TCP & HTTP

http is lies on the tcp....but TCP is Stateful and HTTP is stateless......
how it is possible....... please send me the details........

Basically, HTTP "standard" does not define any state mechanics. Instead, various people, businesses, and organizations added things into their software to provide for state management.
There are two sides to this debate: Server-Side State Management (S3M), and Client-Side State Management (CS2M).
Cookies are one way to provide for state-management, but there are privacy and security concerns.
Stateful HTTP, designed through various server-side mechanics, are basically data stores on a server that holds information from CGI forms and some custom per-box settings.
This is great, because things can be done easily with a homogenious system. Oops, too bad the net is NOT homogenious.
We have Opera, Netscape, Firefox, IE, etc. for client-side software, while IIS, Apache, Tomcat, etc. for server-side software.
All different companies - and thus - no uniform support of technologies. Certainly, an Apache web server is not going to out-of-the-box support IWA (Integrated Windows Authentication).
There is a problem with ad-hoc state management within the current cycle of software.

Similar Messages

  • Do streaming video plugins have to use TCP/HTTP transport ?

    Can browser plugins open UDP sockets ? all the video plugins I know of are TCP/HTTP based, but I don't know if that is a requirement of operating through a browser.

    milnuts wrote:
    Ok, I reconfigured my system.  Current setup is now
    Cable Modem -> Time Capsule -> Switch (connected to both the blu ray, Xbox 360, and PC).
    I just tried to connect with both the Xbox and the blu ray player, no luck.  
    Yes, that is disappointing.. can you briefly borrow the router from your neighbour and test it again.. I would really like to see what happens when you put the netgear back and pull full ipconfig /all from the computer. Or another router of any kind.. if your modem is also a router completely remove the TC and see what happens.
    The Xbox360 won't even recognize the PC at all.  I thought for sure this would work as the Time Capsule is completely out of the picture, or so I would have thought.
    What can change when you swap router??
    Windows can change.. here is one I missed in the previous suggestions.. windows can jump from home location to work or public without telling you, simply because you changed router. Jump into windows PC and make sure the location is set to home.. turn off the firewall even. Turn off ipv6 as the TC is ipv6 capable and that could mess things up.
    Even turn on the guest account with full permissions.. and see if any of those things helps.
    How do I set the IP for the blu-ray and PC to something other than the default?  I tried to do that through the AirPort Utility in the Time Capsule.  Network->DHCP Reservations->+  That lets me put in the MAC address for the device I want to reserve, but it only allows me to change the last bit of the address.  So it grays out the 10.0.1 and only allows me to change the last number.
    No, you cannot do it via dhcp.. you set manual IP address.. in other words, open the PC networking.. go to TCP/IP properties and change from auto to manual and set IP as I indicated. You do it directly on the PC and directly on the bluray and xbox.. not via dhcp.

  • TCP / HTTP overhead

    I appologize if this is not the correct place to post this question.. I am trying to understand the overhead with tcp and HTTP response that I see in the packet capture (wireshark)  which I am attaching to this thread.
    My understanding is:
    I can calculate the TCP data portion by subtracting the ip/tcp headers from the total length field in IP header. My confusion is when looking at the tcp data payload and then seeing the overhead that is specified in the HTTP response header/message body.  I see there is 1448 bytes that is the tcp data portion of the packet.
    However, the HTTP response header is 347 bytes and the Content-Length of the entity message body is 3867 bytes. I am trying to wrap my head around how to determine the correct overhead for this specific packet. Normally this is very simple but its the HTTP rsponse header thats throwing me off.
    Can anyone break this down and help me to understand how I can have 1448 for TCP data but greater values for the HTTP portion?

    So as I am thinking on this, after the first post..... The remaining  would be the initial segment ( not really fragment ) of the response  message..I think   I was overcomplicating this when it is very simple...
    Thanks for clarification.

  • How do I create a digital signature on a TCP or a UDP flow?

    I am trying to convert samples of a voice signal, which is intercepted from the microphone, into fixed length digital signature bytes (using Hash, or) and attach these fixed length bytes to a communication session between two terminals (UDP or TCP "HTTP"). The other receving end should be able to identify the person at the sending side.
    Any thoughts how I could do this?
    Any help is most appreciated.
    Sam

    Sam,
    If you have the Sound and Vibration toolkit it may make some things easier for you regarding the voice-recording aspect, but if you aren't recording and playing back the actual sounds, just using this for detection and digital signatures, you shouldn't need to worry about this.
    1. For this you are going to be doing some form of Analog Input.  Then you will be storing this data to a file.  There are examples for both of these aspects in the NI Example Finder from within LabVIEW.
    2. If you are going to be doing the FFT, there is a VI under the Mathematics Palette that performs this operation.  Again you can use the same example for saving data to the file.
    3. You would need to figure out what needs to be done to create a digital signature for this.  There may be something in the Sound and Vibration toolkit for this, but I do not know.
    4. For the UDP or TCP transfers, there are several examples for doing this and they cover how to create the connection and transfer / receive data.  These too are in the NI Example Finder
    5. This goes back to number 4, this would indeed be a separate program, but everything else would just be one project and one program.  
    6. This would depend on how the ID was created in step 3, again whether you do the algorithm on yourself or not.  For comparing to the table, you would use a Search Array and some comparison functions, all depending on how you stored the data initially.
    7. Graphs are all available on your Front Panel of your VIs and you would just wire up the data that you'd like and have it displayed on the graph.
    There will not be an example for everything that you are wanting to do.  The examples are meant to help you get started.  Have you used LabVIEW before?  I would recommend doing the 3 Hour LabVIEW Introduction Course to help you get started.  This will cover some of the basic concepts that you will need to know in order to create your application.
    Unfortunately I cannot write the code for you, only guide and direct you.  LabVIEW is a programming language and does require the user to lay out and create their own program.  You will not be able to just find three or four pre-built code-snippets and connect them together to get your appliction working the way you want it.  You will need to develop the applications yourself.
    Regards,
    Jared Boothe
    Staff Hardware Engineer
    National Instruments

  • Non-global zone sending TCP SYN-ACK packet over wrong interface.

    After spending many hours looking at ipmon/ethereal logs, I believe I've found
    a explanation (a bug?) for the following strange behaviour (Solaris 10u1):
    I've got a non-global zone with Apache2 with dedicated IP and bound to interface e1000g2 of a Sun X4200 box. The global zone has a different dedicated IP bound to a different interface e1000g0.
    When I point a browser at the web site, the HTML page often comes up immediately, but sometimes it will hang and only load when I press the reload browser button one or multiple times. This is reproducible with different browsers from different networks with or without DNS resolution. It's reproducible with other non-local zones configured alike and running different TCP based services (namely SSH or non-Apache HTTP).
    This is what happens in a failing case (Ethereal client dump "dump_failed.txt" and IPF log "att1.txt" lines 1-3 pp): the incoming TCP SYN comes over interface e1000g2 (correct) and is passed by IPF. However, the non-global zone sends the TCP SYN-ACK package back over interface e1000g0, which is wrong and causes IPF to fail to build a correct state entry. Then, afterwards, the response packets from the webserver will be filtered by IPF, since it has no state entry.
    In the success case (Ethereal client dump "dump_success.txt" and IPF log "att1.txt" lines 19-21 pp), the incoming TCP SYN is answered correctly by a TCP SYN-ACK both over interface e1000g2. IPF can build a state entry and all subsequent packets from the webserver reach the client.
    =====
    The non-global zone has this setup:
    zonecfg:ws1> info
    ...snip...
    net:
    address: 62.146.25.34
    physical: e1000g2
    zonecfg:ws1>
    =====
    The relevant (as of the IPF log) IPF rules are:
    rule 1: block out log all
    rule 16: pass in log quick proto tcp from any to 62.146.25.34 port = 80 keep state
    =====
    If I didn't miss an important point, I suspect this to be a bug in Zones and/or IPF.
    Any hints?
    Thx,
    Tobias
    "att1.txt":
    LINE     PACKET_DT     PACKET_FS     PACKET_IFC     RULE_NUMBER     RULE_ACTION     SOURCE_IP     SOURCE_PORT     DEST_IP     DEST_PORT     PROTOCOL     TCP_FLAGS
    1     08.05.2006 21:24:09     786741     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     S
    2     08.05.2006 21:24:09     786863     e1000g0     16     p     62.146.25.34     80     84.56.16.159     60693     tcp     AS
    3     08.05.2006 21:24:09     808218     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     A
    4     08.05.2006 21:24:09     837170     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AP
    5     08.05.2006 21:24:09     837189     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
    6     08.05.2006 21:24:09     837479     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AP
    7     08.05.2006 21:24:12     823801     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AP
    8     08.05.2006 21:24:12     823832     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
    9     08.05.2006 21:24:13     210039     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AP
    10     08.05.2006 21:24:18     839318     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AP
    11     08.05.2006 21:24:18     839351     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
    12     08.05.2006 21:24:19     970040     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AP
    13     08.05.2006 21:24:24     840073     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AF
    14     08.05.2006 21:24:30     870503     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AP
    15     08.05.2006 21:24:30     870538     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
    16     08.05.2006 21:24:33     480059     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
    17     08.05.2006 21:24:45     347464     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AF
    18     08.05.2006 21:24:45     347498     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
    19     08.05.2006 21:24:47     857068     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     S
    20     08.05.2006 21:24:47     857118     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     AS
    21     08.05.2006 21:24:47     878257     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     A
    22     08.05.2006 21:24:47     907630     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     AP
    23     08.05.2006 21:24:47     907644     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     A
    24     08.05.2006 21:24:47     907892     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     AP
    25     08.05.2006 21:24:47     976361     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     AP
    26     08.05.2006 21:24:47     976375     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     A
    27     08.05.2006 21:24:47     976487     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     AP
    28     08.05.2006 21:24:48     127599     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     A
    29     08.05.2006 21:24:54     932569     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AFP
    30     08.05.2006 21:24:54     932595     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
    31     08.05.2006 21:25:00     490052     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
    32     08.05.2006 21:25:02     980057     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     AF
    33     08.05.2006 21:25:03     1890     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     A
    34     08.05.2006 21:25:09     907916     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     AF
    35     08.05.2006 21:25:09     907949     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     A
    36     08.05.2006 21:25:42     948502     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AFP
    37     08.05.2006 21:25:42     948535     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
    38     08.05.2006 21:25:54     500051     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
    39     08.05.2006 21:26:54     510046     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
    40     08.05.2006 21:27:54     520041     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
    41     08.05.2006 21:28:54     530040     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
    42     08.05.2006 21:29:54     540039     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
    43     08.05.2006 21:30:54     550039     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
    44     08.05.2006 21:31:54     560041     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
    "dump_failed.txt":
    No. Time Source Destination Protocol Info
    1 0.000000 192.168.1.101 62.146.25.34 TCP 1079 > http [SYN] Seq=0 Len=0 MSS=1460
    Frame 1 (62 bytes on wire, 62 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0x0269 (617)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde9d [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 0, Len: 0
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 0 (relative sequence number)
    Header length: 28 bytes
    Flags: 0x0002 (SYN)
    Window size: 65535
    Checksum: 0x5c3c [correct]
    Options: (8 bytes)
    No. Time Source Destination Protocol Info
    2 0.022698 62.146.25.34 192.168.1.101 TCP http > 1079 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
    Frame 2 (62 bytes on wire, 62 bytes captured)
    Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
    Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0x002f (47)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2ed8 [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
    Transmission Control Protocol, Src Port: http (80), Dst Port: 1079 (1079), Seq: 0, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: 1079 (1079)
    Sequence number: 0 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 28 bytes
    Flags: 0x0012 (SYN, ACK)
    Window size: 49368
    Checksum: 0xd017 [correct]
    Options: (8 bytes)
    No. Time Source Destination Protocol Info
    3 0.022749 192.168.1.101 62.146.25.34 TCP 1079 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
    Frame 3 (54 bytes on wire, 54 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x026a (618)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdea4 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 65535
    Checksum: 0x19dc [incorrect, should be 0xbdac]
    No. Time Source Destination Protocol Info
    4 0.022919 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
    Frame 4 (476 bytes on wire, 476 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x026b (619)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdcfd [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1 (relative sequence number)
    Next sequence number: 423 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xcda5]
    Hypertext Transfer Protocol
    No. Time Source Destination Protocol Info
    5 3.013084 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
    Frame 5 (476 bytes on wire, 476 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x0276 (630)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdcf2 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1 (relative sequence number)
    Next sequence number: 423 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xcda5]
    SEQ/ACK analysis
    Hypertext Transfer Protocol
    No. Time Source Destination Protocol Info
    6 9.029003 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
    Frame 6 (476 bytes on wire, 476 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x027f (639)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdce9 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1 (relative sequence number)
    Next sequence number: 423 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xcda5]
    SEQ/ACK analysis
    Hypertext Transfer Protocol
    No. Time Source Destination Protocol Info
    7 21.060827 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
    Frame 7 (476 bytes on wire, 476 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x0284 (644)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdce4 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 1 (relative sequence number)
    Next sequence number: 423 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xcda5]
    SEQ/ACK analysis
    Hypertext Transfer Protocol
    No. Time Source Destination Protocol Info
    8 35.561984 192.168.1.101 62.146.25.34 TCP 1079 > http [FIN, ACK] Seq=423 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
    Frame 8 (54 bytes on wire, 54 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x029a (666)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde74 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 423, Ack: 1, Len: 0
    Source port: 1079 (1079)
    Destination port: http (80)
    Sequence number: 423 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0011 (FIN, ACK)
    Window size: 65535
    Checksum: 0x19dc [incorrect, should be 0xbc05]
    "dump_success.txt":
    No. Time Source Destination Protocol Info
    1 0.000000 192.168.1.101 62.146.25.34 TCP 1083 > http [SYN] Seq=0 Len=0 MSS=1460
    Frame 1 (62 bytes on wire, 62 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0x02a3 (675)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde63 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 0, Len: 0
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 0 (relative sequence number)
    Header length: 28 bytes
    Flags: 0x0002 (SYN)
    Window size: 65535
    Checksum: 0x70ca [correct]
    Options: (8 bytes)
    No. Time Source Destination Protocol Info
    2 0.020553 62.146.25.34 192.168.1.101 TCP http > 1083 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
    Frame 2 (62 bytes on wire, 62 bytes captured)
    Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
    Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0x006b (107)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2e9c [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
    Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 0, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 0 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 28 bytes
    Flags: 0x0012 (SYN, ACK)
    Window size: 49368
    Checksum: 0xb530 [correct]
    Options: (8 bytes)
    No. Time Source Destination Protocol Info
    3 0.020599 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
    Frame 3 (54 bytes on wire, 54 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x02a4 (676)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde6a [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 1 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 65535
    Checksum: 0x19dc [incorrect, should be 0xa2c5]
    No. Time Source Destination Protocol Info
    4 0.020746 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
    Frame 4 (476 bytes on wire, 476 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 462
    Identification: 0x02a5 (677)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdcc3 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 1 (relative sequence number)
    Next sequence number: 423 (relative sequence number)
    Acknowledgement number: 1 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65535
    Checksum: 0x1b82 [incorrect, should be 0xb2be]
    Hypertext Transfer Protocol
    No. Time Source Destination Protocol Info
    5 0.071290 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=1 Ack=423 Win=49368 Len=0
    Frame 5 (60 bytes on wire, 60 bytes captured)
    Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
    Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x006c (108)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2ea3 [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
    Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 0
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 1 (relative sequence number)
    Acknowledgement number: 423 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 49368
    Checksum: 0xe046 [correct]
    No. Time Source Destination Protocol Info
    6 0.075838 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 200 OK (text/html)
    Frame 6 (413 bytes on wire, 413 bytes captured)
    Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
    Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 399
    Identification: 0x006d (109)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2d3b [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
    Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 359
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 1 (relative sequence number)
    Next sequence number: 360 (relative sequence number)
    Acknowledgement number: 423 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 49368
    Checksum: 0x29b8 [correct]
    Hypertext Transfer Protocol
    Line-based text data: text/html
    No. Time Source Destination Protocol Info
    7 0.095473 192.168.1.101 62.146.25.34 HTTP GET /favicon.ico HTTP/1.1
    Frame 7 (407 bytes on wire, 407 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 393
    Identification: 0x02aa (682)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdd03 [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 423, Ack: 360, Len: 353
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 423 (relative sequence number)
    Next sequence number: 776 (relative sequence number)
    Acknowledgement number: 360 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65176
    Checksum: 0x1b3d [incorrect, should be 0x1e0c]
    Hypertext Transfer Protocol
    No. Time Source Destination Protocol Info
    8 0.139786 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=360 Ack=776 Win=49368 Len=0
    Frame 8 (60 bytes on wire, 60 bytes captured)
    Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
    Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x006e (110)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2ea1 [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
    Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 0
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 360 (relative sequence number)
    Acknowledgement number: 776 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 49368
    Checksum: 0xdd7e [correct]
    No. Time Source Destination Protocol Info
    9 0.144850 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 404 Not Found (text/html)
    Frame 9 (464 bytes on wire, 464 bytes captured)
    Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
    Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 450
    Identification: 0x006f (111)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (0x06)
    Header checksum: 0x2d06 [correct]
    Source: 62.146.25.34 (62.146.25.34)
    Destination: 192.168.1.101 (192.168.1.101)
    Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 410
    Source port: http (80)
    Destination port: 1083 (1083)
    Sequence number: 360 (relative sequence number)
    Next sequence number: 770 (relative sequence number)
    Acknowledgement number: 776 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 49368
    Checksum: 0x7a71 [correct]
    Hypertext Transfer Protocol
    Line-based text data: text/html
    No. Time Source Destination Protocol Info
    10 0.269307 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=776 Ack=770 Win=64766 [TCP CHECKSUM INCORRECT] Len=0
    Frame 10 (54 bytes on wire, 54 bytes captured)
    Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
    Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0x02af (687)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xde5f [correct]
    Source: 192.168.1.101 (192.168.1.101)
    Destination: 62.146.25.34 (62.146.25.34)
    Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 776, Ack: 770, Len: 0
    Source port: 1083 (1083)
    Destination port: http (80)
    Sequence number: 776 (relative sequence number)
    Acknowledgement number: 770 (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 64766
    Checksum: 0x19dc [incorrect, should be 0x9fbe]

    lev wrote:This performance regression renders openvpn with a tun adapter unusable if client and server use kernel 3.14 .
    Thus I created a bug report: https://bugs.archlinux.org/task/40089
    i actually noticed it to be an "either-or" type of thing; my Windows clients were seeing the same thing coming off a 3.14 openvpn server.
    yeah, weird issue. like i noticed spurts of even-powers-of-2 sized packets
    Client connecting to 10.10.10.6, TCP port 5001
    TCP window size: 416 KByte
    [ 3] local 10.10.10.1 port 40643 connected with 10.10.10.6 port 5001
    [ ID] Interval Transfer Bandwidth
    [ 3] 0.0- 2.0 sec 512 KBytes 2.10 Mbits/sec
    [ 3] 2.0- 4.0 sec 0.00 Bytes 0.00 bits/sec
    [ 3] 4.0- 6.0 sec 0.00 Bytes 0.00 bits/sec
    [ 3] 6.0- 8.0 sec 0.00 Bytes 0.00 bits/sec
    [ 3] 8.0-10.0 sec 128 KBytes 524 Kbits/sec
    [ 3] 10.0-12.0 sec 128 KBytes 524 Kbits/sec
    [ 3] 12.0-14.0 sec 512 KBytes 2.10 Mbits/sec
    [ 3] 14.0-16.0 sec 128 KBytes 524 Kbits/sec
    [ 3] 16.0-18.0 sec 512 KBytes 2.10 Mbits/sec
    [ 3] 18.0-20.0 sec 128 KBytes 524 Kbits/sec
    [ 3] 20.0-22.0 sec 384 KBytes 1.57 Mbits/sec
    [ 3] 22.0-24.0 sec 256 KBytes 1.05 Mbits/sec
    [ 3] 24.0-26.0 sec 512 KBytes 2.10 Mbits/sec
    [ 3] 26.0-28.0 sec 384 KBytes 1.57 Mbits/sec
    [ 3] 28.0-30.0 sec 256 KBytes 1.05 Mbits/sec
    [ 3] 30.0-32.0 sec 128 KBytes 524 Kbits/sec
    [ 3] 32.0-34.0 sec 640 KBytes 2.62 Mbits/sec
    [ 3] 34.0-36.0 sec 384 KBytes 1.57 Mbits/sec
    [ 3] 36.0-38.0 sec 384 KBytes 1.57 Mbits/sec
    [ 3] 38.0-40.0 sec 384 KBytes 1.57 Mbits/sec
    [ 3] 40.0-42.0 sec 128 KBytes 524 Kbits/sec

  • ACE - Balance HTTP and sticky only SSL/TLS

    Hi there,
    I have a situation that I am trying to solve. We have lot of services trough ACE, but now I have to modify one of them, PROXY servers. 
    I have six (6) servers working with Sticky, but with a MASK 255.255.255.0, which produce an unbalanced situation some times, and that affect some servers on depending of how many users connected to that server. We have between 40K and 50K conns in that serverfarm, but in Sticky terms we have arround 700 /24 subnets.
    I want to modify the configuration, specificaly the MASK to 255.255.255.255, which is going to increase a lot Sticky resources. But thinking in optimize Sticky resources, I want to know if there is a way to select only e-commerce, Home Banking or other kind of SSL/TSL traffic (always using port 80 trough proxy servers), so I could use Sticky only  for connections that need it, and leave other HTTP traffic without this feature.
    I´m sorry, may be I'm doing a silly question, but don´t have the experience to make this configuration, and I will apreciate your help.
    Here is the actual configuration:
    probe tcp HTTP
      description Keepalive web servers
      interval 20
      passdetect interval 30
    rserver host Server1
      ip address 10.1.1.1
      inservice
    rserver host Server2
      ip address 10.1.1.2
      inservice
    rserver host Server3
      ip address 10.1.1.3
      inservice
    rserver host Server4
      ip address 10.1.1.4
      inservice
    rserver host Server5
      ip address 10.1.1.5
      inservice
    rserver host Server6
      ip address 10.1.1.6
      inservice
    serverfarm host PRX
      failaction purge
      predictor leastconns
      probe HTTP
      rserver Server1
        inservice
      rserver Server2
         inservice
      rserver Server3
        inservice
      rserver Server4
        inservice
      rserver Server5
        inservice
      rserver Server6
        inservice
    sticky ip-netmask 255.255.255.0 address source sticky-PRX
      timeout 60
      serverfarm PRX
    class-map match-any VIP-PRX
      2 match virtual-address 10.10.10.101 tcp eq www
    policy-map type loadbalance first-match POLICY-L7-PRX
      class class-default
        sticky-serverfarm sticky-PRX
    policy-map multi-match PRX-Balance
      class VIP-PRX
        loadbalance vip inservice
        loadbalance policy POLICY-L7-PRX
        loadbalance vip icmp-reply
    interface vlan 100
      ip address 10.10.10.11 255.255.255.0
      alias 10.10.10.10 255.255.255.0
      peer ip address 10.10.10.12 255.255.255.0
      no normalization
      access-group output SOLO-SLB
      service-policy input PRX-Balance
    Thanks
    Alexis

    You might want to check out this new product called ITD.
    Simple and faster solution:
    ITD provides :
    ASIC based multi-terabit/s L3/L4 load-balancing at line-rate
    No service module or external L3/L4 load-balancer needed. Every N7k port can be used as load-balancer.
    Redirect line-rate traffic to any devices, for example web cache engines, Web Accelerator Engines (WAE), video-caches, etc.
    Capability to create clusters of devices, for example, Firewalls, Intrusion Prevention System (IPS), or Web Application Firewall (WAF), Hadoop cluster
    IP-stickiness
    Resilient (like resilient ECMP)
    VIP based L4 load-balancing
    NAT (available for EFT/PoC). Allows non-DSR deployments.
    Weighted load-balancing
    Load-balances to large number of devices/servers
    ACL along with redirection and load balancing simultaneously.
    Bi-directional flow-coherency. Traffic from A-->B and B-->A goes to same node.
    Order of magnitude OPEX savings : reduction in configuration, and ease of deployment
    Order of magnitude CAPEX savings : Wiring, Power, Rackspace and Cost savings
    The servers/appliances don’t have to be directly connected to N7k
    Monitoring the health of servers/appliances.
    N + M redundancy.
    Automatic failure handling of servers/appliances.
    VRF support, vPC support, VDC support
    Supported on both Nexus 7000 and Nexus 7700 series.
    Supports both IPv4 and IPv6
    N5k / N6k support : coming soon
    Blog
    At a glance
    ITD config guide
    Email Query or feedback:[email protected]

  • HTTP request abnormal terminaison

    Hi there,
    I have a network problem. I have a http client (java on a Solaris 9 box) that send a http request to a IIS 6.0 server (win 2003). Here is the exchange (captured with ethereal):
    |Time     | Client            | server        |
    |0.000    |         TCP       |               |35437 > http [SYN] Seq=0 Ack=0 Win=49640 Len=0 MSS=1460
    |         |(35437)  ------------------>  (80) |
    |0.081    |         TCP       |               |http > 35437 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1380
    |         |(35437)  <------------------  (80) |
    |0.081    |         TCP       |               |35437 > http [ACK] Seq=1 Ack=1 Win=49680 Len=0
    |         |(35437)  ------------------>  (80) |
    |0.082    |         HTTP      |               |POST /SmartCards/credibility.aspx HTTP/1.1
    |         |(35437)  ------------------>  (80) |
    |0.266    |         TCP       |               |http > 35437 [ACK] Seq=1 Ack=238 Win=65298 Len=0
    |         |(35437)  <------------------  (80) |
    |4.591    |         TCP       |               |35437 > http [FIN, ACK] Seq=238 Ack=1 Win=49680 Len=0
    |         |(35437)  ------------------>  (80) |
    |4.710    |         TCP       |               |http > 35437 [ACK] Seq=1 Ack=239 Win=65298 Len=0
    |         |(35437)  <------------------  (80) |
    |17.008   |         HTTP      |               |HTTP/1.1 200 OK (text/plain)
    |         |(35437)  <------------------  (80) |
    |17.008   |         TCP       |               |35437 > http [RST] Seq=239 Ack=2264099094 Win=49680 Len=0
    |         |(35437)  ------------------>  (80) |
    |17.008   |         TCP       |               |http > 35437 [FIN, ACK] Seq=227 Ack=239 Win=65298 Len=0
    |         |(35437)  <------------------  (80) |
    |17.008   |         TCP       |               |35437 > http [RST] Seq=239 Ack=2264099094 Win=0 Len=0
    |         |(35437)  ------------------>  (80) |My question is : Why the client send a FIN after 4 seconds of no response of the server ? Did I reach the tcp timeout (my tcp_time_wait_interval=60000)
    Anyone have an idea on what is going wrong here ?
    I would really appreciate some help here.
    Matt

    Please post a screenshot that shows what you mean. Be careful not to include any private information.
    Start a reply to this message. Click the camera icon in the toolbar of the editing window and select the image file to upload it. You can also include text in the reply.

  • Using the CSM to setup a HTTPS session on non-standard ports?

    Hi Guys,
    One of our clients wants to setup an SSL connection on a non-standard SSL port i.e. 4444 to begin with. Here the sever handles the SSL encryption / deccryption) instead of the SSL module.
    I've found the following config to work well:
    serverfarm FARM-MOBS-4444
    nat server
    no nat client
    predictor leastconns
    failaction purge
    real 130.194.12.81 4444
    inservice
    real 130.194.12.84 4444
    inservice
    probe MOBS-4444
    sticky 108 netmask 255.255.255.255 timeout 60
    vserver VMOBS-PROD-4444
    virtual 130.194.11.51 tcp https
    serverfarm FARM-MOBS-4444
    sticky 60 group 108
    persistent rebalance
    inservice
    With the above setup the CSM redirects the SSL connections (recieved on 443) to port 4444 on the sever and maintains this for the duration of the session.
    While the above setup works, is it possible to configure the VIP to use a HTTPS port other than 443 (which is default)? This would then allow for separate HTTPS paths to be setup on non-standard ports. I ask this since the client also wants to setup a HTTPS path on port 4443 as well.
    Any ideas would be useful.
    thanks
    Sheldon

    Hi Martin,
    Do you mean using the SSL module to perform the encryption / decryption? If so i've tried this and it does work without an issue.
    I was just wondering if it were possible to have a VIP setup where the HTTPS port is not 443 but say 4443, where the encryption / decryption is done by the real servers themselves.
    thanks
    Sheldon

  • Syslog over TCP?

    Hi all,
    Does anyone know if the MARS can accept syslog over TCP? The issue is that I want the ASA to stop making new connections in case the connection is lost to the MARS.
    Thanks in advance!
    Regards,
    Jesper

    The configuration on MARS is in the bottom of the table located at:
    http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/chAsa8x.html#wp1053993
    And yes, SECURE is the key word needed, but only works if you specify TCP.
    http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1751719

  • OPEN TCP-Ports

    I've detected 4 open network-protzs on my Oracle 8.05 EE
    without configured MTS oder listener.
    Why ??
    Older releases (7.3.4 on other platforms) don't have this
    "problem".
    Any hints are wellcome
    So long
    Christian
    null

    There is the standard set of ports that are open for mgmt by ssh, telnet, and SNMP v2 or v3. Additionally, there is port 80 open so you can point web browser to it and get the FM code. The list is as follows.
    Common to all applications
    * SSH 22 (TCP)
    * TELNET 23 (TCP)
    * HTTP 80 (TCP)
    * SYSLOG 514 (UDP)
    Fabric Manager Server and Performance Manager
    * SNMP_TRAP 2162 (UDP)
    * SNMP picks a random free local port (UDP) - (can be changed in server.properties)
    * Java RMI 9099, 9199 to 9299 (TCP)
    Fabric Manager Client
    * Java RMI 9099, 9199 to 9299 (TCP)
    * SNMP picks a random free local port. (UDP) or 9189 (TCP) if SNMP proxy is enabled (can be changed in server.properties)
    Device Manager
    * SNMP_TRAP 1163 to 1170 (UDP) (picks one available in this range)
    * SNMP picks a random free local port (UDP) or 9189 (TCP) if SNMP Proxy is enabled (can be changed in server.properties)
    You can shut off telnet in lieu of ssh in the configuration. Also, it is possible to use access-lists on the mgmt ports to limit IP addresses/ports/etc. Also, don't forget that the IPS ports will be listening for FCIP and ISCSI if enabled.

  • Open TCP Ports on 9216i

    We are auditing open TCP ports on our network equipment and discovered a number of open TCP ports on our 9216i. Is there any way to tell what the open ports are used for and shut them down if unnecessary? The show tcp command is not available. show tech did not reveal anything.

    There is the standard set of ports that are open for mgmt by ssh, telnet, and SNMP v2 or v3. Additionally, there is port 80 open so you can point web browser to it and get the FM code. The list is as follows.
    Common to all applications
    * SSH 22 (TCP)
    * TELNET 23 (TCP)
    * HTTP 80 (TCP)
    * SYSLOG 514 (UDP)
    Fabric Manager Server and Performance Manager
    * SNMP_TRAP 2162 (UDP)
    * SNMP picks a random free local port (UDP) - (can be changed in server.properties)
    * Java RMI 9099, 9199 to 9299 (TCP)
    Fabric Manager Client
    * Java RMI 9099, 9199 to 9299 (TCP)
    * SNMP picks a random free local port. (UDP) or 9189 (TCP) if SNMP proxy is enabled (can be changed in server.properties)
    Device Manager
    * SNMP_TRAP 1163 to 1170 (UDP) (picks one available in this range)
    * SNMP picks a random free local port (UDP) or 9189 (TCP) if SNMP Proxy is enabled (can be changed in server.properties)
    You can shut off telnet in lieu of ssh in the configuration. Also, it is possible to use access-lists on the mgmt ports to limit IP addresses/ports/etc. Also, don't forget that the IPS ports will be listening for FCIP and ISCSI if enabled.

  • Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplayer?

    Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplaer to operate properly? This would include updating, linking, and any subset of features.

    The Acrobat Family uses TCP HTTP/HTTPS for all traffic. The following processes and ports may be active on a Windows client machine:
    AdobeARM.exe - automatic updates - port 443
    AcroRd32.exe - brand messages - port 443
    AcroRd32.exe - links in documents - anything specified in the URL
    Acrobat.exe - brand messages - port 443
    Acrobat.exe - links in documents - anything specified in the URL
    AdobeCollabSync.exe - Tracker review data - port 443
    The same ports are used by the  program components on OS X.
    There are no inbound listening ports for any elements of the Acrobat Family. Automatic updates are not pushed and there are no server processes within the software.

  • Why cant i ping any host/servers behing my Firewall Cisco 5505

    Can anyone please help me to figure out what in my configuration of the Cisco asa 5505 is wrong or missing. I have multiple host behind my firewall these hosts run different websites on port 80. I am able to ping the server from one to another but I am not able to ping the servers from the internet. I am using static NAT. Is there a translation issue going on here. Please help me!
    ========
    CISCOASACLOUD# show run
    CISCOASACLOUD# show running-config
    : Saved
    ASA Version 9.0(1)
    hostname CISCOASACLOUD
    enable password ************* encrypted
    passwd ************* encrypted
    names
    ip local pool VPN_IP_POOL 10.0.2.50-10.0.2.75 mask 255.255.255.0
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.2.254 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 82.94.XX.XX 255.255.255.0
    ftp mode passive
    clock timezone CEST 1
    clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
    dns domain-lookup inside
    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server 194.109.104.104
    name-server 194.109.9.99
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network VPN_NETWORK
    subnet 10.0.2.0 255.255.255.0
    object network NETWORK_OBJ_10.0.2.0_24
    subnet 10.0.2.0 255.255.255.0
    object network NETWORK_OBJ_10.0.2.0_25
    subnet 10.0.2.0 255.255.255.128
    object network SERVER2003_HTTP
    host 10.0.2.104
    object network SERVER2003_HTTPS
    host 10.0.2.104
    object network SERVER2004_HTTP
    host 10.0.2.105
    object network SERVER2004_HTTPS
    host 10.0.2.105
    object network SERVER2002_HTTP
    host 10.0.2.103
    object network SERVER2002_HTTPS
    host 10.0.2.103
    object network SERVER2002_NAGIOS
    host 10.0.2.103
    object network SERVER2003_NAGIOS
    host 10.0.2.104
    object network SERVER2002_NAGIOS_NSCP
    host 10.0.2.103
    object network SERVER2003_NAGIOS_NSCP
    host 10.0.2.104
    object network SERVER2004_NAGIOS
    host 10.0.2.105
    object network SERVER3001_NAGIOS
    host 10.0.2.202
    object network SERVER2001_NAGIOS
    host 10.0.2.102
    object network SERVER3001_HTTP
    host 10.0.2.202
    object network SERVER3001_HTTPS
    host 10.0.2.202
    object network SERVER2004_FTP
    host 10.0.2.105
    object network SERVER2004_FTP_TCP
    host 10.0.2.105
    object network SERVER2004_FTP_SSL
    host 10.0.2.105
    object network SERVER2005_HTTP
    host 10.0.2.106
    object network SERVER2005_HTTPS
    host 10.0.2.106
    object network SERVER3001_ICMP
    host 10.0.2.201
    access-list Default_Tunnel_Group_Name_VPN_splitTunnelAcl standard permit 10.0.2.0 255.255.255.0
    access-list OutsideToInside extended permit tcp any host 10.0.2.104 eq www
    access-list OutsideToInside extended permit tcp any host 10.0.2.104 eq https
    access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq www
    access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq https
    access-list OutsideToInside extended permit tcp any host 10.0.2.103 eq www
    access-list OutsideToInside extended permit tcp any host 10.0.2.103 eq https
    access-list OutsideToInside extended permit tcp any host 10.0.2.102 eq 12489
    access-list OutsideToInside extended permit tcp any host 10.0.2.103 eq 12489
    access-list OutsideToInside extended permit tcp any host 10.0.2.104 eq 12489
    access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq 12489
    access-list OutsideToInside extended permit tcp any host 10.0.2.202 eq 12489
    access-list OutsideToInside extended permit tcp any host 10.0.2.202 eq www
    access-list OutsideToInside extended permit tcp any host 10.0.2.202 eq https
    access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq ftp
    access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq ftp-data
    access-list OutsideToInside extended permit tcp any host 10.0.2.105 eq 990
    access-list OutsideToInside extended permit tcp any host 10.0.2.106 eq www
    access-list OutsideToInside extended permit tcp any host 10.0.2.106 eq https
    access-list inside_access_in extended permit ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    icmp permit any outside
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static any any destination static VPN_NETWORK VPN_NETWORK route-lookup
    nat (inside,outside) source static NETWORK_OBJ_10.0.2.0_24 NETWORK_OBJ_10.0.2.0_24 destination static NETWORK_OBJ_10.0.2.0_25 NETWORK_OBJ_10.0.2.0_25 no-proxy-arp route-lookup
    object network obj_any
    nat (inside,outside) dynamic interface
    object network SERVER2003_HTTP
    nat (inside,outside) static 82.94.XXX.XXX service tcp www www
    object network SERVER2003_HTTPS
    nat (inside,outside) static 82.94.XXX.XXX service tcp https https
    object network SERVER2004_HTTP
    nat (inside,outside) static 82.94.XXX.XXX service tcp www www
    object network SERVER2004_HTTPS
    nat (inside,outside) static 82.94.XXX.XXX service tcp https https
    object network SERVER2002_HTTP
    nat (inside,outside) static 82.94.XXX.XXX service tcp www www
    object network SERVER2002_HTTPS
    nat (inside,outside) static 82.94.XXX.XXX service tcp https https
    object network SERVER2002_NAGIOS
    nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
    object network SERVER2003_NAGIOS
    nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
    object network SERVER2004_NAGIOS
    nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
    object network SERVER3001_NAGIOS
    nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
    object network SERVER2001_NAGIOS
    nat (inside,outside) static 82.94.XXX.XXX service tcp 12489 12489
    object network SERVER3001_HTTP
    nat (inside,outside) static 82.94.XXX.XXX service tcp www www
    object network SERVER3001_HTTPS
    nat (inside,outside) static 82.94.XXX.XXX service tcp https https
    object network SERVER2004_FTP
    nat (inside,outside) static 82.94.XXX.XXX service tcp ftp ftp
    object network SERVER2004_FTP_TCP
    nat (inside,outside) static 82.94.XXX.XXX service tcp ftp-data ftp-data
    object network SERVER2004_FTP_SSL
    nat (inside,outside) static 82.94.XXX.XXX service tcp 990 990
    object network SERVER2005_HTTP
    nat (inside,outside) static 82.94.XXX.XXX service tcp www www
    object network SERVER2005_HTTPS
    nat (inside,outside) static 82.94.XXX.XXX service tcp https https
    access-group inside_access_in in interface inside
    access-group OutsideToInside in interface outside
    route outside 0.0.0.0 0.0.0.0 82.94.XXX.XXX 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication serial console LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication http console LOCAL
    http server enable
    http XXX.XXX.XXX.XXX 255.255.255.255 outside
    http XXX.XXX.XXX.XXX 255.255.255.255 outside
    http XXX.XXX.XXX.XXX 255.255.255.255 outside
    http XXX.XXX.XXX.XXX 255.255.255.255 outside
    http 10.0.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpool policy
    crypto ikev1 enable outside
    crypto ikev1 policy 10
    authentication crack
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 20
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 30
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 40
    authentication crack
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 50
    authentication rsa-sig
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 60
    authentication pre-share
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 70
    authentication crack
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 80
    authentication rsa-sig
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 90
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication crack
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 110
    authentication rsa-sig
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 120
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 130
    authentication crack
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 140
    authentication rsa-sig
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 150
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh 10.0.2.0 255.255.255.0 inside
    ssh XXX.XXX.XXX.XXX 255.255.255.255 outside
    ssh XXX.XXX.XXX.XXX 255.255.255.255 outside
    ssh XXX.XXX.XXX.XXX 255.255.255.255 outside
    ssh XXX.XXX.XXX.XXX 255.255.255.255 outside
    ssh timeout 60
    console timeout 0
    management-access inside
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 213.132.202.192 source outside
    ntp server 72.251.252.11 source outside
    ntp server 131.211.8.244 source outside
    group-policy Default_Tunnel_Group_Name_VPN internal
    group-policy Default_Tunnel_Group_Name_VPN attributes
    dns-server value 194.109.104.104 194.109.9.99
    vpn-tunnel-protocol ikev1
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value
    Default_Tunnel_Group_Name_VPN_splitTunnelAcl
    username ******* password ************* encrypted privilege 0
    username ******* attributes
    vpn-group-policy Default_Tunnel_Group_Name_VPN
    username ******* password ************* encrypted privilege 15
    username ******* password ************* encrypted privilege 0
    username ******* attributes
    vpn-group-policy Default_Tunnel_Group_Name_VPN
    username ******* password ************* encrypted privilege 0
    username ******* attributes
    vpn-group-policy Default_Tunnel_Group_Name_VPN
    tunnel-group Default_Tunnel_Group_Name_VPN type remote-access
    tunnel-group Default_Tunnel_Group_Name_VPN general-attributes
    address-pool VPN_IP_POOL
    default-group-policy Default_Tunnel_Group_Name_VPN
    tunnel-group Default_Tunnel_Group_Name_VPN ipsec-attributes
    ikev1 pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect icmp error
      inspect ftp
      inspect icmp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:655f9d00d6ed1c593506cbf9a876cd49
    : end
    CISCOASACLOUD#

    Hi Ron,
    I have found the solution!
    Indeed I had to extend my access-list on my outside interface!!!
    I have succeeded using ASDM.
    First I created a NEW network object for each of my servers. When you create a new object you will be asked for the internal IP address and "this is where the magic happens" you have to set the NAT IP address (the external address) !!!
    Secondly I extended my access-list on my outside interface by defining every server and the required service (echo, echo-reply) in the "Public server list". When I performed these 2 steps I was able to ping the server from the internet.
    My access-list looks the following now:
    access-list OutsideToInside extended permit icmp any4 object SERVER2003 object-group DM_INLINE_ICMP_2
    access-list OutsideToInside extended permit icmp any4 object SERVER2002 object-group DM_INLINE_ICMP_1
    access-list OutsideToInside extended permit icmp any4 object SERVER2004 object-group DM_INLINE_ICMP_0
    object network SERVER2004
     nat (inside,outside) static 82.94.xxx.xxx
    object network SERVER2002
     nat (inside,outside) static 82.94.xxx.xxx
    object network SERVER2003
     nat (inside,outside) static 82.94.xxx.xxx

  • Application not working on CSM

    Hi ,
    Could some one explain whats the difference between the using the port and using the Any while configuring VIP on CSM?
    After configuring "Any" keyword under the context the application is not  working.
    (NOTE: If I change it to http it works eg:virtual 192.168.1.1 tcp http/port  number)
    Example:
    vserver usa
    virtual 192.168.1.1 tcp any  :-----If i change this "any" keyword with  tcp  port number it works
      replicate csrp sticky
      replicate csrp connection
      no persistent rebalance
      slb-policy fariha
      inservice
    policy fariha
    sticky-group 4
    serverfarm zain
    sticky 4 cookie zain insert
    The IOS running on the CSM is 2.2(3)
    Any help would be appriciated.
    Thanks
    Fariha

    The "tcp any" will allow connections to that Virtual IP on any TCP port.  If it is
    working using the specific port, it should be working using any.  Keep in mind that the CSM will accept and load balance using "tcp any," b
    ut your server may not be listening on that port and will reset the connection.
    As a best practice, you should define the specific port on the vserver for load balancing.  Using the "any" statement has it's purposes, but for general load blancing define the tcp/udp port number for your application.  This is also more secure.
    Kris

  • HT3180 I owned an Apple tv and after upgrade my internet to higher speed my Apple Tv  does not work the only message that show on the screen said if time and dates are not found go to apple/support/tv tried almost everything and nothing.  Please somebody

    I owned an Apple Tv and since I upgrade my internet to higher speed my Apple Tv does not work. Please someone help.

    In most scenarios you shouldn't need to forward ports, however if you need to, you may be best contacting your ISP.
    As with most router issues, I would recommend that you contact your ISP with details of your problem (assuming that it was your ISP that provided it to you).
    There are simply too many manufacturers with different software features and settings and often different names for such features and settings, that the best advice will likely come from those that are knowledgeable about your particular router.
    Make sure your router/computer allows access over the following ports
    Port
    Type
    Protocol
    Used By
    53
    TCP/UDP
    DNS
    DNS
    80
    TCP
    HTTP
    AirPlay, iTunes Store
    123
    TCP/UDP
    NTP
    Network Time
    443
    TCP
    HTTPS
    AirPlay, PhotoStream, iTunes Store
    554
    TCP/UDP
    RTSP
    AirPlay
    1900
    UDP
    SSDP
    Bonjour
    3689
    TCP
    DAAP
    iTunes, AirPlay, HomeSharing
    5297
    TCP
    Bonjour
    5298
    TCP/UDP
    Bonjour
    5350
    UDP
    NAT
    Bonjour
    5351
    UDP
    NAT
    Bonjour
    5353
    TCP/UDP
    MDNS
    Bonjour, AirPlay, HomeSharing
    8000-8999
    TCP
    iTunes Radio Streams
    42000-42999
    TCP
    iTunes Radio Streams
    49159
    UDP
    MDNS (Win)
    Bonjour, AirPlay
    49163
    UDP
    MDNS (Win)
    Bonjour, AirPlay
    The following article(s) may help you.
    Troubleshooting Home Sharing
    Troubleshooting Wi-Fi networks and connections
    Recommended Wi-Fi settings

Maybe you are looking for

  • Pre-n enabler seems to cause issues with lock up/beach ball

    I just received my new C2D MBP yesterday with 3G of RAM and all was peachy. I decided to install the $1.99 Pre-N enabler patch from Apple and it appears that I'm not alone in having that cause system lock ups and beach balls from ****. I unfortunatel

  • Creation of inbound delivery with reference to a purchase order

    Hi        Everyone on the Forum, I have an inbound delivery (ASN), z that programmatically (1) (2) I will develop, I found two modules function, BBP_INB_DELIVERY_CREATE and BBP_INB_DELIVERY_CREATE_31I. The two modules operate to create inbound delive

  • Need info "archivable" indicator in status tab while creating a BP in CRM?

    Hi all, I would like to understand is about the "archivable" indicator in status tab while creating a business partner.It says that this is set via process that runs in the background do you know what process is this? Or how this option works in SAP

  • SOA repository metadata

    Hi All, Going through the metadata repository for SOA infrastructure. There is a table called XML_DOCUMENT. I assume that where all the incoming XML messages are stored. However, it is difficult to understand why Oracle prefer to use the BLOB datatyp

  • Itunes Crashes my Computer

    I just downloaded the new itunes. When I try to open itunes a little window pops up saying "Updating iTunes Library". After getting 3/4 or so of the way loaded, it stops doing anything, my computer freezes and I am unable to do anything and I must re