Possible network virus?

Similar Messages

• SAP-Basis System: 1 possible network problems detected - check tracefile

  Dear Gurus,
  I am getting this error in syslog in MMC for ECC 6.0 on windows with db2.
  SAP-Basis System: > 1 possible network problems detected - check tracefile and adjust.
  Regards
  Rao.

  hi,
  can you look at this
  [http://sapbasisnotes.blogspot.com/2009/05/sap-startup-problems-in-windows.html]
  Regards,
  Muralidhar

• FS[3988]: Possible network disconnect with primary database

  Hi All,
  In the standby database alert log I'm getting the below error:
  Thu Feb 10 11:09:10 2011
  RFS[3971]: Possible network disconnect with primary database
  Thu Feb 10 11:10:11 2011
  RFS[3976]: Possible network disconnect with primary database
  Thu Feb 10 11:11:12 2011
  RFS[3979]: Possible network disconnect with primary database
  Thu Feb 10 11:12:13 2011
  RFS[3982]: Possible network disconnect with primary database
  Thu Feb 10 11:13:15 2011
  RFS[3985]: Possible network disconnect with primary database
  There is no error in the primary database regarding this.
  And after this no archive logs are being pushed to the standby database.
  In V$ARCHIVE_DEST_STATUS view the column synchronizaion_status says CHECK NETWORK for dest_name LOG_ARCHIVE_DEST_2
  Please advice.
  Thanks.
  Regards,
  Ashwani N.

  Both messages look crystal clear to me.
  Did you check the network?
  If not, why not?
  Your posting history here is a bit appalling
  823436      
       Newbie
  Handle:      823436
  Status Level:      Newbie
  Registered:      Dec 24, 2010
  Total Posts:      28
  Total Questions:      9 (7 unresolved)
  Sybrand Bakker
  Senior Oracle DBA

• Email message rejected for possible spam/virus content

  When I do a Reply All on an email that includes my own Mail email address in the recipient list, the reply is delivered to everyone but me.  I get a [email protected] email with a Diagnostic code: "smtp;553 5.3.0 17.158.232.236 Your message was rejected for possible spam/virus content.Please ask your email provider to visithttp://emailadmin.registeredsite.com for resolution." 
  This never happened before.  The only thing that has changed on my system is that I have recently installed Webroot SecureAnywhere antivirus.  Any ideas?

  I suggest you contact godaddy for some support using their mail service.

• Standby database,Possible network disconnect with primary database

  Hello
  I have a database on linux with standby configured on different server with same os and database version.When i was about clone primary database through OEM,it stuck in the middle and popup for recovery. I restored and recover whole database. Then, the alert log on the standby database shows this error.
  Possible network disconnect with primary database.
  I checked standby databsase,listener is up & running. But archive files are getting into standby database.
  What should i do now? Please anybody can put some light on this.
  Thanks
  Ariz

  Is there anything in the primary alert log? Can you tnsping the standby instance from the primary server, and the primary instance from the standby server?

• Basis System: 2 possible network problems detected - check tracefile

  Hi Experts,
  I have installed a a Netweaver 7.01 when i start the server throught MMC
  first the dispatcher show the message as unable to reach teh message server
  but where as message server is running successfully.
  after few seconds it shows the status Stopped
  Below is my trace please help me to solve this issue.
  Thanks,
  Veeru.
  trc file: "dev_disp", trc level: 1, release: "700"
  sysno      00
  sid        NSP
  systemid   560 (PC with Windows NT)
  relno      7000
  patchlevel 0
  patchno    95
  intno      20050900
  make:      multithreaded, ASCII, optimized
  pid        3892
  Wed Jan 14 05:46:37 2009
  kernel runs with dp version 224(ext=109) (@(#) DPLIB-INT-VERSION-224)
  length of sys_adm_ext is 360 bytes
  SWITCH TRC-HIDE on ***
  ***LOG Q00=> DpSapEnvInit, DPStart (00 3892) [dpxxdisp.c   1239]
       shared lib "dw_xml.dll" version 95 successfully loaded
       shared lib "dw_xtc.dll" version 95 successfully loaded
       shared lib "dw_stl.dll" version 95 successfully loaded
       shared lib "dw_gui.dll" version 95 successfully loaded
       shared lib "dw_mdm.dll" version 95 successfully loaded
  rdisp/softcancel_sequence :  -> 0,5,-1
  use internal message server connection to port 3900
  Wed Jan 14 05:46:39 2009
  WARNING => DpNetCheck: NiHostToAddr(www.doesnotexist0121.qqq.nxst) took 2 seconds
  Wed Jan 14 05:46:44 2009
  WARNING => DpNetCheck: NiAddrToHost(1.0.0.0) took 5 seconds
  ***LOG GZZ=> 2 possible network problems detected - check tracefile and adjust the DNS settings [dpxxtool2.c  5355]
  MtxInit: 30000 0 0
  DpSysAdmExtInit: ABAP is active
  DpSysAdmExtInit: VMC (JAVA VM in WP) is not active
  DpIPCInit2: start server >Veeru_NSP_00                            <
  DpShMCreate: sizeof(wp_adm)          6328     (904)
  DpShMCreate: sizeof(tm_adm)          3605136     (17936)
  DpShMCreate: sizeof(wp_ca_adm)          1200     (60)
  DpShMCreate: sizeof(appc_ca_adm)     1200     (60)
  DpCommTableSize: max/headSize/ftSize/tableSize=500/8/528040/528048
  DpShMCreate: sizeof(comm_adm)          528048     (1048)
  DpSlockTableSize: max/headSize/ftSize/fiSize/tableSize=0/0/0/0/0
  DpShMCreate: sizeof(slock_adm)          0     (96)
  DpFileTableSize: max/headSize/ftSize/tableSize=0/0/0/0
  DpShMCreate: sizeof(file_adm)          0     (72)
  DpShMCreate: sizeof(vmc_adm)          0     (1280)
  DpShMCreate: sizeof(wall_adm)          (22440/34344/56/100)
  DpShMCreate: sizeof(gw_adm)     48
  DpShMCreate: SHM_DP_ADM_KEY          (addr: 04ED0040, size: 4205552)
  DpShMCreate: allocated sys_adm at 04ED0040
  DpShMCreate: allocated wp_adm at 04ED1A28
  DpShMCreate: allocated tm_adm_list at 04ED32E0
  DpShMCreate: allocated tm_adm at 04ED3310
  DpShMCreate: allocated wp_ca_adm at 052435A0
  DpShMCreate: allocated appc_ca_adm at 05243A50
  DpShMCreate: allocated comm_adm at 05243F00
  DpShMCreate: system runs without slock table
  DpShMCreate: system runs without file table
  DpShMCreate: allocated vmc_adm_list at 052C4DB0
  DpShMCreate: allocated gw_adm at 052C4DF0
  DpShMCreate: system runs without vmc_adm
  DpShMCreate: allocated ca_info at 052C4E20
  DpShMCreate: allocated wall_adm at 052C4E28
  MBUF state OFF
  DpCommInitTable: init table for 500 entries
  Wed Jan 14 05:46:50 2009
  EmInit: MmSetImplementation( 2 ).
  MM global diagnostic options set: 0
  <ES> client 0 initializing ....
  <ES> InitFreeList
  <ES> block size is 1024 kByte.
  Using implementation view
  <EsNT> Memory Reset disabled as NT default
  ERROR => <EsNT> NTGetBaseAddress failed, no free region [esnti.c      1450]
  Error 15 while initializing OS dependent part.
  ERROR => DpEmInit: EmInit (1) [dpxxdisp.c   9556]
  ERROR => DpMemInit: DpEmInit (-1) [dpxxdisp.c   9485]
  DP_FATAL_ERROR => DpSapEnvInit: DpMemInit
  DISPATCHER EMERGENCY SHUTDOWN ***
  increase tracelevel of WPs
  NiWait: sleep (10000ms) ...
  NiISelect: timeout 10000ms
  NiISelect: maximum fd=1
  NiISelect: read-mask is NULL
  NiISelect: write-mask is NULL
  Wed Jan 14 05:47:00 2009
  NiISelect: TIMEOUT occured (10000ms)
  dump system status
  Workprocess Table (long)               Tue Jan 13 21:47:00 2009
  ========================
  No Ty. Pid      Status  Cause Start Err Sem CPU    Time  Program  Cl  User         Action                    Table
  ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c     785]
  0 ?         -1 Free          no      0   0             0                                                             
  ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c     785]
  1 ?         -1 Free          no      0   0             0                                                             
  ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c     785]
  2 ?         -1 Free          no      0   0             0                                                             
  ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c     785]
  3 ?         -1 Free          no      0   0             0                                                             
  ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c     785]
  4 ?         -1 Free          no      0   0             0                                                             
  ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c     785]
  5 ?         -1 Free          no      0   0             0                                                             
  ERROR => DpRqTxt: bad rqtype -1 [dpxxrq.c     785]
  6 ?         -1 Free          no      0   0             0                                                             
  Dispatcher Queue Statistics               Tue Jan 13 21:47:00 2009
  ===========================
  --------++++--
  +
  Typ
  now
  high
  max
  writes
  reads
  --------++++--
  +
  NOWP
  0
  0
  2000
  0
  0
  --------++++--
  +
  DIA
  0
  0
  2000
  0
  0
  --------++++--
  +
  UPD
  0
  0
  2000
  0
  0
  --------++++--
  +
  ENQ
  0
  0
  2000
  0
  0
  --------++++--
  +
  BTC
  0
  0
  2000
  0
  0
  --------++++--
  +
  SPO
  0
  0
  2000
  0
  0
  --------++++--
  +
  UP2
  0
  0
  2000
  0
  0
  --------++++--
  +
  max_rq_id          0
  wake_evt_udp_now     0
  wake events           total     0,  udp     0 (  0%),  shm     0 (  0%)
  since last update     total     0,  udp     0 (  0%),  shm     0 (  0%)
  Dump of tm_adm structure:               Tue Jan 13 21:47:00 2009
  =========================
  Term    uid  man user    term   lastop  mod wp  ta   a/i (modes)
  Workprocess Comm. Area Blocks               Tue Jan 13 21:47:00 2009
  =============================
  Slots: 20, Used: 0, Max: 0
  --------++--
  +
  id
  owner
  pid
  eyecatcher
  --------++--
  +
  NiWait: sleep (5000ms) ...
  NiISelect: timeout 5000ms
  NiISelect: maximum fd=1
  NiISelect: read-mask is NULL
  NiISelect: write-mask is NULL
  Wed Jan 14 05:47:05 2009
  NiISelect: TIMEOUT occured (5000ms)
  DpHalt: shutdown server >Veeru_NSP_00                            < (normal)
  DpJ2eeDisableRestart
  Switch off Shared memory profiling
  ShmProtect( 57, 3 )
  ShmProtect(SHM_PROFILE, SHM_PROT_RW
  ShmProtect( 57, 1 )
  ShmProtect(SHM_PROFILE, SHM_PROT_RD
  DpWakeUpWps: wake up all wp's
  Stop work processes
  Terminate gui connections
  wait for end of work processes
  not attached to the message server
  cleanup EM
  EsCleanup ....
  EmCleanup() -> 0
  Es2Cleanup: Cleanup ES2
  Wed Jan 14 05:47:06 2009
  ***LOG Q05=> DpHalt, DPStop ( 3892) [dpxxdisp.c   10333]
  Good Bye .....

  Hi Eric,
  Actually in my NSP_DVEBMS00_VEERU thePHYS_MEMSIZE  is set to 128
  So.....
  Do i need to change in the here below file.....:
  If yes wht shall i change it to ?
  Template for ABAP SID_INSTANCE_HOST
  SAPSYSTEMNAME = NSP
  SAPGLOBALHOST = Veeru
  SAPSYSTEM = 00
  INSTANCE_NAME = DVEBMGS00
  DIR_EXECUTABLE = C:\SAP\NSP\SYS\exe\run
  DIR_CT_RUN = C:\SAP\NSP\SYS\exe\run
  Instance runs without sapmnt saploc shares
  DIR_INSTANCE = C:\SAP\NSP\DVEBMGS00
  DIR_INSTALL = C:\SAP\NSP\SYS
  DIR_HOME = $(DIR_INSTANCE)\work
  DIR_GLOBAL = C:\SAP\NSP\SYS\global
  PHYS_MEMSIZE = 128
  rdisp/wp_no_dia = 3
  rdisp/wp_no_btc = 1
  icm/server_port_0 = PROT=HTTP,PORT=80$$
  SAP Messaging Service parameters are set in the DEFAULT.PFL
  ms/server_port_0 = PROT=HTTP,PORT=81$$
  rdisp/wp_no_enq = 1
  rdisp/wp_no_vb = 1
  rdisp/wp_no_spo = 1
  rdisp/enqname = Veeru_NSP_00
  rdisp/myname = Veeru_NSP_00
  abap/buffersize = 100000
  alert/MONI_SEGM_SIZE = 0
  enque/table_size = 2000
  rspo/local_print/method = 2
  rsdb/ntab/entrycount = 5000
  rsdb/ntab/ftabsize = 3000
  rsdb/ntab/sntabsize = 100
  rsdb/ntab/irbdsize = 1000
  rsdb/cua/buffersize = 500
  rsdb/obj/buffersize = 2048
  rsdb/obj/max_objects = 500
  rsdb/otr/buffersize_kb = 1000
  rsts/ccc/cachesize = 6000000
  rtbb/buffer_length = 500
  rtbb/max_tables = 50
  sap/bufdir_entries = 200
  zcsa/installed_languages = ED
  zcsa/presentation_buffer_area = 350000
  zcsa/calendar_area = 300000
  zcsa/table_buffer_area = 3000000
  zcsa/db_max_buftab = 500
  ztta/roll_area = 1000000
  ztta/diag_area = 128000
  ztta/dynpro_area = 150000
  ztta/cua_area = 250000
  rdisp/PG_SHM = 100
  rdisp/ROLL_SHM = 100
  rdisp/autoabaptime = 0
  rdisp/bufrefmode = sendoff,exeoff
  rdisp/wp_ca_blk_no = 20
  rdisp/appc_ca_blk_no = 20
  rdisp/max_wprun_time = 300
  icm/min_threads = 5
  icm/max_threads = 10
  icm/max_conn = 20
  icm/host_name_full = localhost
  mpi/total_size_MB = 10
  auth/new_buffering = 1
  sapgui/user_scripting = TRUE
  ssf/name = SAPSECULIB
  ssf/ssfapi_lib = $(DIR_CT_RUN)\sapsecu.dll
  sec/libsapsecu = $(DIR_CT_RUN)\sapsecu.dll
  login/create_sso2_ticket = 2
  login/accept_sso2_ticket = 1
  login/ticket_only_to_host = 1
  rsdb/dbid = NSP
  dbs/ada/schema = SAPNSP

• RFS[2647]: Possible network disconnect with primary database

  Hi Guys,
  I am working as a L1 DBA in my project. We have a 3node RAC database 11.2.0.1.0 and the standby database was in sink with production till yesterday. Suddenly we realized that out primary and standby is not in sink.. Logs are shipped from primary but it is not applying in standby. While checking the alertlog I can see these errors.
  RFS[2649]: Assigned to RFS process 23250
  RFS[2649]: Identified database type as 'physical standby': Client is ARCH pid 16573
  Mon Jul 23 11:55:42 2012
  RFS[2647]: Possible network disconnect with primary database
  I have performed a media recovery but still I am facing the above errors. I thought earlier that there might be some network issue but we can ping the service names from both the primary and standby.
  Can you please suggest me the steps that I can go through and fix this issue.
  Regards,
  Arijit

  937670 wrote:
  Hi Guys,
  I am working as a L1 DBA in my project. We have a 3node RAC database 11.2.0.1.0 and the standby database was in sink with production till yesterday. Suddenly we realized that out primary and standby is not in sink.. Logs are shipped from primary but it is not applying in standby. While checking the alertlog I can see these errors.
  RFS[2649]: Assigned to RFS process 23250
  RFS[2649]: Identified database type as 'physical standby': Client is ARCH pid 16573
  Mon Jul 23 11:55:42 2012
  RFS[2647]: Possible network disconnect with primary database
  I have performed a media recovery but still I am facing the above errors. I thought earlier that there might be some network issue but we can ping the service names from both the primary and standby.
  Can you please suggest me the steps that I can go through and fix this issue.
  Regards,
  ArijitLops may shipping of other node, can you check it is able to receive archives from all the nodes? May be you having issue from one node.
  also there would be network disconnect for some time, its usually happens, if not can you query below output from primary
  SQL> select message,error_code,to_char(timestamp,'DD-MON-YYYY HH24:MI:SS') from v$dataguard_status where dest_id=2;

• ARCH: Possible network disconnect with primary database

  Dear buddies,
  My database has a primary database which has a few sub databases.
  They are in different servers.
  One of the sub database has this error in the alert log everyday during backup time.
  But finally the backup is successful.
  Is this a network problem?
  Please guide me.
  Thanks in advance.

  user645399 wrote:
  Dear SB:
  THis is the error I come across once in a while in my alert log:
  ARCH: Possible network disconnect with primary database
  post
  select FACILITY,SEVERITY,MESSAGE_NUM,ERROR_CODE,CALLOUT,to_char(timestamp,'DD-MON-YYYY HH24:MI:SS'),MESSAGE from v$dataguard_status where dest_id=2;
  sample
  SQL> select FACILITY,SEVERITY,MESSAGE_NUM,ERROR_CODE,CALLOUT,to_char(timestamp,'DD-MON-YYYY HH24:MI:SS'),MESSAGE from v$dataguard_status where dest_id=2;
  FACILITY                 SEVERITY      MESSAGE_NUM ERROR_CODE CAL TO_CHAR(TIMESTAMP,'D MESSAGE
  Log Transport Services   Error              312410       3135 YES 27-JUL-2011 05:01:51 NSA:  Error 3135 archiving log 5 to 'stby'
  Log Transport Services   Error              312539       3135 YES 27-JUL-2011 16:56:40 NSA:  Error 3135 archiving log 7 to 'stby'
  SQL>

• Time Capsule Problems - Possibly Anti Virus Related?

  I have had a 500gb Time Capsule for several months and despite several calls to tech support, I have not been able to get it to properly back up.
  Could it possible be related to the McAfee anti virus software that I have running?
  The backup will start.. but never reach completion before locking up the system.
  Anyone have similar problems?
  Thanks!

  v5.7 is the latest firmware for your AEB 802.11g.
  v7.3.2 is the latest firmware for the TC.
  You should probably do these simple maintenance tasks:
  Simple Maintenance Tasks:
  1. Repair Permissions - /Applications/Utilities/Disk Utility.app. Start Disk Utility, select your HD and click on Repair Permissions. When finished, quit Disk Utility and then restart your computer.
  2. Reset PRAM - hold down Option-Command-P-R keys when starting until you hear the startup chime a 2nd time.
  3. Safe Mode Startup - hold down the Shift-key at startup until you see the login screen. When logged-in, then go to System Preferences/Network/AirPort
  - click on the 'Network Name:' roll-button, select 'Join Other Network...', enter 'Network Name and select the security type you are using, and finally, enter your Password and click 'Join'.
  - click on 'Advanced', TCP/IP and confirm that 'Configure IPv4:' is set to 'Using DHCP', click 'OK'.
  - click the 'Apply' button and exit System Preferences.
  Make sure you separate the AirPort Base Station and the wireless phone by as large a distance as you can.
  You could enact Interference Robustness, but it will reduce the range of your AirPort base station:
  1. Open AirPort Utility, select the AirPort Base Station (main) and click on 'Manual Setup'.
  2. Click on 'Wireless' tab and click 'Wireless Options'.
  3. Tick 'Use interference robustness, click 'Done', and click 'Update'.
  4. Wait for ABS to restart. Restart your computer and test.

• Possible DNS virus - started 3 days ago with typing sounds (I'm not typing)

  Today when I powered up, the message "another device is using your IP address. . ."
  I'm thinking a virus has setup my mac to create a DNS on some website.
  I Googled this, and read that some XXX sites can put sounds of typing on your mac,
  but I'm there only user on my Mac, and XXX sites are not my bailiwick, so that
  couldn't be the source on this machine.
  I don't have malware detection software, so how do I resolve this? Anybody else
  out there experience this?

  I think you're looking in completely the wrong area.
  I'm thinking a virus has setup my mac to create a DNS on some website.
  That sentence doesn't even make sense to me. It certainly doesn't relate to:
  Today when I powered up, the message "another device is using your IP address. . ."
  This message means exactly what it says - there is another device on your network using the same IP address. IP addresses are required to be unique within a LAN, so you cannot have two machines using the same IP address.
  What this is telling you is that there's another device on your network using the same IP address your machine is trying to use. The causes are many - it could be as simple as a misconfigured DHCP server, your machine being misconfigured, another device on your network being misconfigured, or a rogue device that's somehow joined your network. Note that only one of those four scenarios is in any way suspicious.
  You need to look at your network to see what devices are attached. Bear in mind that many devices nowadays have a LAN or internet connection, so consider your printer, AppleTV, XBox/PS3/Wii, your TV, your DVD player, your phone... heck, even some refrigerators nowadays have network connections.
  If you have a wireless network it's also possible that someone's joined your network by guessing your encryption key (you are using a WPA-protected network, right?). Your router admin page/app should give you a list of who's connected.
  If the rogue device is a wireless device then consider changing your network password on the base station and all valid devices - that should lock him out (until he guesses the password again, so make sure it's a strong one).

• Possible network issues preventing successful application data transfer?

  Hello all.
  We are having a few issues with a specific set up here at work involving Oracle 11, and Oracle 9 databases and I was hoping someone with a fair idea of how Oracle configurations work when it comes to network connectivity and data transfer would mind sharing their opinion on the matter.
  First off, a bit of background. I'm a network security engineer by trade and my experience when it comes to the application side of things, specifically databases is inherently weak; so I apologise if my terminology or logic is slightly off here.
  Basically what I'm trying to determine is where a fault lies between our users using a terminal server and a remote Oracle SQL database that should service their requests.
  The problem lies wherein the user will utilise the 'sqlplus' application invoked from a Windows command prompt window, and expect to be able login and query a database. I believe we have two versions available to use, version 9 which is not actually in production but able to be used for testing and version 11 which is active in production.
  When accessing Oracle 11 servers will hang where we expect to see a successful connection followed by a healthy looking "SQL>" prompt data transfer appears to stall as follows:
  C:\>sqlplus username/[email protected]
  SQL*Plus: Release 10.2.0.1.0 - Production on Wed Sep 22 18:12:17 2010
  Copyright (c) 1982, 2005, Oracle.  All rights reserved.
  *hangs here*If we try on the Oracle 9 setup things look fine initially:
  C:\>sqlplus username/[email protected]
  SQL*Plus: Release 10.2.0.1.0 - Production on Wed Sep 22 18:19:20 2010
  Copyright (c) 1982, 2005, Oracle.  All rights reserved.
  Connected to:
  Oracle9i Enterprise Edition Release 9.2.0.6.0 - Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.6.0 - ProductionHowever once connected to the Oracle 9 box; if we run a query similar to:
  sqlplus username/[email protected]
  select * from <database> where rownum < 10;This will again hang.
  That said however, if we try and run a query similar to:
  sqlplus username/[email protected]
  select * from <database> where rownum < 5;This will return 4 rows of usable data, without issue.
  Our systems engineer provided me with a SQLNET trace from the server side and believes he's identified where it occurs:
  [21-SEP-2010 16:06:42:989] nsdo: entry
  [21-SEP-2010 16:06:42:989] nsdo: cid=0, opcode=85, *bl=0, *what=0, uflgs=0x0, cflgs=0x3
  [21-SEP-2010 16:06:42:989] nsdo: rank=64, nsctxrnk=0
  [21-SEP-2010 16:06:42:990] nsdo: nsctx: state=8, flg=0x420c, mvd=0
  [21-SEP-2010 16:06:42:990] nsdo: gtn=156, gtc=156, ptn=10, ptc=2011
  [21-SEP-2010 16:06:42:990] nsdo: switching to application buffer
  [21-SEP-2010 16:06:42:990] nsrdr: entry
  [21-SEP-2010 16:06:42:990] nsrdr: recving a packet
  [21-SEP-2010 16:06:42:990] nsprecv: entry
  [21-SEP-2010 16:06:42:990] nsprecv: reading from transport...
  [21-SEP-2010 16:06:42:990] nttrd: entry
  #    HANG OCCURS HERE
  [21-SEP-2010 16:10:13:347] ntt2err: entry
  [21-SEP-2010 16:10:13:347] ntt2err: soc 25 error - operation=5, ntresnt[0]=517, ntresnt[1]=131, ntresnt[2]=0
  [21-SEP-2010 16:10:13:347] ntt2err: exit
  [21-SEP-2010 16:10:13:347] nttrd: exit
  [21-SEP-2010 16:10:13:347] nsprecv: transport read error
  [21-SEP-2010 16:10:13:347] nsprecv: error exit
  [21-SEP-2010 16:10:13:347] nserror: entry
  [21-SEP-2010 16:10:13:347] nserror: nsres: id=0, op=68, ns=12547, ns2=12560; nt[0]=517, nt[1]=131, nt[2]=0; ora[0]=0, ora[1]=0, ora[2]=0
  [21-SEP-2010 16:10:13:348] nsrdr: error exit
  [21-SEP-2010 16:10:13:348] nsdo: nsctxrnk=0
  [21-SEP-2010 16:10:13:348] nsdo: error exit
  [21-SEP-2010 16:10:13:348] nioqrc:  wanted 1 got 0, type 0
  [21-SEP-2010 16:10:13:348] nioqper:  error from nioqrc
  [21-SEP-2010 16:10:13:348] nioqper:    nr err code: 0
  [21-SEP-2010 16:10:13:348] nioqper:    ns main err code: 12547
  [21-SEP-2010 16:10:13:348] nioqper:    ns (2)  err code: 12560
  [21-SEP-2010 16:10:13:348] nioqper:    nt main err code: 517
  [21-SEP-2010 16:10:13:348] nioqper:    nt (2)  err code: 131
  [21-SEP-2010 16:10:13:349] nioqper:    nt OS   err code: 0
  [21-SEP-2010 16:10:13:349] nioqer: entry
  [21-SEP-2010 16:10:13:349] nioqer:  incoming err = 12151
  [21-SEP-2010 16:10:13:349] nioqce: entry
  [21-SEP-2010 16:10:13:349] nioqce: exit
  [21-SEP-2010 16:10:13:349] nioqer:  returning err = 3113
  [21-SEP-2010 16:10:13:349] nioqer: exit
  [21-SEP-2010 16:10:13:349] nioqrc: exit
  [21-SEP-2010 16:10:13:349] nioqds: entry
  [21-SEP-2010 16:10:13:349] nioqds:  disconnecting...
  [21-SEP-2010 16:10:13:349] nsdo: entry
  [21-SEP-2010 16:10:13:349] nsdo: cid=0, opcode=67, *bl=0, *what=1, uflgs=0x2, cflgs=0x3
  [21-SEP-2010 16:10:13:350] nsdo: rank=64, nsctxrnk=0
  [21-SEP-2010 16:10:13:350] nsdo: nsctx: state=1, flg=0x420c, mvd=0
  [21-SEP-2010 16:10:13:350] nsdo: nsctxrnk=0
  [21-SEP-2010 16:10:13:350] nsdo: error exitFrom the client log side, it looks like this:
  [21-SEP-2010 16:06:42:886] nsdo: entry
  [21-SEP-2010 16:06:42:886] nsdo: cid=0, opcode=84, *bl=0, *what=1, uflgs=0x20, cflgs=0x3
  [21-SEP-2010 16:06:42:886] nsdo: rank=64, nsctxrnk=0
  [21-SEP-2010 16:06:42:886] nsdo: nsctx: state=8, flg=0x400d, mvd=0
  [21-SEP-2010 16:06:42:886] nsdo: gtn=127, gtc=127, ptn=10, ptc=2011
  [21-SEP-2010 16:06:42:886] nsdofls: entry
  [21-SEP-2010 16:06:42:886] nsdofls: DATA flags: 0x0
  [21-SEP-2010 16:06:42:886] nsdofls: sending NSPTDA packet
  [21-SEP-2010 16:06:42:886] nspsend: entry
  [21-SEP-2010 16:06:42:886] nspsend: plen=17, type=6
  [21-SEP-2010 16:06:42:886] nttwr: entry
  [21-SEP-2010 16:06:42:886] nttwr: socket 1724 had bytes written=17
  [21-SEP-2010 16:06:42:886] nttwr: exit
  [21-SEP-2010 16:06:42:886] nspsend: packet dump
  [21-SEP-2010 16:06:42:886] nspsend: 00 11 00 00 06 00 00 00  |........|
  [21-SEP-2010 16:06:42:886] nspsend: 00 00 03 05 1C 01 01 01  |........|
  [21-SEP-2010 16:06:42:886] nspsend: 0F                       |.       |
  [21-SEP-2010 16:06:42:886] nspsend: 17 bytes to transport
  [21-SEP-2010 16:06:42:886] nspsend: normal exit
  [21-SEP-2010 16:06:42:886] nsdofls: exit (0)
  [21-SEP-2010 16:06:42:886] nsdo: nsctxrnk=0
  [21-SEP-2010 16:06:42:886] nsdo: normal exit
  [21-SEP-2010 16:06:42:886] nsdo: entry
  [21-SEP-2010 16:06:42:886] nsdo: cid=0, opcode=85, *bl=0, *what=0, uflgs=0x0, cflgs=0x3
  [21-SEP-2010 16:06:42:886] nsdo: rank=64, nsctxrnk=0
  [21-SEP-2010 16:06:42:886] nsdo: nsctx: state=8, flg=0x400d, mvd=0
  [21-SEP-2010 16:06:42:886] nsdo: gtn=127, gtc=127, ptn=10, ptc=2011
  [21-SEP-2010 16:06:42:886] nsdo: switching to application buffer
  [21-SEP-2010 16:06:42:886] nsrdr: entry
  [21-SEP-2010 16:06:42:886] nsrdr: recving a packet
  [21-SEP-2010 16:06:42:886] nsprecv: entry
  [21-SEP-2010 16:06:42:886] nsprecv: reading from transport...
  [21-SEP-2010 16:06:42:886] nttrd: entry
  #    HANG OCCURS HERE
  #    Need to <CTRL C> twice to kill
  #I've tried searching the net for similar occurrences of some of the interesting looking trace data but there appears to be limited information available, none of which is terribly helpful.
  What I'm really after is either someone who has had this issue before, or someone who can better interpret the error output from the trace files and perhaps give me an idea of what's causing it to occur. Specifically whether that error text above relates to a failed connection on the underlying network connectivity side of things or whether it may be something on a higher level within the application layers. We have done packet dumps on firewalls to check the traffic as it traverses the firewall but there are no anomalies that I can see which may be contributing to the issue at hand.
  I have organised for some testing to occur within the next 24 hours as there is a Cisco ASA Firewall that sits in the network path that is performing inspection on packets travelling through it. The inspection for SQLNET specifically is disabled, but we intend to enable this once more for testing to see whether it makes a difference. I'm not entirely confident it will however, and until we do get a chance to test any constructive input or alternate ideas will be greatly appreciated. I'm trying to cover as many bases as possible here.
  Cheers,
  Josh.

  So some further testing doesn't show anything interesting. But that said here's a look at a TCP Dump for the Oracle 11 session that hangs:
  SNORT01:~ # tcpdump -nni bond0 -vvv vlan and host 125.x.x.x and host 172.x.x.x -c 10000
  tcpdump: WARNING: bond0: no IPv4 address assigned
  tcpdump: listening on bond0, link-type EN10MB (Ethernet), capture size 68 bytes
  21:55:43.781596 IP (tos 0x0, ttl 126, id 24439, offset 0, flags [DF], proto: TCP (6), length: 48) 125.x.x.x.62008 > 172.x.x.x.1521: S, cksum 0x4d0a (correct), 2416392635:2416392635(0) win 64512 <mss 1380,nop,nop,sackOK>
  21:55:43.782454 IP (tos 0x0, ttl  59, id 50281, offset 0, flags [DF], proto: TCP (6), length: 48) 172.x.x.x.1521 > 125.x.x.x.62008: S, cksum 0xc0ae (correct), 3123579836:3123579836(0) ack 2416392636 win 49680 <mss 1460,nop,nop,sackOK>
  21:55:43.783311 IP (tos 0x0, ttl 126, id 24440, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.62008 > 172.x.x.x.1521: ., cksum 0xb382 (correct), 1:1(0) ack 1 win 64512
  21:55:43.787142 IP (tos 0x0, ttl 126, id 24441, offset 0, flags [DF], proto: TCP (6), length: 284) 125.x.x.x.62008 > 172.x.x.x.1521: P 1:245(244) ack 1 win 64512
  21:55:43.788504 IP (tos 0x0, ttl  59, id 50282, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.62008: ., cksum 0xed72 (correct), 1:1(0) ack 245 win 49436
  21:55:43.859023 IP (tos 0x0, ttl  59, id 50283, offset 0, flags [DF], proto: TCP (6), length: 48) 172.x.x.x.1521 > 125.x.x.x.62008: P, cksum 0xe166 (correct), 1:9(8) ack 245 win 49680
  21:55:43.860392 IP (tos 0x0, ttl 126, id 24445, offset 0, flags [DF], proto: TCP (6), length: 284) 125.x.x.x.62008 > 172.x.x.x.1521: P 245:489(244) ack 9 win 64504
  21:55:43.861773 IP (tos 0x0, ttl  59, id 50284, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.62008: ., cksum 0xeb82 (correct), 9:9(0) ack 489 win 49680
  21:55:43.861908 IP (tos 0x0, ttl  59, id 50285, offset 0, flags [DF], proto: TCP (6), length: 72) 172.x.x.x.1521 > 125.x.x.x.62008: P 9:41(32) ack 489 win 49680
  21:55:43.865341 IP (tos 0x0, ttl 126, id 24446, offset 0, flags [DF], proto: TCP (6), length: 196) 125.x.x.x.62008 > 172.x.x.x.1521: P 489:645(156) ack 41 win 64472
  21:55:43.867017 IP (tos 0x0, ttl  59, id 50286, offset 0, flags [DF], proto: TCP (6), length: 167) 172.x.x.x.1521 > 125.x.x.x.62008: P 41:168(127) ack 645 win 49680
  21:55:43.874836 IP (tos 0x0, ttl 126, id 24447, offset 0, flags [DF], proto: TCP (6), length: 77) 125.x.x.x.62008 > 172.x.x.x.1521: P 645:682(37) ack 168 win 64345
  21:55:43.876405 IP (tos 0x0, ttl  59, id 50287, offset 0, flags [DF], proto: TCP (6), length: 226) 172.x.x.x.1521 > 125.x.x.x.62008: P 168:354(186) ack 682 win 49680
  21:55:43.995921 IP (tos 0x0, ttl 126, id 24451, offset 0, flags [DF], proto: TCP (6), length: 1420) 125.x.x.x.62008 > 172.x.x.x.1521: . 682:2062(1380) ack 354 win 64159
  21:55:43.995978 IP (tos 0x0, ttl 126, id 24452, offset 0, flags [DF], proto: TCP (6), length: 671) 125.x.x.x.62008 > 172.x.x.x.1521: P 2062:2693(631) ack 354 win 64159
  21:55:43.999910 IP (tos 0x0, ttl  59, id 50288, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.62008: ., cksum 0xe18d (correct), 354:354(0) ack 2693 win 49680
  21:55:44.015402 IP (tos 0x0, ttl 126, id 24455, offset 0, flags [DF], proto: TCP (6), length: 326) 125.x.x.x.62008 > 172.x.x.x.1521: P 2693:2979(286) ack 354 win 64159
  21:55:44.020491 IP (tos 0x0, ttl  59, id 50289, offset 0, flags [DF], proto: TCP (6), length: 1420) 172.x.x.x.1521 > 125.x.x.x.62008: . 354:1734(1380) ack 2979 win 49680
  21:55:44.020789 IP (tos 0x0, ttl  59, id 50290, offset 0, flags [DF], proto: TCP (6), length: 671) 172.x.x.x.1521 > 125.x.x.x.62008: P 1734:2365(631) ack 2979 win 49680
  21:55:44.021015 IP (tos 0x0, ttl  59, id 50291, offset 0, flags [DF], proto: TCP (6), length: 355) 172.x.x.x.1521 > 125.x.x.x.62008: P 2365:2680(315) ack 2979 win 49680
  21:55:44.022489 IP (tos 0x0, ttl 126, id 24457, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.62008 > 172.x.x.x.1521: ., cksum 0x9ea4 (correct), 2979:2979(0) ack 2365 win 64512
  21:55:44.148236 IP (tos 0x0, ttl 126, id 24461, offset 0, flags [DF], proto: TCP (6), length: 215) 125.x.x.x.62008 > 172.x.x.x.1521: P 2979:3154(175) ack 2680 win 64197
  21:55:44.152125 IP (tos 0x0, ttl  59, id 50292, offset 0, flags [DF], proto: TCP (6), length: 187) 172.x.x.x.1521 > 125.x.x.x.62008: P 2680:2827(147) ack 3154 win 49680
  21:55:44.174040 IP (tos 0x0, ttl 126, id 24462, offset 0, flags [DF], proto: TCP (6), length: 1054) 125.x.x.x.62008 > 172.x.x.x.1521: P 3154:4168(1014) ack 2827 win 64050
  21:55:44.732635 IP (tos 0x0, ttl 126, id 24482, offset 0, flags [DF], proto: TCP (6), length: 1054) 125.x.x.x.62008 > 172.x.x.x.1521: P 3154:4168(1014) ack 2827 win 64050
  21:55:44.735346 IP (tos 0x0, ttl  59, id 50294, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.62008: ., cksum 0xcefc (correct), 3632:3632(0) ack 4168 win 49680
  21:56:17.076742 IP (tos 0x0, ttl 126, id 25631, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.62008 > 172.x.x.x.1521: R, cksum 0x942e (correct), 4168:4168(0) ack 2827 win 0
  *SQL session hangs here*The 'RESET' occurs when I kill the client using CTRL+C after a long period of inactivity, not during the session itself.
  And then.. Here's a successful login and query of 7 rows on the Oracle 9 database from a network perspective:
  SNORT01:~ # tcpdump -nni bond0 -vvv vlan and host 125.x.x.x and host 172.x.x.x -c 10000
  tcpdump: WARNING: bond0: no IPv4 address assigned
  tcpdump: listening on bond0, link-type EN10MB (Ethernet), capture size 68 bytes
  21:53:27.598450 IP (tos 0x0, ttl 126, id 19396, offset 0, flags [DF], proto: TCP (6), length: 48) 125.x.x.x.61937 > 172.x.x.x.1521: S, cksum 0xc9b4 (correct), 2519356327:2519356327(0) win 64512 <mss 1380,nop,nop,sackOK>
  21:53:27.612189 IP (tos 0x0, ttl  53, id 46015, offset 0, flags [DF], proto: TCP (6), length: 48) 172.x.x.x.1521 > 125.x.x.x.61937: S, cksum 0x1cdb (correct), 1010936359:1010936359(0) ack 2519356328 win 49680 <mss 1460,nop,nop,sackOK>
  21:53:27.612905 IP (tos 0x0, ttl 126, id 19398, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: ., cksum 0x0faf (correct), 1:1(0) ack 1 win 64512
  21:53:27.616233 IP (tos 0x0, ttl 126, id 19399, offset 0, flags [DF], proto: TCP (6), length: 321) 125.x.x.x.61937 > 172.x.x.x.1521: P 1:282(281) ack 1 win 64512
  21:53:27.629987 IP (tos 0x0, ttl  53, id 46016, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x4886 (correct), 1:1(0) ack 282 win 49680
  21:53:27.692135 IP (tos 0x0, ttl  53, id 46017, offset 0, flags [DF], proto: TCP (6), length: 48) 172.x.x.x.1521 > 125.x.x.x.61937: P, cksum 0x3d6e (correct), 1:9(8) ack 282 win 49680
  21:53:27.693603 IP (tos 0x0, ttl 126, id 19402, offset 0, flags [DF], proto: TCP (6), length: 321) 125.x.x.x.61937 > 172.x.x.x.1521: P 282:563(281) ack 9 win 64504
  21:53:27.707460 IP (tos 0x0, ttl  53, id 46018, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x4765 (correct), 9:9(0) ack 563 win 49680
  21:53:27.707883 IP (tos 0x0, ttl  53, id 46019, offset 0, flags [DF], proto: TCP (6), length: 72) 172.x.x.x.1521 > 125.x.x.x.61937: P 9:41(32) ack 563 win 49680
  21:53:27.711950 IP (tos 0x0, ttl 126, id 19403, offset 0, flags [DF], proto: TCP (6), length: 196) 125.x.x.x.61937 > 172.x.x.x.1521: P 563:719(156) ack 41 win 64472
  21:53:27.725971 IP (tos 0x0, ttl  53, id 46020, offset 0, flags [DF], proto: TCP (6), length: 167) 172.x.x.x.1521 > 125.x.x.x.61937: P 41:168(127) ack 719 win 49680
  21:53:27.734468 IP (tos 0x0, ttl 126, id 19405, offset 0, flags [DF], proto: TCP (6), length: 77) 125.x.x.x.61937 > 172.x.x.x.1521: P 719:756(37) ack 168 win 64345
  21:53:27.748270 IP (tos 0x0, ttl  53, id 46021, offset 0, flags [DF], proto: TCP (6), length: 199) 172.x.x.x.1521 > 125.x.x.x.61937: P 168:327(159) ack 756 win 49680
  21:53:27.878720 IP (tos 0x0, ttl 126, id 19409, offset 0, flags [DF], proto: TCP (6), length: 1110) 125.x.x.x.61937 > 172.x.x.x.1521: P 756:1826(1070) ack 327 win 64186
  21:53:28.994991 IP (tos 0x0, ttl 126, id 19443, offset 0, flags [DF], proto: TCP (6), length: 1110) 125.x.x.x.61937 > 172.x.x.x.1521: P 756:1826(1070) ack 327 win 64186
  21:53:29.010680 IP (tos 0x0, ttl  53, id 46023, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x3d83 (correct), 1276:1276(0) ack 1826 win 49680
  21:53:32.561849 IP (tos 0x0, ttl  53, id 46024, offset 0, flags [DF], proto: TCP (6), length: 989) 172.x.x.x.1521 > 125.x.x.x.61937: P 327:1276(949) ack 1826 win 49680
  21:53:32.710661 IP (tos 0x0, ttl 126, id 19550, offset 0, flags [DF], proto: TCP (6), length: 223) 125.x.x.x.61937 > 172.x.x.x.1521: P 1826:2009(183) ack 1276 win 63237
  21:53:32.724384 IP (tos 0x0, ttl  53, id 46025, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x3ccc (correct), 1276:1276(0) ack 2009 win 49680
  21:53:32.732636 IP (tos 0x0, ttl  53, id 46026, offset 0, flags [DF], proto: TCP (6), length: 133) 172.x.x.x.1521 > 125.x.x.x.61937: P 1276:1369(93) ack 2009 win 49680
  21:53:32.739922 IP (tos 0x0, ttl 126, id 19553, offset 0, flags [DF], proto: TCP (6), length: 947) 125.x.x.x.61937 > 172.x.x.x.1521: P 2009:2916(907) ack 1369 win 63144
  21:53:32.763266 IP (tos 0x0, ttl  53, id 46027, offset 0, flags [DF], proto: TCP (6), length: 329) 172.x.x.x.1521 > 125.x.x.x.61937: P 1369:1658(289) ack 2916 win 49680
  21:53:32.770925 IP (tos 0x0, ttl 126, id 19555, offset 0, flags [DF], proto: TCP (6), length: 78) 125.x.x.x.61937 > 172.x.x.x.1521: P 2916:2954(38) ack 1658 win 64512
  21:53:32.784774 IP (tos 0x0, ttl  53, id 46028, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 1658:1836(178) ack 2954 win 49680
  21:53:32.787455 IP (tos 0x0, ttl 126, id 19556, offset 0, flags [DF], proto: TCP (6), length: 149) 125.x.x.x.61937 > 172.x.x.x.1521: P 2954:3063(109) ack 1836 win 64334
  21:53:33.478760 IP (tos 0x0, ttl 126, id 19578, offset 0, flags [DF], proto: TCP (6), length: 149) 125.x.x.x.61937 > 172.x.x.x.1521: P 2954:3063(109) ack 1836 win 64334
  21:53:33.492256 IP (tos 0x0, ttl  53, id 46030, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x34ce (correct), 2268:2268(0) ack 3063 win 49680
  21:53:36.820908 IP (tos 0x0, ttl  53, id 46031, offset 0, flags [DF], proto: TCP (6), length: 472) 172.x.x.x.1521 > 125.x.x.x.61937: P 1836:2268(432) ack 3063 win 49680
  21:53:36.824225 IP (tos 0x0, ttl 126, id 19733, offset 0, flags [DF], proto: TCP (6), length: 57) 125.x.x.x.61937 > 172.x.x.x.1521: P 3063:3080(17) ack 2268 win 63902
  21:53:36.837345 IP (tos 0x0, ttl  53, id 46032, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x34bd (correct), 2268:2268(0) ack 3080 win 49680
  21:53:36.838015 IP (tos 0x0, ttl  53, id 46033, offset 0, flags [DF], proto: TCP (6), length: 110) 172.x.x.x.1521 > 125.x.x.x.61937: P 2268:2338(70) ack 3080 win 49680
  21:53:36.839520 IP (tos 0x0, ttl 126, id 19734, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 3080:3119(39) ack 2338 win 63832
  21:53:36.853507 IP (tos 0x0, ttl  53, id 46034, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 2338:2516(178) ack 3119 win 49680
  21:53:36.855886 IP (tos 0x0, ttl 126, id 19735, offset 0, flags [DF], proto: TCP (6), length: 160) 125.x.x.x.61937 > 172.x.x.x.1521: P 3119:3239(120) ack 2516 win 63654
  21:53:36.870292 IP (tos 0x0, ttl  53, id 46035, offset 0, flags [DF], proto: TCP (6), length: 99) 172.x.x.x.1521 > 125.x.x.x.61937: P 2516:2575(59) ack 3239 win 49680
  21:53:36.879557 IP (tos 0x0, ttl 126, id 19738, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 3239:3278(39) ack 2575 win 63595
  21:53:36.893506 IP (tos 0x0, ttl  53, id 46036, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 2575:2753(178) ack 3278 win 49680
  21:53:36.895884 IP (tos 0x0, ttl 126, id 19739, offset 0, flags [DF], proto: TCP (6), length: 292) 125.x.x.x.61937 > 172.x.x.x.1521: P 3278:3530(252) ack 2753 win 63417
  21:53:36.911464 IP (tos 0x0, ttl  53, id 46037, offset 0, flags [DF], proto: TCP (6), length: 305) 172.x.x.x.1521 > 125.x.x.x.61937: P 2753:3018(265) ack 3530 win 49680
  21:53:36.913580 IP (tos 0x0, ttl 126, id 19740, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 3530:3569(39) ack 3018 win 63152
  21:53:36.927515 IP (tos 0x0, ttl  53, id 46038, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 3018:3196(178) ack 3569 win 49680
  21:53:36.938328 IP (tos 0x0, ttl 126, id 19742, offset 0, flags [DF], proto: TCP (6), length: 315) 125.x.x.x.61937 > 172.x.x.x.1521: P 3569:3844(275) ack 3196 win 64512
  21:53:36.953008 IP (tos 0x0, ttl  53, id 46039, offset 0, flags [DF], proto: TCP (6), length: 183) 172.x.x.x.1521 > 125.x.x.x.61937: P 3196:3339(143) ack 3844 win 49680
  21:53:36.961020 IP (tos 0x0, ttl 126, id 19743, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 3844:3883(39) ack 3339 win 64369
  21:53:36.974890 IP (tos 0x0, ttl  53, id 46040, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 3339:3517(178) ack 3883 win 49680
  21:53:36.977183 IP (tos 0x0, ttl 126, id 19744, offset 0, flags [DF], proto: TCP (6), length: 208) 125.x.x.x.61937 > 172.x.x.x.1521: P 3883:4051(168) ack 3517 win 64191
  21:53:36.991461 IP (tos 0x0, ttl  53, id 46041, offset 0, flags [DF], proto: TCP (6), length: 110) 172.x.x.x.1521 > 125.x.x.x.61937: P 3517:3587(70) ack 4051 win 49680
  21:53:36.993439 IP (tos 0x0, ttl 126, id 19747, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 4051:4090(39) ack 3587 win 64121
  21:53:37.007199 IP (tos 0x0, ttl  53, id 46042, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 3587:3765(178) ack 4090 win 49680
  21:53:37.011239 IP (tos 0x0, ttl 126, id 19748, offset 0, flags [DF], proto: TCP (6), length: 183) 125.x.x.x.61937 > 172.x.x.x.1521: P 4090:4233(143) ack 3765 win 63943
  21:53:37.025767 IP (tos 0x0, ttl  53, id 46043, offset 0, flags [DF], proto: TCP (6), length: 210) 172.x.x.x.1521 > 125.x.x.x.61937: P 3765:3935(170) ack 4233 win 49680
  21:53:37.027455 IP (tos 0x0, ttl 126, id 19750, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 4233:4272(39) ack 3935 win 63773
  21:53:37.041382 IP (tos 0x0, ttl  53, id 46044, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 3935:4113(178) ack 4272 win 49680
  21:53:37.044708 IP (tos 0x0, ttl 126, id 19751, offset 0, flags [DF], proto: TCP (6), length: 75) 125.x.x.x.61937 > 172.x.x.x.1521: P 4272:4307(35) ack 4113 win 63595
  21:53:37.058388 IP (tos 0x0, ttl  53, id 46045, offset 0, flags [DF], proto: TCP (6), length: 56) 172.x.x.x.1521 > 125.x.x.x.61937: P 4113:4129(16) ack 4307 win 49680
  21:53:37.060398 IP (tos 0x0, ttl 126, id 19752, offset 0, flags [DF], proto: TCP (6), length: 75) 125.x.x.x.61937 > 172.x.x.x.1521: P 4307:4342(35) ack 4129 win 63579
  21:53:37.073926 IP (tos 0x0, ttl  53, id 46046, offset 0, flags [DF], proto: TCP (6), length: 56) 172.x.x.x.1521 > 125.x.x.x.61937: P 4129:4145(16) ack 4342 win 49680
  21:53:37.088056 IP (tos 0x0, ttl 126, id 19753, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: ., cksum 0xf23e (correct), 4342:4342(0) ack 4145 win 63563
  21:53:56.309909 IP (tos 0x0, ttl 126, id 20509, offset 0, flags [DF], proto: TCP (6), length: 176) 125.x.x.x.61937 > 172.x.x.x.1521: P 4342:4478(136) ack 4145 win 63563
  21:53:56.325783 IP (tos 0x0, ttl  53, id 46047, offset 0, flags [DF], proto: TCP (6), length: 398) 172.x.x.x.1521 > 125.x.x.x.61937: P 4145:4503(358) ack 4478 win 49680
  21:53:56.329152 IP (tos 0x0, ttl 126, id 20511, offset 0, flags [DF], proto: TCP (6), length: 57) 125.x.x.x.61937 > 172.x.x.x.1521: P 4478:4495(17) ack 4503 win 63205
  21:53:56.557234 IP (tos 0x0, ttl 126, id 20519, offset 0, flags [DF], proto: TCP (6), length: 57) 125.x.x.x.61937 > 172.x.x.x.1521: P 4478:4495(17) ack 4503 win 63205
  21:53:56.570496 IP (tos 0x0, ttl  53, id 46049, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x24ea (correct), 4904:4904(0) ack 4495 win 49680
  21:53:58.561449 IP (tos 0x0, ttl  53, id 46051, offset 0, flags [DF], proto: TCP (6), length: 441) 172.x.x.x.1521 > 125.x.x.x.61937: P 4503:4904(401) ack 4495 win 49680
  21:53:58.602228 IP (tos 0x0, ttl 126, id 20579, offset 0, flags [DF], proto: TCP (6), length: 79) 125.x.x.x.61937 > 172.x.x.x.1521: P 4495:4534(39) ack 4904 win 64512
  21:53:58.615281 IP (tos 0x0, ttl  53, id 46052, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x24c3 (correct), 4904:4904(0) ack 4534 win 49680
  21:53:58.616571 IP (tos 0x0, ttl  53, id 46053, offset 0, flags [DF], proto: TCP (6), length: 218) 172.x.x.x.1521 > 125.x.x.x.61937: P 4904:5082(178) ack 4534 win 49680
  21:53:58.745531 IP (tos 0x0, ttl 126, id 20584, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: ., cksum 0xead2 (correct), 4534:4534(0) ack 5082 win 64334
  21:54:01.476582 IP (tos 0x0, ttl 126, id 20707, offset 0, flags [DF], proto: TCP (6), length: 53) 125.x.x.x.61937 > 172.x.x.x.1521: P 4534:4547(13) ack 5082 win 64334
  21:54:01.492998 IP (tos 0x0, ttl  53, id 46054, offset 0, flags [DF], proto: TCP (6), length: 53) 172.x.x.x.1521 > 125.x.x.x.61937: P 5082:5095(13) ack 4547 win 49680
  21:54:01.499924 IP (tos 0x0, ttl 126, id 20709, offset 0, flags [DF], proto: TCP (6), length: 50) 125.x.x.x.61937 > 172.x.x.x.1521: P, cksum 0xe469 (correct), 4547:4557(10) ack 5095 win 64321
  21:54:01.500558 IP (tos 0x0, ttl 126, id 20710, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: F, cksum 0xeaba (correct), 4557:4557(0) ack 5095 win 64321
  21:54:01.513561 IP (tos 0x0, ttl  53, id 46055, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: F, cksum 0x23ec (correct), 5095:5095(0) ack 4557 win 49680
  21:54:01.513628 IP (tos 0x0, ttl  53, id 46056, offset 0, flags [DF], proto: TCP (6), length: 40) 172.x.x.x.1521 > 125.x.x.x.61937: ., cksum 0x23eb (correct), 5096:5096(0) ack 4558 win 49680
  21:54:01.514175 IP (tos 0x0, ttl 126, id 20713, offset 0, flags [DF], proto: TCP (6), length: 40) 125.x.x.x.61937 > 172.x.x.x.1521: ., cksum 0xeab9 (correct), 4558:4558(0) ack 5096 win 64321The above is obviously fine, but it's really quite strange. I can get the Oracle 9 queries to hang if I select over 7 rows (8 being the point at which it dies).
  So I can run
  Sqlplus user/[email protected]
  Select * from <blah> where rownum < 7;Over and over again, as many times as I like without issue.
  But!.. As soon as I run
  Sqlplus user/[email protected]
  Select * from <blah> where rownum < 8;The session will hang, and from a network perspective there are no packets being transferred in either direction. It looks exactly like the Oracle 11 session in that the session is still ESTABLISHED from a client perspective but no data is flowing in either direction..
  Does anyone have any idea why '8' is the magic number that would be causing it to hang? I'm really stuggling to see from a network perspective how this may be occuring, as above the TCPDump looks clean.
  Unfortunately I don't have access do a dump on the client/server itself however, just on the network path. I guess that may be where we need to be looking next.
  Thanks for the ideas so far all, much appreciated.
  Josh.

• Possible new virus/malware? slui.exe in %Userprofile%\AppData\Roaming

  Hi,
  I would like to start a discussion for one strange problem that I encountered in my company. Four Notebooks with Windows 7 x64 Enterprise SP1 versions all of a sudden after 1-2-3hours period cannot open any webpage trough any browser (IE,FF, Chrome) but
  everything is pingable via command prompt. We made sure that it is not a DNS problem, whole network is functioning properly.
  After one college called me because of the problem described above I started to dig trough the active processes that were running in that moment and slui.exe caught my attention because it was unusual for me to see that process even running. The process
  itself is very small, only 54k. And starting folder is located in userprofile\AppData\Roaming\DNCache folder, in there are a couple of files (see picture bellow). That is not a location for slui.exe in my humble opionion, slui.exe resides in System32 folder.
  You cannot delete the folder because it is being used, even with file unlocker it won't let you delete it. I went to SAFE mode and deleted it. Also in safe mode run msconfig and clear out any files that have "Unknown" manufacturer and start with
  d..something, sorry cannot remember the correct name, but are the same as in DNCache folder. Our company uses Microsoft Forefront for protection. I am now waiting to see if I have solved the issue.
  Could that be somekind of a virus/malware?
  Thanks,

  Hi,
  Based on m research, “suli.exe” has not been recorded into MS data. It may be not a virus.
  Best Regards
  Quan Gu

• How do I manually remove an installed program (possible fishing Virus)?

  So I downloaded an app from this site but I can't seem to find it, is it possible that I've contracted a phishing virus, if so what are the steps i should take to remove it?
  http://mac.softpedia.com/progViewOpinions/Cheat-Engine-91967,.html

  What's that thing, Cheat Engine 5.6.1 for Mac?
  Did you just download it or did you actually install the package?
  The package installer looks like this when it opens:
  The spelling errors alone are sort of entertaining.
  Clicking Read License results in no action. Since I am unwilling to consent to something I cannot read, I hit Disagree and that was that.
  The next step will ask for your user name and password, after which it will do... what? Who knows, but no right-minded person should acquiesce to unknown modifications of a computer, unless it's already running Windows, in which case it's already messed up and this sort of behaviour is normal.
  If you didn't actually install it, just forget you ever saw this thing and get on with your life. No harm done.

• Possible email virus ???

  My wife received an email from a friend titled "this is a painting not a picture"
  There was no text in the email and she opened the attachment.
  A few minutes later she said her mouse was gone from the screen and could do nothing. Even trying to power off using the button behind the screen had no effect..The only thing I could do was to disconnect the power cord from the wall.
  We then seemed to be able to operate normally, but since then {about a week ago} the same thing happened, no mouse and unplugging from the wall was the only fix.
  Also last night she attempted to send an email and it would not send so she quit the computer by putting it to sleep I think.
  This morning I attempted to wake up the computer and it would not respond, so unplugging was the only fix .
  When I got into her email there was no email in here "sent" folder but in her "in box" she had many many copies sent to herself that said they were "from" auto.response..
  Then she received a message from the person whom she had tried to send the email to indicating that they had received her email and 20+ copies of it.
  I updated all the latest apple software this morning and installed "mac scan" trojan remover plus I Installed "iAntiVirus" and found nothing with either scanner
  I wonder if any one else had a similar problem.
  Also I asked my wife what the "PICTURE" looked like when she opened it.She said it had a black background and some sort of necklace and maybe flowers....
  It sure sounds to me like she opened a nasty virus.
  Snowed one...

  Welcome to Apple Discussions!
  This is what is known as a trojan horse, not a virus. Viruses are self-replicating without any user interaction. The fact she had to open the e-mail to make it do what it did, says it was strictly an e-mail virus. It is possible that what happened, is that by clicking on some link within the e-mail, it ended up confirming her e-mail address, and then the e-mail program, which already might have been set to instantly replicate the contents of the inbox got overwhelmed with the spam that was sent.
  Do not, under any circumstance open e-mail from an unknown source.
  She should also make sure her friends do not do the same. Because it is also possible, that your wife was not the originator of this virus, but rather her friend, and more likely. Your wife's e-mail address in the friend's digital addressbook might have been compromised and sent to a spammer, and then self replicated on the friend's machine to send to your wife.
  Do not allow e-mail to replicate its contents automatically more than once every 5 minutes. Tell your friends to use BCC when mass e-mailing, as well as your wife, and not CC, to avoid showing the addressbook to everyone in the list. Otherwise other spam viruses might be spread.

• Can a Mac be harmful to a Windows network (viruses?)

  Hi, my IT states (we are 5 Macs in a Windows network) that a Mac connected to the windows network and to internet can be harmful (it can infect the windows network with viruses and trojan horses)
  Is it true?

  There are exactly 3 threats posed by Macs running on a mostly Windows network:
  1: a Mac without a virus scanner may receive infected attachments, not notice, and copy them to file shares. So get a virus scanner.
  2: Windows running on a Mac through Parallels or VMWare is just as vulnerable to infection as any other PC. So get a virus scanner.
  3: Windows-using coworkers may see how nice your Macs are and want to switch. This threatens the job security of IT staffers who only know Windows.