[isalist] Re: Help reading an ethereal capture
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 17 Nov 2006 10:52:12 -0600
http://www.ISAserver.org
-------------------------------------------------------
What does "receive mail" mean?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve diMascio
> Sent: Friday, November 17, 2006 10:46 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Help reading an ethereal capture
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> I'm trying to solve a problem I'm having with one of my workstations
> that intermittently takes ages to receive email, even from
> local users,
> (around 5 minutes anyway). The company owner thinks its a firewall
> client issue, as he never used them in the past but since I installed
> the FWC on every workstation this has happened (only to one of the
> workstations) - that's the whole of his "theory". I don't think its a
> FWC issue but since I haven't been able to give a definite reason, or
> prove its not the FWC he's sticking to his "theory".
>
> Its an SBS2k3 network 40 workstations 2 member servers (1 is voip the
> other a TS), obviously exchange and ISA is on the SBS box,
> although I'm
> planning on moving ISA to its own hardware over the Christmas break.
>
> I've taken a network capture but am pretty useless at reading
> them. So I
> compared the capture to a capture taken on a working desktop and the
> only differences I can see between them are the one that doesn't work
> has hundreds of lines like this.
>
> Source 10.0.0.135
> Destination 0.0.0.0
> Protocol TCP
> Info 33037 > 0 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0
>
> There are litterally hundreds of these in a 6 minute capture.
>
> The frame number goes up by 1 and the source port changes randomly
> (seemingly), I've search google but haven't found anything
> that tells me
> what this traffic is. Can anyone point me in the right direction, or
> have any good references for reading ethereal captures ?
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
