[vpn-help] Updated package and problem reports

Peter Eisch peter at boku.net
Tue Aug 15 14:24:37 CDT 2006


As an example, this is just from selecting ³Windows Update² on the XP box.

On the vpn concentrator, tcpdump reports:

13:46:03.576382 IP (tos 0x0, ttl 127, id 47284, offset 0, flags [DF],
length: 48) 10.1.101.27.11656 > 207.46.18.94.80: S [tcp sum ok]
1860524187:1860524187(0) win 64512 <mss 1460,nop,nop,sackOK>
13:46:03.655539 IP (tos 0x0, ttl 119, id 63057, offset 0, flags [none],
length: 48) 207.46.18.94.80 > 10.1.101.27.11656: S [tcp sum ok]
1025290122:1025290122(0) ack 1860524188 win 16384 <mss 1460,nop,nop,sackOK>
13:46:03.689014 IP (tos 0x0, ttl 127, id 47287, offset 0, flags [DF],
length: 40) 10.1.101.27.11656 > 207.46.18.94.80: . [tcp sum ok] 1:1(0) ack 1
win 64512
13:46:03.690460 IP (tos 0x0, ttl  63, id 47288, offset 0, flags [+], length:
436) 10.1.101.27.11656 > 207.46.18.94.80: P [bad tcp cksum e9f3 (->2d72)!]
1:397(396) ack 1 win 64512
13:46:03.780671 IP (tos 0x0, ttl 119, id 63141, offset 0, flags [DF],
length: 343) 207.46.18.94.80 > 10.1.101.27.11656: P [tcp sum ok] 1:304(303)
ack 450 win 65086
13:46:03.937150 IP (tos 0x0, ttl 127, id 47291, offset 0, flags [DF],
length: 40) 10.1.101.27.11656 > 207.46.18.94.80: . [tcp sum ok] 450:450(0)
ack 304 win 64209
13:46:04.093179 IP (tos 0x0, ttl  63, id 47292, offset 0, flags [+], length:
436) 10.1.101.27.11656 > 207.46.18.94.80: P [bad tcp cksum bfaf (->3b9)!]
450:846(396) ack 304 win 64209
13:46:04.093218 IP (tos 0x0, ttl 127, id 47293, offset 0, flags [DF],
length: 53) 10.1.101.27.11656 > 207.46.18.94.80: P [tcp sum ok] 890:903(13)
ack 304 win 64209
13:46:04.195717 IP (tos 0x0, ttl 119, id 63390, offset 0, flags [DF],
length: 65) 207.46.18.94.80 > 10.1.101.27.11656: P [tcp sum ok] 304:329(25)
ack 890 win 64646
13:46:04.197449 IP (tos 0x0, ttl 119, id 63391, offset 0, flags [DF],
length: 378) 207.46.18.94.80 > 10.1.101.27.11656: P [tcp sum ok]
329:667(338) ack 903 win 64633
13:46:04.203003 IP (tos 0x0, ttl 127, id 47298, offset 0, flags [DF],
length: 40) 10.1.101.27.11656 > 207.46.18.94.80: . [tcp sum ok] 903:903(0)
ack 667 win 63846
13:46:05.751703 IP (tos 0x0, ttl  63, id 47299, offset 0, flags [+], length:
468) 10.1.101.27.11656 > 207.46.18.94.80: P [bad tcp cksum 3dd4 (->ebb4)!]
903:1331(428) ack 667 win 63846
13:46:05.751743 IP (tos 0x0, ttl 127, id 47300, offset 0, flags [DF],
length: 64) 10.1.101.27.11656 > 207.46.18.94.80: P [tcp sum ok]
1402:1426(24) ack 667 win 63846
13:46:05.810974 IP (tos 0x0, ttl 119, id 64783, offset 0, flags [DF],
length: 40) 207.46.18.94.80 > 10.1.101.27.11656: . [tcp sum ok] 667:667(0)
ack 1426 win 64110
13:46:05.811412 IP (tos 0x0, ttl 119, id 64784, offset 0, flags [DF],
length: 40) 207.46.18.94.80 > 10.1.101.27.11656: . [tcp sum ok] 667:667(0)
ack 1426 win 64110
13:46:05.815825 IP (tos 0x0, ttl 119, id 64787, offset 0, flags [DF],
length: 325) 207.46.18.94.80 > 10.1.101.27.11656: P [tcp sum ok]
667:952(285) ack 1426 win 64110
13:46:05.944733 IP (tos 0x0, ttl 127, id 47305, offset 0, flags [DF],
length: 40) 10.1.101.27.11656 > 207.46.18.94.80: . [tcp sum ok] 1426:1426(0)
ack 952 win 63561

You can see above that they get some of the packet, but not all the
fragments

13:46:06.312760 IP (tos 0x0, ttl 127, id 47308, offset 0, flags [DF],
length: 48) 10.1.101.27.11657 > 207.46.19.93.80: S [tcp sum ok]
3848152535:3848152535(0) win 64512 <mss 1460,nop,nop,sackOK>
13:46:06.405673 IP (tos 0x0, ttl 118, id 64911, offset 0, flags [none],
length: 48) 207.46.19.93.80 > 10.1.101.27.11657: S [tcp sum ok]
2170550629:2170550629(0) ack 3848152536 win 16384 <mss 1460,nop,nop,sackOK>
13:46:06.441687 IP (tos 0x0, ttl 127, id 47311, offset 0, flags [DF],
length: 40) 10.1.101.27.11657 > 207.46.19.93.80: . [tcp sum ok] 1:1(0) ack 1
win 64512
13:46:06.441963 IP (tos 0x0, ttl  63, id 47312, offset 0, flags [+], length:
468) 10.1.101.27.11657 > 207.46.19.93.80: P [bad tcp cksum 484b (->70a0)!]
1:429(428) ack 1 win 64512
13:46:09.344637 IP (tos 0x0, ttl  63, id 47314, offset 0, flags [+], length:
468) 10.1.101.27.11657 > 207.46.19.93.80: P [bad tcp cksum 484b (->70a0)!]
1:429(428) ack 1 win 64512
13:46:15.355989 IP (tos 0x0, ttl  63, id 47315, offset 0, flags [+], length:
468) 10.1.101.27.11657 > 207.46.19.93.80: P [bad tcp cksum 484b (->70a0)!]
1:429(428) ack 1 win 64512

Followed by a bunch of resends...

For fun, I can download big files with firefox, for example, as in an 8M
PDF.  

If I go to http://video.google.com/ and scroll down to the Featured section,
I cannot play ³Dora the Explorer² as another example.  Tcpdump logs:

14:16:04.186914 IP (tos 0x0, ttl 127, id 62648, offset 0, flags [DF],
length: 48) 10.1.101.27.11707 > 64.233.167.99.80: S [tcp sum ok]
4157959648:4157959648(0) win 64512 <mss 1460,nop,nop,sackOK>
14:16:04.266812 IP (tos 0x0, ttl 246, id 9393, offset 0, flags [none],
length: 44) 64.233.167.99.80 > 10.1.101.27.11707: S [tcp sum ok]
220038189:220038189(0) ack 4157959649 win 8190 <mss 1460>
14:16:04.275627 IP (tos 0x0, ttl 127, id 62650, offset 0, flags [DF],
length: 40) 10.1.101.27.11707 > 64.233.167.99.80: . [tcp sum ok] 1:1(0) ack
1 win 64512
14:16:04.276680 IP (tos 0x0, ttl  63, id 62651, offset 0, flags [+], length:
468) 10.1.101.27.11707 > 64.233.167.99.80: P [bad tcp cksum d4dd (->9a31)!]
1:429(428) ack 1 win 64512
14:16:07.185239 IP (tos 0x0, ttl  63, id 62654, offset 0, flags [+], length:
468) 10.1.101.27.11707 > 64.233.167.99.80: P [bad tcp cksum d4dd (->9a31)!]
1:429(428) ack 1 win 64512
14:16:13.192814 IP (tos 0x0, ttl  63, id 62655, offset 0, flags [+], length:
468) 10.1.101.27.11707 > 64.233.167.99.80: P [bad tcp cksum d4dd (->9a31)!]
1:429(428) ack 1 win 64512

The client log shows things fragmenting to 470b ‹ I guess I should redo this
and get a clean trace to include.  Any other features in the trace you¹d
want off the client?

(yes, this works with the cisco client)

Thanks,

peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20060815/f884fd2d/attachment-0002.html>


More information about the vpn-help mailing list