redistributed in to both OSPF processes and vice versa. Plus, between the two OSPF processes, routes are also redistributed. Summary addresses are configured at the ASBR before the routes are injected in to Area 0 on each OSPF process.
  ICMP from a source host in one OSPF process to a destination in the BGP process works fine, but any TCP traffic hangs awaiting a SYN/ACK.
  I need to prove that the router is routing the packet toward the egress interface and that the packet is leaving the router. I was wondering if there were any debug commands that I can restrict to a particular host IP so that it does not bring the router down.
  I know about Embedded Packet Capture, but unfortunately the IOS-XE version that I am running is not new enough so we do not have EPC on our ASR.
  I appreciate that I have given only limited information.
  Any advice appreciated.
  Thanks
  Mario

  Mario
  If you don't want to risk debug then i always used a basic but pretty reliable method ie. acls.
  If you create an extended acl with the first line allowing the source IP of the host to any and then a second line with a "permit ip any any" and then apply it outbound to the egress interface it should show if the packets are being routed correctly and sent on towards the destination. 
  Obviously the "permit ip any any" line is very important
  Edit - i haven't used the ASRs so it is possible they process all their acls in hardware in which case the hits may not show as they don't always on L3 switches that process acls in hardware.
  So bear that in mind.
  Jon

• How to access OS environment and TCP/IP environment

  I'm trying to find a way to access the operating systems commands (I've already figured out how to determine which Windows or which Unix or which Linux I'm in) and TCP/IP commands. In REXX, for example, it's ADDRESS CMD but I don't even have a clue as to what the class would be in Java. Can somebody help, please?
  The two kinds of things I'd like to be able to do is issue commands written in whatever language for the environment where the Java program is executing and have the output from these commands come back as a string or series of strings which can then be parsed by the parser we've written for each of the environments we need to deal with (since the same command sometimes results in a different return, depending on the environment where it's running).
  For the TCP/IP commands, I'd like to be able to do something like
  tcp_ipCommands("ping","www.sun.com");
  or
  tcp_ipCommands("ping www.sun.com");
  depending on how I write it, of course.
  Thanks for any light anybody can shed on how to do this.
  virginia

  Have a Pinger. I can't remember where I stole it from and its from an older API with some deprecated methods. I recall making some 'cosmetic' changes to it at the time and I tested it, so it does work. I've also indicated 2 of the deprecations in the comments.
  import java.applet.*;
  import java.awt.*;
  import java.net.*;
  import java.lang.Thread;
  // The Pinger object measures network latency by sending a packet
  // to the UDP Echo Port (Port 7) and timing how long it takes.
  // We use this port instead of ICMP because I would have to
  // use native methods in order to produce ICMP packets.
  class Pinger implements Runnable{
     static final int echoPort = 7;
     static final int maxPingTime = 3000; // Milliseconds
     static final int pingPollInterval = 100; // Milliseconds
     DatagramSocket socket;
     InetAddress fromIP;
     long sendTime;
     long timeMeasured;
     Thread timeOutMonitor;
     Thread pingListenThread;
     byte packetNumber = 0;
  public Pinger(InetAddress pingee){
     fromIP = pingee;
  // If needed, start a listener thread to notice the reply.
  // then we send out a brief message to the echo port.
  // Since the Java thread model does not allow one thread to break
  // another one out of a wait, we sleep for brief intervals, waking
  // up periodically to see if the reply has come in yet.
  public long doPing() {
     byte[] msg = new byte[1];
     msg[0] = ++packetNumber;
     timeMeasured = -1;
        if(socket == null) try {
           socket = new DatagramSocket();
        catch (Exception e) {return(0);}
        if(pingListenThread == null) {
           pingListenThread = new Thread(this);
           pingListenThread.start();
     DatagramPacket packet = new DatagramPacket(msg,msg.length,fromIP,echoPort);
     sendTime = System.currentTimeMillis();
     long timeLimit = sendTime + maxPingTime;
        try {
           socket.send(packet);
              while (System.currentTimeMillis() < timeLimit) {
                 Thread.sleep(pingPollInterval);
                    if(timeMeasured != -1) // reply has been noticed, so return result.
              return(timeMeasured);
        catch (Exception e) {};
        return(timeMeasured); // return what is probably -1.
  // Run method for the listener thread
  public void run() {
  byte[] repBuf = new byte[1];
  DatagramPacket reply = new DatagramPacket(repBuf,repBuf.length);
     try {
        while (true) {
        socket.receive(reply);
           if(repBuf[0] == packetNumber) {
               timeMeasured = System.currentTimeMillis() - sendTime;
               pingListenThread = null;
               return;
     catch (Exception e) {
        pingListenThread = null; return;
  // Clean up any dangling listener thread and release the socket.
  public void stop() {
      if(pingListenThread != null) {
          pingListenThread.stop();
          pingListenThread = null;
      socket.close();
      socket = null;
  public class PingDisplay extends Applet {
     Pinger ping;
     TextField timeDisplay;
     String fromHost;
     Button refreshButton;
  public void init(){
     try {
        fromHost = this.getCodeBase().getHost();
        // Alternative for testing on unrestricted browsers.
        // fromHost = "www.3dcom.com";
        ping = new Pinger(InetAddress.getByName(fromHost));
        timeDisplay = new TextField("Waiting");
        timeDisplay.setEditable(false);
        this.setLayout(new BorderLayout());
        this.add("Center",timeDisplay);
        refreshButton = new Button("Ping");
        refreshButton.resize(40,20);
        this.add("East",refreshButton);
     catch (Exception e) {}
  public void start(){
     super.start();
     displayPing();
  public void stop(){
     super.stop();
     ping.stop(); // Thread.stop() is depricated but it still works
  void displayPing() {
     timeDisplay.setText("Pinging: " + fromHost); // let user know test underway
     long echoTime = ping.doPing(); // conduct actual test
        if(echoTime == -1) // check timeout status
           timeDisplay.setText(fromHost + " timed out.");
        else // display time in button
           timeDisplay.setText("Latency to " + fromHost + ": " + Long.toString(echoTime) + " ms.");
  // When "Ping" button pressed, rerun and redisplay.
  // Method also depricated here
  public boolean action(Event e, Object what) {
     if((e.target == refreshButton) && (e.id == Event.ACTION_EVENT)) {
        displayPing();
        return (true);
     return(false);
  }

• When I ran Lr 5 I was able to right click on a raw file and have it open in Lr. Upgraded to LR 6  and now longer have the option to open with Lr.  Is there something I need to turn on Pc set up

  When I ran Lr 5 I was able to right click on a raw file and have it open in Lr. Upgraded to LR 6  and now longer have the option to open with Lr.  Is there something I need to turn on Pc set up

  This is actually based on how the site handles different file types; Hotmail gives it to the browser as "application/octet-stream" or something like it, whereas sites that properly open it in the browser tag it as "application/pdf". Unfortunately there's nothing you can do about this without setting up a proxy to rewrite the HTTP headers. Complaints to Hotmail in the past haven't worked, and it's not possible to override the behavior in Firefox.

• Adobe Bridge in Photoshop - How to install Bridge and camera raw? And what is it all about?

  Hi everyone! I am actually in love with this adobe photoshop. I used PSCS2 before, but later on upgraded to CS4. But I feel tired in upgrading to CS5.
  One time, I found a tutorial in youtube about camera raw, and would really want to use it. But I was wondering how to install the camera raw. I believe camera raw is a plugin? so I downloaded the plugin here, installed it in my PS. I downloaded a file Camera Raw.8bi and paste it on my C drive - C:\Program Files\Adobe\Photoshop CS4\Plug-ins\File Formats.
  I now am very confused, how will I open it? I do not have adobe bridge!  After I installed the camera raw, I opened my PS. I clicked the file>then browse in bridge. I had an error, it's "error 2 photoshop11 undefined". Which is what I thought, I might have done something wrong with installing it.
  My question is, do you still need adobe bridge installed in order to use camera raw?
  If yes, how does it work? How am I suppose to open camera raw?
  If no, how am I going to open camera raw without bridge?
  And also, where will I download adobe bridge? I cannot find one here for CS4, only adobe bridge for CS5. I am wondering, is it okay to install adobe bridge CS5 and use it with my PS CS4?
  I badly need help!

  WebDAV (Web-based Distributed Authoring and Versioning) is a set of extensions to HTTP/1.1.
  The main difference from FTP as far as I can see is that it allows you to edit documents on a remote web server.
  WebDAV was used by the Apple server - MobileMe but is not generally supported by hosting services.
  Using WebDAV you can mount a directory locally. This was how iDisk worked on your Mac and you could drag files onto it to upload them to the remote directory.
  With WebDAV, a number of users can share a directory which is why its used in local networks but presents security problems when using a remote server.
  If you are into file sharing rather than publishing, Dropbox or its new rival SugarSync are more appropriate.