Well, the ethereal dumps show that poirot is sending the tcp setup SYN packet to sherlock, and sherlock is responding with the ACK and RST flags set - connection refused, basically. They're on the same ip network and they both see the packets, so there's no network-based intermediary firewalls, both hosts are seeing traffic so there's no connectivity problems....my guess is one of the following: -iptables firewall on sherlock - you can check this with iptables --list (I know, I know, you stopped it - still, check again) -that the listener isn't actually binding to the external address - this is my current favorite theory. If you do a netstat -an | grep 1522, I bet you'll find that only 127.0.0.1 is bound to 1522, and I bet if you check the /etc/hosts file on sherlock, that its mapped to 127.0.0.1 Let us know how that goes. Thanks, Matt -- Matthew Zito GridApp Systems Email: mzito@xxxxxxxxxxx Cell: 646-220-3551 Phone: 212-358-8211 x 359 http://www.gridapp.com On Nov 28, 2004, at 3:11 PM, Jared Still wrote: > Here is the outpt of tcpdump on server 1, from which tnsping is being > run > > [root@poirot tmp]# tcpdump -i eth0 dst host sherlock and dst port 1522 > tcpdump: listening on eth0 > 12:02:51.800998 poirot.37843 > sherlock.1522: S > 3140819234:3140819234(0) win 5840 <mss 1460,sackOK,timestamp 6201501 > 0,nop,wscale 0> (DF) > > Here is the output on server 2 where the database resides: > > [root@sherlock tmp]# tcpdump -i eth0 src host poirot and dst port 1522 > tcpdump: listening on eth0 > 12:02:51.778791 poirot.37843 > 192.168.1.101.1522: S > 3140819234:3140819234(0) win 5840 <mss 1460,sackOK,timestamp 6201501 > 0,nop,wscale 0> (DF) -- //www.freelists.org/webpage/oracle-l