Possible network virus?
Over the past month, at least, I've noticed that Firefox (completely up dated) crashes randomly but frequently when I switch from one website to another. Simultaneously, I've noticed that when I look at the WIFI Networks by clicking on the icon on the top tool bar, there is always a network with the ominous name "Download Virus.exe". Finally, a normal website, (pinterest) suddenly stopped working on Firefox, but works on Safari, and the people there say no one else has reported such a problem. I've reinstalled Firefox completely by deleting the application and re-installing, though when I reinstalled it still had all my bookmarks, and add-ons (How did it know?)
My Question: Is it possible I've run into some kind of virus that is affecting my internet work?
Thanks.
laura.r.p.d. wrote:
Over the past month, at least, I've noticed that Firefox (completely up dated) crashes randomly but frequently when I switch from one website to another.
Firefox is slowly, but surely, losing the browser wars. I suggest Safari or Chrome.
Simultaneously, I've noticed that when I look at the WIFI Networks by clicking on the icon on the top tool bar, there is always a network with the ominous name "Download Virus.exe".
You have a clever neighbor who doesn't want people freeloading on their network.
Finally, a normal website, (pinterest) suddenly stopped working on Firefox, but works on Safari, and the people there say no one else has reported such a problem. I've reinstalled Firefox completely by deleting the application and re-installing, though when I reinstalled it still had all my bookmarks, and add-ons (How did it know?)
Bookmarks and add-ons are stored separated from the application - probably somewhere in your home directory in the Library folder. I'm not familiar with Firefox so I don't know exactly where. It is probably one of those add-ons that is breaking Pinterest.
My Question: Is it possible I've run into some kind of virus that is affecting my internet work?
Of course, anything is possibile. But it is very unlikely.
Similar Messages
-
SAP-Basis System: 1 possible network problems detected - check tracefile
Dear Gurus,
I am getting this error in syslog in MMC for ECC 6.0 on windows with db2.
SAP-Basis System: > 1 possible network problems detected - check tracefile and adjust.
Regards
Rao.hi,
can you look at this
[http://sapbasisnotes.blogspot.com/2009/05/sap-startup-problems-in-windows.html]
Regards,
Muralidhar -
FS[3988]: Possible network disconnect with primary database
Hi All,
In the standby database alert log I'm getting the below error:
Thu Feb 10 11:09:10 2011
RFS[3971]: Possible network disconnect with primary database
Thu Feb 10 11:10:11 2011
RFS[3976]: Possible network disconnect with primary database
Thu Feb 10 11:11:12 2011
RFS[3979]: Possible network disconnect with primary database
Thu Feb 10 11:12:13 2011
RFS[3982]: Possible network disconnect with primary database
Thu Feb 10 11:13:15 2011
RFS[3985]: Possible network disconnect with primary database
There is no error in the primary database regarding this.
And after this no archive logs are being pushed to the standby database.
In V$ARCHIVE_DEST_STATUS view the column synchronizaion_status says CHECK NETWORK for dest_name LOG_ARCHIVE_DEST_2
Please advice.
Thanks.
Regards,
Ashwani N.Both messages look crystal clear to me.
Did you check the network?
If not, why not?
Your posting history here is a bit appalling
823436
Newbie
Handle: 823436
Status Level: Newbie
Registered: Dec 24, 2010
Total Posts: 28
Total Questions: 9 (7 unresolved)
Sybrand Bakker
Senior Oracle DBA -
Email message rejected for possible spam/virus content
When I do a Reply All on an email that includes my own Mail email address in the recipient list, the reply is delivered to everyone but me. I get a [email protected] email with a Diagnostic code: "smtp;553 5.3.0 17.158.232.236 Your message was rejected for possible spam/virus content.Please ask your email provider to visithttp://emailadmin.registeredsite.com for resolution."
This never happened before. The only thing that has changed on my system is that I have recently installed Webroot SecureAnywhere antivirus. Any ideas?I suggest you contact godaddy for some support using their mail service.
-
Standby database,Possible network disconnect with primary database
Hello
I have a database on linux with standby configured on different server with same os and database version.When i was about clone primary database through OEM,it stuck in the middle and popup for recovery. I restored and recover whole database. Then, the alert log on the standby database shows this error.
Possible network disconnect with primary database.
I checked standby databsase,listener is up & running. But archive files are getting into standby database.
What should i do now? Please anybody can put some light on this.
Thanks
ArizIs there anything in the primary alert log? Can you tnsping the standby instance from the primary server, and the primary instance from the standby server?
-
Basis System: 2 possible network problems detected - check tracefile
Hi Experts,
I have installed a a Netweaver 7.01 when i start the server throught MMC
first the dispatcher show the message as unable to reach teh message server
but where as message server is running successfully.
after few seconds it shows the status Stopped
Below is my trace please help me to solve this issue.
Thanks,
Veeru.
trc file: "dev_disp", trc level: 1, release: "700"
sysno 00
sid NSP
systemid 560 (PC with Windows NT)
relno 7000
patchlevel 0
patchno 95
intno 20050900
make: multithreaded, ASCII, optimized
pid 3892
Wed Jan 14 05:46:37 2009
kernel runs with dp version 224(ext=109) (@(#) DPLIB-INT-VERSION-224)
length of sys_adm_ext is 360 bytes
SWITCH TRC-HIDE on ***
***LOG Q00=> DpSapEnvInit, DPStart (00 3892) [dpxxdisp.c 1239]
shared lib "dw_xml.dll" version 95 successfully loaded
shared lib "dw_xtc.dll" version 95 successfully loaded
shared lib "dw_stl.dll" version 95 successfully loaded
shared lib "dw_gui.dll" version 95 successfully loaded
shared lib "dw_mdm.dll" version 95 successfully loaded
rdisp/softcancel_sequence : -> 0,5,-1
use internal message server connection to port 3900
Wed Jan 14 05:46:39 2009
WARNING => DpNetCheck: NiHostToAddr(www.doesnotexist0121.qqq.nxst) took 2 seconds
Wed Jan 14 05:46:44 2009
WARNING => DpNetCheck: NiAddrToHost(1.0.0.0) took 5 seconds
***LOG GZZ=> 2 possible network problems detected - check tracefile and adjust the DNS settings [dpxxtool2.c 5355]
MtxInit: 30000 0 0
DpSysAdmExtInit: ABAP is active
DpSysAdmExtInit: VMC (JAVA VM in WP) is not active
DpIPCInit2: start server >Veeru_NSP_00 <
DpShMCreate: sizeof(wp_adm) 6328 (904)
DpShMCreate: sizeof(tm_adm) 3605136 (17936)
DpShMCreate: sizeof(wp_ca_adm) 1200 (60)
DpShMCreate: sizeof(appc_ca_adm) 1200 (60)
DpCommTableSize: max/headSize/ftSize/tableSize=500/8/528040/528048
DpShMCreate: sizeof(comm_adm) 528048 (1048)
DpSlockTableSize: max/headSize/ftSize/fiSize/tableSize=0/0/0/0/0
DpShMCreate: sizeof(slock_adm) 0 (96)
DpFileTableSize: max/headSize/ftSize/tableSize=0/0/0/0
DpShMCreate: sizeof(file_adm) 0 (72)
DpShMCreate: sizeof(vmc_adm) 0 (1280)
DpShMCreate: sizeof(wall_adm) (22440/34344/56/100)
DpShMCreate: sizeof(gw_adm) 48
DpShMCreate: SHM_DP_ADM_KEY (addr: 04ED0040, size: 4205552)
DpShMCreate: allocated sys_adm at 04ED0040
DpShMCreate: allocated wp_adm at 04ED1A28
DpShMCreate: allocated tm_adm_list at 04ED32E0
DpShMCreate: allocated tm_adm at 04ED3310
DpShMCreate: allocated wp_ca_adm at 052435A0
DpShMCreate: allocated appc_ca_adm at 05243A50
DpShMCreate: allocated comm_adm at 05243F00
DpShMCreate: system runs without slock table
DpShMCreate: system runs without file table
DpShMCreate: allocated vmc_adm_list at 052C4DB0
DpShMCreate: allocated gw_adm at 052C4DF0
DpShMCreate: system runs without vmc_adm
DpShMCreate: allocated ca_info at 052C4E20
DpShMCreate: allocated wall_adm at 052C4E28
MBUF state OFF
DpCommInitTable: init table for 500 entries
Wed Jan 14 05:46:50 2009
EmInit: MmSetImplementation( 2 ).
MM global diagnostic options set: 0
<ES> client 0 initializing ....
<ES> InitFreeList
<ES> block size is 1024 kByte.
Using implementation view
<EsNT> Memory Reset disabled as NT default
ERROR => <EsNT> NTGetBaseAddress failed, no free region [esnti.c 1450]
Error 15 while initializing OS dependent part.
ERROR => DpEmInit: EmInit (1) [dpxxdisp.c 9556]
ERROR => DpMemInit: DpEmInit (-1) [dpxxdisp.c 9485]
DP_FATAL_ERROR => DpSapEnvInit: DpMemInit
DISPATCHER EMERGENCY SHUTDOWN ***
increase tracelevel of WPs
NiWait: sleep (10000ms) ...
NiISelect: timeout 10000ms
NiISelect: maximum fd=1
NiISelect: read-mask is NULL
NiISelect: write-mask is NULL
Wed Jan 14 05:47:00 2009
NiISelect: TIMEOUT occured (10000ms)
dump system status
Workprocess Table (long) Tue Jan 13 21:47:00 2009
========================
No Ty. Pid Status Cause Start Err Sem CPU Time Program Cl User Action Table
ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c 785]
0 ? -1 Free no 0 0 0
ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c 785]
1 ? -1 Free no 0 0 0
ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c 785]
2 ? -1 Free no 0 0 0
ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c 785]
3 ? -1 Free no 0 0 0
ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c 785]
4 ? -1 Free no 0 0 0
ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c 785]
5 ? -1 Free no 0 0 0
ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c 785]
6 ? -1 Free no 0 0 0
Dispatcher Queue Statistics Tue Jan 13 21:47:00 2009
===========================
--------++++--
+
Typ
now
high
max
writes
reads
--------++++--
+
NOWP
0
0
2000
0
0
--------++++--
+
DIA
0
0
2000
0
0
--------++++--
+
UPD
0
0
2000
0
0
--------++++--
+
ENQ
0
0
2000
0
0
--------++++--
+
BTC
0
0
2000
0
0
--------++++--
+
SPO
0
0
2000
0
0
--------++++--
+
UP2
0
0
2000
0
0
--------++++--
+
max_rq_id 0
wake_evt_udp_now 0
wake events total 0, udp 0 ( 0%), shm 0 ( 0%)
since last update total 0, udp 0 ( 0%), shm 0 ( 0%)
Dump of tm_adm structure: Tue Jan 13 21:47:00 2009
=========================
Term uid man user term lastop mod wp ta a/i (modes)
Workprocess Comm. Area Blocks Tue Jan 13 21:47:00 2009
=============================
Slots: 20, Used: 0, Max: 0
--------++--
+
id
owner
pid
eyecatcher
--------++--
+
NiWait: sleep (5000ms) ...
NiISelect: timeout 5000ms
NiISelect: maximum fd=1
NiISelect: read-mask is NULL
NiISelect: write-mask is NULL
Wed Jan 14 05:47:05 2009
NiISelect: TIMEOUT occured (5000ms)
DpHalt: shutdown server >Veeru_NSP_00 < (normal)
DpJ2eeDisableRestart
Switch off Shared memory profiling
ShmProtect( 57, 3 )
ShmProtect(SHM_PROFILE, SHM_PROT_RW
ShmProtect( 57, 1 )
ShmProtect(SHM_PROFILE, SHM_PROT_RD
DpWakeUpWps: wake up all wp's
Stop work processes
Terminate gui connections
wait for end of work processes
not attached to the message server
cleanup EM
EsCleanup ....
EmCleanup() -> 0
Es2Cleanup: Cleanup ES2
Wed Jan 14 05:47:06 2009
***LOG Q05=> DpHalt, DPStop ( 3892) [dpxxdisp.c 10333]
Good Bye .....Hi Eric,
Actually in my NSP_DVEBMS00_VEERU thePHYS_MEMSIZE is set to 128
So.....
Do i need to change in the here below file.....:
If yes wht shall i change it to ?
Template for ABAP SID_INSTANCE_HOST
SAPSYSTEMNAME = NSP
SAPGLOBALHOST = Veeru
SAPSYSTEM = 00
INSTANCE_NAME = DVEBMGS00
DIR_EXECUTABLE = C:\SAP\NSP\SYS\exe\run
DIR_CT_RUN = C:\SAP\NSP\SYS\exe\run
Instance runs without sapmnt saploc shares
DIR_INSTANCE = C:\SAP\NSP\DVEBMGS00
DIR_INSTALL = C:\SAP\NSP\SYS
DIR_HOME = $(DIR_INSTANCE)\work
DIR_GLOBAL = C:\SAP\NSP\SYS\global
PHYS_MEMSIZE = 128
rdisp/wp_no_dia = 3
rdisp/wp_no_btc = 1
icm/server_port_0 = PROT=HTTP,PORT=80$$
SAP Messaging Service parameters are set in the DEFAULT.PFL
ms/server_port_0 = PROT=HTTP,PORT=81$$
rdisp/wp_no_enq = 1
rdisp/wp_no_vb = 1
rdisp/wp_no_spo = 1
rdisp/enqname = Veeru_NSP_00
rdisp/myname = Veeru_NSP_00
abap/buffersize = 100000
alert/MONI_SEGM_SIZE = 0
enque/table_size = 2000
rspo/local_print/method = 2
rsdb/ntab/entrycount = 5000
rsdb/ntab/ftabsize = 3000
rsdb/ntab/sntabsize = 100
rsdb/ntab/irbdsize = 1000
rsdb/cua/buffersize = 500
rsdb/obj/buffersize = 2048
rsdb/obj/max_objects = 500
rsdb/otr/buffersize_kb = 1000
rsts/ccc/cachesize = 6000000
rtbb/buffer_length = 500
rtbb/max_tables = 50
sap/bufdir_entries = 200
zcsa/installed_languages = ED
zcsa/presentation_buffer_area = 350000
zcsa/calendar_area = 300000
zcsa/table_buffer_area = 3000000
zcsa/db_max_buftab = 500
ztta/roll_area = 1000000
ztta/diag_area = 128000
ztta/dynpro_area = 150000
ztta/cua_area = 250000
rdisp/PG_SHM = 100
rdisp/ROLL_SHM = 100
rdisp/autoabaptime = 0
rdisp/bufrefmode = sendoff,exeoff
rdisp/wp_ca_blk_no = 20
rdisp/appc_ca_blk_no = 20
rdisp/max_wprun_time = 300
icm/min_threads = 5
icm/max_threads = 10
icm/max_conn = 20
icm/host_name_full = localhost
mpi/total_size_MB = 10
auth/new_buffering = 1
sapgui/user_scripting = TRUE
ssf/name = SAPSECULIB
ssf/ssfapi_lib = $(DIR_CT_RUN)\sapsecu.dll
sec/libsapsecu = $(DIR_CT_RUN)\sapsecu.dll
login/create_sso2_ticket = 2
login/accept_sso2_ticket = 1
login/ticket_only_to_host = 1
rsdb/dbid = NSP
dbs/ada/schema = SAPNSP -
RFS[2647]: Possible network disconnect with primary database
Hi Guys,
I am working as a L1 DBA in my project. We have a 3node RAC database 11.2.0.1.0 and the standby database was in sink with production till yesterday. Suddenly we realized that out primary and standby is not in sink.. Logs are shipped from primary but it is not applying in standby. While checking the alertlog I can see these errors.
RFS[2649]: Assigned to RFS process 23250
RFS[2649]: Identified database type as 'physical standby': Client is ARCH pid 16573
Mon Jul 23 11:55:42 2012
RFS[2647]: Possible network disconnect with primary database
I have performed a media recovery but still I am facing the above errors. I thought earlier that there might be some network issue but we can ping the service names from both the primary and standby.
Can you please suggest me the steps that I can go through and fix this issue.
Regards,
Arijit937670 wrote:
Hi Guys,
I am working as a L1 DBA in my project. We have a 3node RAC database 11.2.0.1.0 and the standby database was in sink with production till yesterday. Suddenly we realized that out primary and standby is not in sink.. Logs are shipped from primary but it is not applying in standby. While checking the alertlog I can see these errors.
RFS[2649]: Assigned to RFS process 23250
RFS[2649]: Identified database type as 'physical standby': Client is ARCH pid 16573
Mon Jul 23 11:55:42 2012
RFS[2647]: Possible network disconnect with primary database
I have performed a media recovery but still I am facing the above errors. I thought earlier that there might be some network issue but we can ping the service names from both the primary and standby.
Can you please suggest me the steps that I can go through and fix this issue.
Regards,
ArijitLops may shipping of other node, can you check it is able to receive archives from all the nodes? May be you having issue from one node.
also there would be network disconnect for some time, its usually happens, if not can you query below output from primary
SQL> select message,error_code,to_char(timestamp,'DD-MON-YYYY HH24:MI:SS') from v$dataguard_status where dest_id=2; -
ARCH: Possible network disconnect with primary database
Dear buddies,
My database has a primary database which has a few sub databases.
They are in different servers.
One of the sub database has this error in the alert log everyday during backup time.
But finally the backup is successful.
Is this a network problem?
Please guide me.
Thanks in advance.user645399 wrote:
Dear SB:
THis is the error I come across once in a while in my alert log:
ARCH: Possible network disconnect with primary database
post
select FACILITY,SEVERITY,MESSAGE_NUM,ERROR_CODE,CALLOUT,to_char(timestamp,'DD-MON-YYYY HH24:MI:SS'),MESSAGE from v$dataguard_status where dest_id=2;
sample
SQL> select FACILITY,SEVERITY,MESSAGE_NUM,ERROR_CODE,CALLOUT,to_char(timestamp,'DD-MON-YYYY HH24:MI:SS'),MESSAGE from v$dataguard_status where dest_id=2;
FACILITY SEVERITY MESSAGE_NUM ERROR_CODE CAL TO_CHAR(TIMESTAMP,'D MESSAGE
Log Transport Services Error 312410 3135 YES 27-JUL-2011 05:01:51 NSA: Error 3135 archiving log 5 to 'stby'
Log Transport Services Error 312539 3135 YES 27-JUL-2011 16:56:40 NSA: Error 3135 archiving log 7 to 'stby'
SQL> -
Time Capsule Problems - Possibly Anti Virus Related?
I have had a 500gb Time Capsule for several months and despite several calls to tech support, I have not been able to get it to properly back up.
Could it possible be related to the McAfee anti virus software that I have running?
The backup will start.. but never reach completion before locking up the system.
Anyone have similar problems?
Thanks!v5.7 is the latest firmware for your AEB 802.11g.
v7.3.2 is the latest firmware for the TC.
You should probably do these simple maintenance tasks:
Simple Maintenance Tasks:
1. Repair Permissions - /Applications/Utilities/Disk Utility.app. Start Disk Utility, select your HD and click on Repair Permissions. When finished, quit Disk Utility and then restart your computer.
2. Reset PRAM - hold down Option-Command-P-R keys when starting until you hear the startup chime a 2nd time.
3. Safe Mode Startup - hold down the Shift-key at startup until you see the login screen. When logged-in, then go to System Preferences/Network/AirPort
- click on the 'Network Name:' roll-button, select 'Join Other Network...', enter 'Network Name and select the security type you are using, and finally, enter your Password and click 'Join'.
- click on 'Advanced', TCP/IP and confirm that 'Configure IPv4:' is set to 'Using DHCP', click 'OK'.
- click the 'Apply' button and exit System Preferences.
Make sure you separate the AirPort Base Station and the wireless phone by as large a distance as you can.
You could enact Interference Robustness, but it will reduce the range of your AirPort base station:
1. Open AirPort Utility, select the AirPort Base Station (main) and click on 'Manual Setup'.
2. Click on 'Wireless' tab and click 'Wireless Options'.
3. Tick 'Use interference robustness, click 'Done', and click 'Update'.
4. Wait for ABS to restart. Restart your computer and test. -
Possible DNS virus - started 3 days ago with typing sounds (I'm not typing)
Today when I powered up, the message "another device is using your IP address. . ."
I'm thinking a virus has setup my mac to create a DNS on some website.
I Googled this, and read that some XXX sites can put sounds of typing on your mac,
but I'm there only user on my Mac, and XXX sites are not my bailiwick, so that
couldn't be the source on this machine.
I don't have malware detection software, so how do I resolve this? Anybody else
out there experience this?I think you're looking in completely the wrong area.
I'm thinking a virus has setup my mac to create a DNS on some website.
That sentence doesn't even make sense to me. It certainly doesn't relate to:
Today when I powered up, the message "another device is using your IP address. . ."
This message means exactly what it says - there is another device on your network using the same IP address. IP addresses are required to be unique within a LAN, so you cannot have two machines using the same IP address.
What this is telling you is that there's another device on your network using the same IP address your machine is trying to use. The causes are many - it could be as simple as a misconfigured DHCP server, your machine being misconfigured, another device on your network being misconfigured, or a rogue device that's somehow joined your network. Note that only one of those four scenarios is in any way suspicious.
You need to look at your network to see what devices are attached. Bear in mind that many devices nowadays have a LAN or internet connection, so consider your printer, AppleTV, XBox/PS3/Wii, your TV, your DVD player, your phone... heck, even some refrigerators nowadays have network connections.
If you have a wireless network it's also possible that someone's joined your network by guessing your encryption key (you are using a WPA-protected network, right?). Your router admin page/app should give you a list of who's connected.
If the rogue device is a wireless device then consider changing your network password on the base station and all valid devices - that should lock him out (until he guesses the password again, so make sure it's a strong one). -
Possible network issues preventing successful application data transfer?
Hello all.
We are having a few issues with a specific set up here at work involving Oracle 11, and Oracle 9 databases and I was hoping someone with a fair idea of how Oracle configurations work when it comes to network connectivity and data transfer would mind sharing their opinion on the matter.
First off, a bit of background. I'm a network security engineer by trade and my experience when it comes to the application side of things, specifically databases is inherently weak; so I apologise if my terminology or logic is slightly off here.
Basically what I'm trying to determine is where a fault lies between our users using a terminal server and a remote Oracle SQL database that should service their requests.
The problem lies wherein the user will utilise the 'sqlplus' application invoked from a Windows command prompt window, and expect to be able login and query a database. I believe we have two versions available to use, version 9 which is not actually in production but able to be used for testing and version 11 which is active in production.
When accessing Oracle 11 servers will hang where we expect to see a successful connection followed by a healthy looking "SQL>" prompt data transfer appears to stall as follows:
C:\>sqlplus username/[email protected]
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Sep 22 18:12:17 2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
*hangs here*If we try on the Oracle 9 setup things look fine initially:
C:\>sqlplus username/[email protected]
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Sep 22 18:19:20 2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.6.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.6.0 - ProductionHowever once connected to the Oracle 9 box; if we run a query similar to:
sqlplus username/[email protected]
select * from <database> where rownum < 10;This will again hang.
That said however, if we try and run a query similar to:
sqlplus username/[email protected]
select * from <database> where rownum < 5;This will return 4 rows of usable data, without issue.
Our systems engineer provided me with a SQLNET trace from the server side and believes he's identified where it occurs:
[21-SEP-2010 16:06:42:989] nsdo: entry
[21-SEP-2010 16:06:42:989] nsdo: cid=0, opcode=85, *bl=0, *what=0, uflgs=0x0, cflgs=0x3
[21-SEP-2010 16:06:42:989] nsdo: rank=64, nsctxrnk=0
[21-SEP-2010 16:06:42:990] nsdo: nsctx: state=8, flg=0x420c, mvd=0
[21-SEP-2010 16:06:42:990] nsdo: gtn=156, gtc=156, ptn=10, ptc=2011
[21-SEP-2010 16:06:42:990] nsdo: switching to application buffer
[21-SEP-2010 16:06:42:990] nsrdr: entry
[21-SEP-2010 16:06:42:990] nsrdr: recving a packet
[21-SEP-2010 16:06:42:990] nsprecv: entry
[21-SEP-2010 16:06:42:990] nsprecv: reading from transport...
[21-SEP-2010 16:06:42:990] nttrd: entry
# HANG OCCURS HERE
[21-SEP-2010 16:10:13:347] ntt2err: entry
[21-SEP-2010 16:10:13:347] ntt2err: soc 25 error - operation=5, ntresnt[0]=517, ntresnt[1]=131, ntresnt[2]=0
[21-SEP-2010 16:10:13:347] ntt2err: exit
[21-SEP-2010 16:10:13:347] nttrd: exit
[21-SEP-2010 16:10:13:347] nsprecv: transport read error
[21-SEP-2010 16:10:13:347] nsprecv: error exit
[21-SEP-2010 16:10:13:347] nserror: entry
[21-SEP-2010 16:10:13:347] nserror: nsres: id=0, op=68, ns=12547, ns2=12560; nt[0]=517, nt[1]=131, nt[2]=0; ora[0]=0, ora[1]=0, ora[2]=0
[21-SEP-2010 16:10:13:348] nsrdr: error exit
[21-SEP-2010 16:10:13:348] nsdo: nsctxrnk=0
[21-SEP-2010 16:10:13:348] nsdo: error exit
[21-SEP-2010 16:10:13:348] nioqrc: wanted 1 got 0, type 0
[21-SEP-2010 16:10:13:348] nioqper: error from nioqrc
[21-SEP-2010 16:10:13:348] nioqper: nr err code: 0
[21-SEP-2010 16:10:13:348] nioqper: ns main err code: 12547
[21-SEP-2010 16:10:13:348] nioqper: ns (2) err code: 12560
[21-SEP-2010 16:10:13:348] nioqper: nt main err code: 517
[21-SEP-2010 16:10:13:348] nioqper: nt (2) err code: 131
[21-SEP-2010 16:10:13:349] nioqper: nt OS err code: 0
[21-SEP-2010 16:10:13:349] nioqer: entry
[21-SEP-2010 16:10:13:349] nioqer: incoming err = 12151
[21-SEP-2010 16:10:13:349] nioqce: entry
[21-SEP-2010 16:10:13:349] nioqce: exit
[21-SEP-2010 16:10:13:349] nioqer: returning err = 3113
[21-SEP-2010 16:10:13:349] nioqer: exit
[21-SEP-2010 16:10:13:349] nioqrc: exit
[21-SEP-2010 16:10:13:349] nioqds: entry
[21-SEP-2010 16:10:13:349] nioqds: disconnecting...
[21-SEP-2010 16:10:13:349] nsdo: entry
[21-SEP-2010 16:10:13:349] nsdo: cid=0, opcode=67, *bl=0, *what=1, uflgs=0x2, cflgs=0x3
[21-SEP-2010 16:10:13:350] nsdo: rank=64, nsctxrnk=0
[21-SEP-2010 16:10:13:350] nsdo: nsctx: state=1, flg=0x420c, mvd=0
[21-SEP-2010 16:10:13:350] nsdo: nsctxrnk=0
[21-SEP-2010 16:10:13:350] nsdo: error exitFrom the client log side, it looks like this:
[21-SEP-2010 16:06:42:886] nsdo: entry
[21-SEP-2010 16:06:42:886] nsdo: cid=0, opcode=84, *bl=0, *what=1, uflgs=0x20, cflgs=0x3
[21-SEP-2010 16:06:42:886] nsdo: rank=64, nsctxrnk=0
[21-SEP-2010 16:06:42:886] nsdo: nsctx: state=8, flg=0x400d, mvd=0
[21-SEP-2010 16:06:42:886] nsdo: gtn=127, gtc=127, ptn=10, ptc=2011
[21-SEP-2010 16:06:42:886] nsdofls: entry
[21-SEP-2010 16:06:42:886] nsdofls: DATA flags: 0x0
[21-SEP-2010 16:06:42:886] nsdofls: sending NSPTDA packet
[21-SEP-2010 16:06:42:886] nspsend: entry
[21-SEP-2010 16:06:42:886] nspsend: plen=17, type=6
[21-SEP-2010 16:06:42:886] nttwr: entry
[21-SEP-2010 16:06:42:886] nttwr: socket 1724 had bytes written=17
[21-SEP-2010 16:06:42:886] nttwr: exit
[21-SEP-2010 16:06:42:886] nspsend: packet dump
[21-SEP-2010 16:06:42:886] nspsend: 00 11 00 00 06 00 00 00 |........|
[21-SEP-2010 16:06:42:886] nspsend: 00 00 03 05 1C 01 01 01 |........|
[21-SEP-2010 16:06:42:886] nspsend: 0F |. |
[21-SEP-2010 16:06:42:886] nspsend: 17 bytes to transport
[21-SEP-2010 16:06:42:886] nspsend: normal exit
[21-SEP-2010 16:06:42:886] nsdofls: exit (0)
[21-SEP-2010 16:06:42:886] nsdo: nsctxrnk=0
[21-SEP-2010 16:06:42:886] nsdo: normal exit
[21-SEP-2010 16:06:42:886] nsdo: entry
[21-SEP-2010 16:06:42:886] nsdo: cid=0, opcode=85, *bl=0, *what=0, uflgs=0x0, cflgs=0x3
[21-SEP-2010 16:06:42:886] nsdo: rank=64, nsctxrnk=0
[21-SEP-2010 16:06:42:886] nsdo: nsctx: state=8, flg=0x400d, mvd=0
[21-SEP-2010 16:06:42:886] nsdo: gtn=127, gtc=127, ptn=10, ptc=2011
[21-SEP-2010 16:06:42:886] nsdo: switching to application buffer
[21-SEP-2010 16:06:42:886] nsrdr: entry
[21-SEP-2010 16:06:42:886] nsrdr: recving a packet
[21-SEP-2010 16:06:42:886] nsprecv: entry
[21-SEP-2010 16:06:42:886] nsprecv: reading from transport...
[21-SEP-2010 16:06:42:886] nttrd: entry
# HANG OCCURS HERE
# Need to <CTRL C> twice to kill
#I've tried searching the net for similar occurrences of some of the interesting looking trace data but there appears to be limited information available, none of which is terribly helpful.
What I'm really after is either someone who has had this issue before, or someone who can better interpret the error output from the trace files and perhaps give me an idea of what's causing it to occur. Specifically whether that error text above relates to a failed connection on the underlying network connectivity side of things or whether it may be something on a higher level within the application layers. We have done packet dumps on firewalls to check the traffic as it traverses the firewall but there are no anomalies that I can see which may be contributing to the issue at hand.
I have organised for some testing to occur within the next 24 hours as there is a Cisco ASA Firewall that sits in the network path that is performing inspection on packets travelling through it. The inspection for SQLNET specifically is disabled, but we intend to enable this once more for testing to see whether it makes a difference. I'm not entirely confident it will however, and until we do get a chance to test any constructive input or alternate ideas will be greatly appreciated. I'm trying to cover as many bases as possible here.
Cheers,
Josh.So some further testing doesn't show anything interesting. But that said here's a look at a TCP Dump for the Oracle 11 session that hangs:
SNORT01:~ # tcpdump -nni bond0 -vvv vlan and host 125.x.x.x and host 172.x.x.x -c 10000
tcpdump: WARNING: bond0: no IPv4 address assigned
tcpdump: listening on bond0, link-type EN10MB (Ethernet), capture size 68 bytes
21:55:43.781596 IP (tos 0x0, ttl 126, id 24439, offset 0, flags [DF], proto: TCP (6), length: 48) 125.x.x.x.62008 > 172.x.x.x.1521: S, cksum 0x4d0a (correct), 2416392635:2416392635(0) win 64512 <mss 1380,nop,nop,sackOK>
21:55:43.782454 IP (tos 0x0, ttl 59, id 50281, offset 0, flags [DF], proto: TCP (6), length: 48) 172.x.x.x.1521 > 125.x.x.x.62008: S, cksum 0xc0ae (correct), 3123579836:3123579836(0) ack 2416392636 win 49680 <mss 1460,nop,nop,sackOK>
21:55:43.783311 IP (tos 0x0, ttl 126, id 24440, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.62008 > 172.x.x.x.1521: ., cksum 0xb382 (correct), 1:1(0) ack 1 win 64512
21:55:43.787142 IP (tos 0x0, ttl 126, id 24441, offset 0, flags [DF], proto: TCP (6), length: 284) 125.x.x.x.62008 > 172.x.x.x.1521: P 1:245(244) ack 1 win 64512
21:55:43.788504 IP (tos 0x0, ttl 59, id 50282, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.62008: ., cksum 0xed72 (correct), 1:1(0) ack 245 win 49436
21:55:43.859023 IP (tos 0x0, ttl 59, id 50283, offset 0, flags [DF], proto: TCP (6), length: 48) 172.x.x.x.1521 > 125.x.x.x.62008: P, cksum 0xe166 (correct), 1:9(8) ack 245 win 49680
21:55:43.860392 IP (tos 0x0, ttl 126, id 24445, offset 0, flags [DF], proto: TCP (6), length: 284) 125.x.x.x.62008 > 172.x.x.x.1521: P 245:489(244) ack 9 win 64504
21:55:43.861773 IP (tos 0x0, ttl 59, id 50284, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.62008: ., cksum 0xeb82 (correct), 9:9(0) ack 489 win 49680
21:55:43.861908 IP (tos 0x0, ttl 59, id 50285, offset 0, flags [DF], proto: TCP (6), length: 72) 172.x.x.x.1521 > 125.x.x.x.62008: P 9:41(32) ack 489 win 49680
21:55:43.865341 IP (tos 0x0, ttl 126, id 24446, offset 0, flags [DF], proto: TCP (6), length: 196) 125.x.x.x.62008 > 172.x.x.x.1521: P 489:645(156) ack 41 win 64472
21:55:43.867017 IP (tos 0x0, ttl 59, id 50286, offset 0, flags [DF], proto: TCP (6), length: 167) 172.x.x.x.1521 > 125.x.x.x.62008: P 41:168(127) ack 645 win 49680
21:55:43.874836 IP (tos 0x0, ttl 126, id 24447, offset 0, flags [DF], proto: TCP (6), length: 77) 125.x.x.x.62008 > 172.x.x.x.1521: P 645:682(37) ack 168 win 64345
21:55:43.876405 IP (tos 0x0, ttl 59, id 50287, offset 0, flags [DF], proto: TCP (6), length: 226) 172.x.x.x.1521 > 125.x.x.x.62008: P 168:354(186) ack 682 win 49680
21:55:43.995921 IP (tos 0x0, ttl 126, id 24451, offset 0, flags [DF], proto: TCP (6), length: 1420) 125.x.x.x.62008 > 172.x.x.x.1521: . 682:2062(1380) ack 354 win 64159
21:55:43.995978 IP (tos 0x0, ttl 126, id 24452, offset 0, flags [DF], proto: TCP (6), length: 671) 125.x.x.x.62008 > 172.x.x.x.1521: P 2062:2693(631) ack 354 win 64159
21:55:43.999910 IP (tos 0x0, ttl 59, id 50288, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.62008: ., cksum 0xe18d (correct), 354:354(0) ack 2693 win 49680
21:55:44.015402 IP (tos 0x0, ttl 126, id 24455, offset 0, flags [DF], proto: TCP (6), length: 326) 125.x.x.x.62008 > 172.x.x.x.1521: P 2693:2979(286) ack 354 win 64159
21:55:44.020491 IP (tos 0x0, ttl 59, id 50289, offset 0, flags [DF], proto: TCP (6), length: 1420) 172.x.x.x.1521 > 125.x.x.x.62008: . 354:1734(1380) ack 2979 win 49680
21:55:44.020789 IP (tos 0x0, ttl 59, id 50290, offset 0, flags [DF], proto: TCP (6), length: 671) 172.x.x.x.1521 > 125.x.x.x.62008: P 1734:2365(631) ack 2979 win 49680
21:55:44.021015 IP (tos 0x0, ttl 59, id 50291, offset 0, flags [DF], proto: TCP (6), length: 355) 172.x.x.x.1521 > 125.x.x.x.62008: P 2365:2680(315) ack 2979 win 49680
21:55:44.022489 IP (tos 0x0, ttl 126, id 24457, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.62008 > 172.x.x.x.1521: ., cksum 0x9ea4 (correct), 2979:2979(0) ack 2365 win 64512
21:55:44.148236 IP (tos 0x0, ttl 126, id 24461, offset 0, flags [DF], proto: TCP (6), length: 215) 125.x.x.x.62008 > 172.x.x.x.1521: P 2979:3154(175) ack 2680 win 64197
21:55:44.152125 IP (tos 0x0, ttl 59, id 50292, offset 0, flags [DF], proto: TCP (6), length: 187) 172.x.x.x.1521 > 125.x.x.x.62008: P 2680:2827(147) ack 3154 win 49680
21:55:44.174040 IP (tos 0x0, ttl 126, id 24462, offset 0, flags [DF], proto: TCP (6), length: 1054) 125.x.x.x.62008 > 172.x.x.x.1521: P 3154:4168(1014) ack 2827 win 64050
21:55:44.732635 IP (tos 0x0, ttl 126, id 24482, offset 0, flags [DF], proto: TCP (6), length: 1054) 125.x.x.x.62008 > 172.x.x.x.1521: P 3154:4168(1014) ack 2827 win 64050
21:55:44.735346 IP (tos 0x0, ttl 59, id 50294, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.62008: ., cksum 0xcefc (correct), 3632:3632(0) ack 4168 win 49680
21:56:17.076742 IP (tos 0x0, ttl 126, id 25631, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.62008 > 172.x.x.x.1521: R, cksum 0x942e (correct), 4168:4168(0) ack 2827 win 0
*SQL session hangs here*The 'RESET' occurs when I kill the client using CTRL+C after a long period of inactivity, not during the session itself.
And then.. Here's a successful login and query of 7 rows on the Oracle 9 database from a network perspective:
SNORT01:~ # tcpdump -nni bond0 -vvv vlan and host 125.x.x.x and host 172.x.x.x -c 10000
tcpdump: WARNING: bond0: no IPv4 address assigned
tcpdump: listening on bond0, link-type EN10MB (Ethernet), capture size 68 bytes
21:53:27.598450 IP (tos 0x0, ttl 126, id 19396, offset 0, flags [DF], proto: TCP (6), length: 48) 125.x.x.x.61937 > 172.x.x.x.1521: S, cksum 0xc9b4 (correct), 2519356327:2519356327(0) win 64512 <mss 1380,nop,nop,sackOK>
21:53:27.612189 IP (tos 0x0, ttl 53, id 46015, offset 0, flags [DF], proto: TCP (6), length: 48) 172.x.x.x.1521 > 125.x.x.x.61937: S, cksum 0x1cdb (correct), 1010936359:1010936359(0) ack 2519356328 win 49680 <mss 1460,nop,nop,sackOK>
21:53:27.612905 IP (tos 0x0, ttl 126, id 19398, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: ., cksum 0x0faf (correct), 1:1(0) ack 1 win 64512
21:53:27.616233 IP (tos 0x0, ttl 126, id 19399, offset 0, flags [DF], proto: TCP (6), length: 321) 125.x.x.x.61937 > 172.x.x.x.1521: P 1:282(281) ack 1 win 64512
21:53:27.629987 IP (tos 0x0, ttl 53, id 46016, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x4886 (correct), 1:1(0) ack 282 win 49680
21:53:27.692135 IP (tos 0x0, ttl 53, id 46017, offset 0, flags [DF], proto: TCP (6), length: 48) 172.x.x.x.1521 > 125.x.x.x.61937: P, cksum 0x3d6e (correct), 1:9(8) ack 282 win 49680
21:53:27.693603 IP (tos 0x0, ttl 126, id 19402, offset 0, flags [DF], proto: TCP (6), length: 321) 125.x.x.x.61937 > 172.x.x.x.1521: P 282:563(281) ack 9 win 64504
21:53:27.707460 IP (tos 0x0, ttl 53, id 46018, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x4765 (correct), 9:9(0) ack 563 win 49680
21:53:27.707883 IP (tos 0x0, ttl 53, id 46019, offset 0, flags [DF], proto: TCP (6), length: 72) 172.x.x.x.1521 > 125.x.x.x.61937: P 9:41(32) ack 563 win 49680
21:53:27.711950 IP (tos 0x0, ttl 126, id 19403, offset 0, flags [DF], proto: TCP (6), length: 196) 125.x.x.x.61937 > 172.x.x.x.1521: P 563:719(156) ack 41 win 64472
21:53:27.725971 IP (tos 0x0, ttl 53, id 46020, offset 0, flags [DF], proto: TCP (6), length: 167) 172.x.x.x.1521 > 125.x.x.x.61937: P 41:168(127) ack 719 win 49680
21:53:27.734468 IP (tos 0x0, ttl 126, id 19405, offset 0, flags [DF], proto: TCP (6), length: 77) 125.x.x.x.61937 > 172.x.x.x.1521: P 719:756(37) ack 168 win 64345
21:53:27.748270 IP (tos 0x0, ttl 53, id 46021, offset 0, flags [DF], proto: TCP (6), length: 199) 172.x.x.x.1521 > 125.x.x.x.61937: P 168:327(159) ack 756 win 49680
21:53:27.878720 IP (tos 0x0, ttl 126, id 19409, offset 0, flags [DF], proto: TCP (6), length: 1110) 125.x.x.x.61937 > 172.x.x.x.1521: P 756:1826(1070) ack 327 win 64186
21:53:28.994991 IP (tos 0x0, ttl 126, id 19443, offset 0, flags [DF], proto: TCP (6), length: 1110) 125.x.x.x.61937 > 172.x.x.x.1521: P 756:1826(1070) ack 327 win 64186
21:53:29.010680 IP (tos 0x0, ttl 53, id 46023, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x3d83 (correct), 1276:1276(0) ack 1826 win 49680
21:53:32.561849 IP (tos 0x0, ttl 53, id 46024, offset 0, flags [DF], proto: TCP (6), length: 989) 172.x.x.x.1521 > 125.x.x.x.61937: P 327:1276(949) ack 1826 win 49680
21:53:32.710661 IP (tos 0x0, ttl 126, id 19550, offset 0, flags [DF], proto: TCP (6), length: 223) 125.x.x.x.61937 > 172.x.x.x.1521: P 1826:2009(183) ack 1276 win 63237
21:53:32.724384 IP (tos 0x0, ttl 53, id 46025, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x3ccc (correct), 1276:1276(0) ack 2009 win 49680
21:53:32.732636 IP (tos 0x0, ttl 53, id 46026, offset 0, flags [DF], proto: TCP (6), length: 133) 172.x.x.x.1521 > 125.x.x.x.61937: P 1276:1369(93) ack 2009 win 49680
21:53:32.739922 IP (tos 0x0, ttl 126, id 19553, offset 0, flags [DF], proto: TCP (6), length: 947) 125.x.x.x.61937 > 172.x.x.x.1521: P 2009:2916(907) ack 1369 win 63144
21:53:32.763266 IP (tos 0x0, ttl 53, id 46027, offset 0, flags [DF], proto: TCP (6), length: 329) 172.x.x.x.1521 > 125.x.x.x.61937: P 1369:1658(289) ack 2916 win 49680
21:53:32.770925 IP (tos 0x0, ttl 126, id 19555, offset 0, flags [DF], proto: TCP (6), length: 78) 125.x.x.x.61937 > 172.x.x.x.1521: P 2916:2954(38) ack 1658 win 64512
21:53:32.784774 IP (tos 0x0, ttl 53, id 46028, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 1658:1836(178) ack 2954 win 49680
21:53:32.787455 IP (tos 0x0, ttl 126, id 19556, offset 0, flags [DF], proto: TCP (6), length: 149) 125.x.x.x.61937 > 172.x.x.x.1521: P 2954:3063(109) ack 1836 win 64334
21:53:33.478760 IP (tos 0x0, ttl 126, id 19578, offset 0, flags [DF], proto: TCP (6), length: 149) 125.x.x.x.61937 > 172.x.x.x.1521: P 2954:3063(109) ack 1836 win 64334
21:53:33.492256 IP (tos 0x0, ttl 53, id 46030, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x34ce (correct), 2268:2268(0) ack 3063 win 49680
21:53:36.820908 IP (tos 0x0, ttl 53, id 46031, offset 0, flags [DF], proto: TCP (6), length: 472) 172.x.x.x.1521 > 125.x.x.x.61937: P 1836:2268(432) ack 3063 win 49680
21:53:36.824225 IP (tos 0x0, ttl 126, id 19733, offset 0, flags [DF], proto: TCP (6), length: 57) 125.x.x.x.61937 > 172.x.x.x.1521: P 3063:3080(17) ack 2268 win 63902
21:53:36.837345 IP (tos 0x0, ttl 53, id 46032, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x34bd (correct), 2268:2268(0) ack 3080 win 49680
21:53:36.838015 IP (tos 0x0, ttl 53, id 46033, offset 0, flags [DF], proto: TCP (6), length: 110) 172.x.x.x.1521 > 125.x.x.x.61937: P 2268:2338(70) ack 3080 win 49680
21:53:36.839520 IP (tos 0x0, ttl 126, id 19734, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 3080:3119(39) ack 2338 win 63832
21:53:36.853507 IP (tos 0x0, ttl 53, id 46034, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 2338:2516(178) ack 3119 win 49680
21:53:36.855886 IP (tos 0x0, ttl 126, id 19735, offset 0, flags [DF], proto: TCP (6), length: 160) 125.x.x.x.61937 > 172.x.x.x.1521: P 3119:3239(120) ack 2516 win 63654
21:53:36.870292 IP (tos 0x0, ttl 53, id 46035, offset 0, flags [DF], proto: TCP (6), length: 99) 172.x.x.x.1521 > 125.x.x.x.61937: P 2516:2575(59) ack 3239 win 49680
21:53:36.879557 IP (tos 0x0, ttl 126, id 19738, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 3239:3278(39) ack 2575 win 63595
21:53:36.893506 IP (tos 0x0, ttl 53, id 46036, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 2575:2753(178) ack 3278 win 49680
21:53:36.895884 IP (tos 0x0, ttl 126, id 19739, offset 0, flags [DF], proto: TCP (6), length: 292) 125.x.x.x.61937 > 172.x.x.x.1521: P 3278:3530(252) ack 2753 win 63417
21:53:36.911464 IP (tos 0x0, ttl 53, id 46037, offset 0, flags [DF], proto: TCP (6), length: 305) 172.x.x.x.1521 > 125.x.x.x.61937: P 2753:3018(265) ack 3530 win 49680
21:53:36.913580 IP (tos 0x0, ttl 126, id 19740, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 3530:3569(39) ack 3018 win 63152
21:53:36.927515 IP (tos 0x0, ttl 53, id 46038, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 3018:3196(178) ack 3569 win 49680
21:53:36.938328 IP (tos 0x0, ttl 126, id 19742, offset 0, flags [DF], proto: TCP (6), length: 315) 125.x.x.x.61937 > 172.x.x.x.1521: P 3569:3844(275) ack 3196 win 64512
21:53:36.953008 IP (tos 0x0, ttl 53, id 46039, offset 0, flags [DF], proto: TCP (6), length: 183) 172.x.x.x.1521 > 125.x.x.x.61937: P 3196:3339(143) ack 3844 win 49680
21:53:36.961020 IP (tos 0x0, ttl 126, id 19743, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 3844:3883(39) ack 3339 win 64369
21:53:36.974890 IP (tos 0x0, ttl 53, id 46040, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 3339:3517(178) ack 3883 win 49680
21:53:36.977183 IP (tos 0x0, ttl 126, id 19744, offset 0, flags [DF], proto: TCP (6), length: 208) 125.x.x.x.61937 > 172.x.x.x.1521: P 3883:4051(168) ack 3517 win 64191
21:53:36.991461 IP (tos 0x0, ttl 53, id 46041, offset 0, flags [DF], proto: TCP (6), length: 110) 172.x.x.x.1521 > 125.x.x.x.61937: P 3517:3587(70) ack 4051 win 49680
21:53:36.993439 IP (tos 0x0, ttl 126, id 19747, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 4051:4090(39) ack 3587 win 64121
21:53:37.007199 IP (tos 0x0, ttl 53, id 46042, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 3587:3765(178) ack 4090 win 49680
21:53:37.011239 IP (tos 0x0, ttl 126, id 19748, offset 0, flags [DF], proto: TCP (6), length: 183) 125.x.x.x.61937 > 172.x.x.x.1521: P 4090:4233(143) ack 3765 win 63943
21:53:37.025767 IP (tos 0x0, ttl 53, id 46043, offset 0, flags [DF], proto: TCP (6), length: 210) 172.x.x.x.1521 > 125.x.x.x.61937: P 3765:3935(170) ack 4233 win 49680
21:53:37.027455 IP (tos 0x0, ttl 126, id 19750, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 4233:4272(39) ack 3935 win 63773
21:53:37.041382 IP (tos 0x0, ttl 53, id 46044, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 3935:4113(178) ack 4272 win 49680
21:53:37.044708 IP (tos 0x0, ttl 126, id 19751, offset 0, flags [DF], proto: TCP (6), length: 75) 125.x.x.x.61937 > 172.x.x.x.1521: P 4272:4307(35) ack 4113 win 63595
21:53:37.058388 IP (tos 0x0, ttl 53, id 46045, offset 0, flags [DF], proto: TCP (6), length: 56) 172.x.x.x.1521 > 125.x.x.x.61937: P 4113:4129(16) ack 4307 win 49680
21:53:37.060398 IP (tos 0x0, ttl 126, id 19752, offset 0, flags [DF], proto: TCP (6), length: 75) 125.x.x.x.61937 > 172.x.x.x.1521: P 4307:4342(35) ack 4129 win 63579
21:53:37.073926 IP (tos 0x0, ttl 53, id 46046, offset 0, flags [DF], proto: TCP (6), length: 56) 172.x.x.x.1521 > 125.x.x.x.61937: P 4129:4145(16) ack 4342 win 49680
21:53:37.088056 IP (tos 0x0, ttl 126, id 19753, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: ., cksum 0xf23e (correct), 4342:4342(0) ack 4145 win 63563
21:53:56.309909 IP (tos 0x0, ttl 126, id 20509, offset 0, flags [DF], proto: TCP (6), length: 176) 125.x.x.x.61937 > 172.x.x.x.1521: P 4342:4478(136) ack 4145 win 63563
21:53:56.325783 IP (tos 0x0, ttl 53, id 46047, offset 0, flags [DF], proto: TCP (6), length: 398) 172.x.x.x.1521 > 125.x.x.x.61937: P 4145:4503(358) ack 4478 win 49680
21:53:56.329152 IP (tos 0x0, ttl 126, id 20511, offset 0, flags [DF], proto: TCP (6), length: 57) 125.x.x.x.61937 > 172.x.x.x.1521: P 4478:4495(17) ack 4503 win 63205
21:53:56.557234 IP (tos 0x0, ttl 126, id 20519, offset 0, flags [DF], proto: TCP (6), length: 57) 125.x.x.x.61937 > 172.x.x.x.1521: P 4478:4495(17) ack 4503 win 63205
21:53:56.570496 IP (tos 0x0, ttl 53, id 46049, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x24ea (correct), 4904:4904(0) ack 4495 win 49680
21:53:58.561449 IP (tos 0x0, ttl 53, id 46051, offset 0, flags [DF], proto: TCP (6), length: 441) 172.x.x.x.1521 > 125.x.x.x.61937: P 4503:4904(401) ack 4495 win 49680
21:53:58.602228 IP (tos 0x0, ttl 126, id 20579, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 4495:4534(39) ack 4904 win 64512
21:53:58.615281 IP (tos 0x0, ttl 53, id 46052, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x24c3 (correct), 4904:4904(0) ack 4534 win 49680
21:53:58.616571 IP (tos 0x0, ttl 53, id 46053, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 4904:5082(178) ack 4534 win 49680
21:53:58.745531 IP (tos 0x0, ttl 126, id 20584, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: ., cksum 0xead2 (correct), 4534:4534(0) ack 5082 win 64334
21:54:01.476582 IP (tos 0x0, ttl 126, id 20707, offset 0, flags [DF], proto: TCP (6), length: 53) 125.x.x.x.61937 > 172.x.x.x.1521: P 4534:4547(13) ack 5082 win 64334
21:54:01.492998 IP (tos 0x0, ttl 53, id 46054, offset 0, flags [DF], proto: TCP (6), length: 53) 172.x.x.x.1521 > 125.x.x.x.61937: P 5082:5095(13) ack 4547 win 49680
21:54:01.499924 IP (tos 0x0, ttl 126, id 20709, offset 0, flags [DF], proto: TCP (6), length: 50) 125.x.x.x.61937 > 172.x.x.x.1521: P, cksum 0xe469 (correct), 4547:4557(10) ack 5095 win 64321
21:54:01.500558 IP (tos 0x0, ttl 126, id 20710, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: F, cksum 0xeaba (correct), 4557:4557(0) ack 5095 win 64321
21:54:01.513561 IP (tos 0x0, ttl 53, id 46055, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: F, cksum 0x23ec (correct), 5095:5095(0) ack 4557 win 49680
21:54:01.513628 IP (tos 0x0, ttl 53, id 46056, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x23eb (correct), 5096:5096(0) ack 4558 win 49680
21:54:01.514175 IP (tos 0x0, ttl 126, id 20713, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: ., cksum 0xeab9 (correct), 4558:4558(0) ack 5096 win 64321The above is obviously fine, but it's really quite strange. I can get the Oracle 9 queries to hang if I select over 7 rows (8 being the point at which it dies).
So I can run
Sqlplus user/[email protected]
Select * from <blah> where rownum < 7;Over and over again, as many times as I like without issue.
But!.. As soon as I run
Sqlplus user/[email protected]
Select * from <blah> where rownum < 8;The session will hang, and from a network perspective there are no packets being transferred in either direction. It looks exactly like the Oracle 11 session in that the session is still ESTABLISHED from a client perspective but no data is flowing in either direction..
Does anyone have any idea why '8' is the magic number that would be causing it to hang? I'm really stuggling to see from a network perspective how this may be occuring, as above the TCPDump looks clean.
Unfortunately I don't have access do a dump on the client/server itself however, just on the network path. I guess that may be where we need to be looking next.
Thanks for the ideas so far all, much appreciated.
Josh. -
Hi,
I would like to start a discussion for one strange problem that I encountered in my company. Four Notebooks with Windows 7 x64 Enterprise SP1 versions all of a sudden after 1-2-3hours period cannot open any webpage trough any browser (IE,FF, Chrome) but
everything is pingable via command prompt. We made sure that it is not a DNS problem, whole network is functioning properly.
After one college called me because of the problem described above I started to dig trough the active processes that were running in that moment and slui.exe caught my attention because it was unusual for me to see that process even running. The process
itself is very small, only 54k. And starting folder is located in userprofile\AppData\Roaming\DNCache folder, in there are a couple of files (see picture bellow). That is not a location for slui.exe in my humble opionion, slui.exe resides in System32 folder.
You cannot delete the folder because it is being used, even with file unlocker it won't let you delete it. I went to SAFE mode and deleted it. Also in safe mode run msconfig and clear out any files that have "Unknown" manufacturer and start with
d..something, sorry cannot remember the correct name, but are the same as in DNCache folder. Our company uses Microsoft Forefront for protection. I am now waiting to see if I have solved the issue.
Could that be somekind of a virus/malware?
Thanks,Hi,
Based on m research, “suli.exe” has not been recorded into MS data. It may be not a virus.
Best Regards
Quan Gu -
How do I manually remove an installed program (possible fishing Virus)?
So I downloaded an app from this site but I can't seem to find it, is it possible that I've contracted a phishing virus, if so what are the steps i should take to remove it?
http://mac.softpedia.com/progViewOpinions/Cheat-Engine-91967,.htmlWhat's that thing, Cheat Engine 5.6.1 for Mac?
Did you just download it or did you actually install the package?
The package installer looks like this when it opens:
The spelling errors alone are sort of entertaining.
Clicking Read License results in no action. Since I am unwilling to consent to something I cannot read, I hit Disagree and that was that.
The next step will ask for your user name and password, after which it will do... what? Who knows, but no right-minded person should acquiesce to unknown modifications of a computer, unless it's already running Windows, in which case it's already messed up and this sort of behaviour is normal.
If you didn't actually install it, just forget you ever saw this thing and get on with your life. No harm done. -
Possible email virus ???
My wife received an email from a friend titled "this is a painting not a picture"
There was no text in the email and she opened the attachment.
A few minutes later she said her mouse was gone from the screen and could do nothing. Even trying to power off using the button behind the screen had no effect..The only thing I could do was to disconnect the power cord from the wall.
We then seemed to be able to operate normally, but since then {about a week ago} the same thing happened, no mouse and unplugging from the wall was the only fix.
Also last night she attempted to send an email and it would not send so she quit the computer by putting it to sleep I think.
This morning I attempted to wake up the computer and it would not respond, so unplugging was the only fix .
When I got into her email there was no email in here "sent" folder but in her "in box" she had many many copies sent to herself that said they were "from" auto.response..
Then she received a message from the person whom she had tried to send the email to indicating that they had received her email and 20+ copies of it.
I updated all the latest apple software this morning and installed "mac scan" trojan remover plus I Installed "iAntiVirus" and found nothing with either scanner
I wonder if any one else had a similar problem.
Also I asked my wife what the "PICTURE" looked like when she opened it.She said it had a black background and some sort of necklace and maybe flowers....
It sure sounds to me like she opened a nasty virus.
Snowed one...Welcome to Apple Discussions!
This is what is known as a trojan horse, not a virus. Viruses are self-replicating without any user interaction. The fact she had to open the e-mail to make it do what it did, says it was strictly an e-mail virus. It is possible that what happened, is that by clicking on some link within the e-mail, it ended up confirming her e-mail address, and then the e-mail program, which already might have been set to instantly replicate the contents of the inbox got overwhelmed with the spam that was sent.
Do not, under any circumstance open e-mail from an unknown source.
She should also make sure her friends do not do the same. Because it is also possible, that your wife was not the originator of this virus, but rather her friend, and more likely. Your wife's e-mail address in the friend's digital addressbook might have been compromised and sent to a spammer, and then self replicated on the friend's machine to send to your wife.
Do not allow e-mail to replicate its contents automatically more than once every 5 minutes. Tell your friends to use BCC when mass e-mailing, as well as your wife, and not CC, to avoid showing the addressbook to everyone in the list. Otherwise other spam viruses might be spread. -
Can a Mac be harmful to a Windows network (viruses?)
Hi, my IT states (we are 5 Macs in a Windows network) that a Mac connected to the windows network and to internet can be harmful (it can infect the windows network with viruses and trojan horses)
Is it true?There are exactly 3 threats posed by Macs running on a mostly Windows network:
1: a Mac without a virus scanner may receive infected attachments, not notice, and copy them to file shares. So get a virus scanner.
2: Windows running on a Mac through Parallels or VMWare is just as vulnerable to infection as any other PC. So get a virus scanner.
3: Windows-using coworkers may see how nice your Macs are and want to switch. This threatens the job security of IT staffers who only know Windows.
Maybe you are looking for
-
Problem with JavaScript snipet that DreamWeaver is writing
I am having a problem with code that DreamWeaver (CS3) is writing. I'm fairly certain the problem is in a small piece of JavaScript that DreamWeaver is composing. This is a fairly complex problem, so bear with me. First - What I am trying to make hap
-
Hi All, We have successfully up-grade Obiee 10.1.3.4.1 to Obiee 11.1.1.5.0. After upgrade we found below error for few reports in 11g. Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P *State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A
-
Help with buttons accessing loaded layers
Hi all...Using Flash CS3 and AS3 to build a learning module that will load different layers of SWF files based on buttons on the main screen. Got this working with no problems. What I want to do is add buttons to provide learners some functionality
-
Iphoto crashed after upgrade to cloud.
Iphoto produced error messages after upgrade to use icloud. After posting the first images to cloud iphoto crashed on the mac and produced a long error message. The error message stopped after I disabled photostream but now I cant upload photos from
-
Java timeout settings in EBS 11i
Hello, We have a requirement to increase the java timeout settings. I understand that we have different files like zone.properties, etc., and some other files to modify java settings. These settings will modify the setings for all the jsp's. But, I w