I have some sniffer in Win98SE but don't know how to save its dump in the text format to make it easy to read. So I maked a screenshot of the first TCP/IP packet with HTTP response I got from www.ssh.com in my Win98SE. Look at ssw_com.png file in the attachments. Draw your attention to the "Total length" and to the "Flags" in the IP header.
--- Rostislav Krasny <[EMAIL PROTECTED]> wrote: > To produce these tcpdump's log files I used two terminals. In the > first > I ran 'tcpdump -n > filename' and in the second I ran 'links URL'. I > ran the first command before the second one, of course. In case of > www.ssh.com the "links" browsers maked TCP connection, sent HTTP > request and the last thing it got from www.ssh.com was ACK packet, > nothing more. I waited few seconds and pressed to the 'q' key so > "links" will quit. That is why you see FIN packet sent from my host. > If > I stop "tcpdump" before "links" quiting there is no FIN packet in the > log file of "tcpdump". Look at 1492-2.log and 1492-3.log new files. > In > case of the 1492-2.log file I just stoped tcpdump before quiting > "links". In case of the 1492-3.log file I stoped tcpdump after > quiting > links but I waited more time. So you can see few PPPoE echo requests > and responses before the FIN. That is the time I was waiting before I > closed the "links" browser. > I use links because it is a text mode browser, so I will not download > images that can flood tcpdump's logs. But the problem with > www.ssh.com > exists when I use any browser or even simulate it by sending HTTP/1.1 > or HTTP/1.0 "GET" request manually through 'telnet www.ssh.com 80'. > If > I send just "GET /<newline>" (it is HTTP/0.9 request) I get some > short > response about that document was moved. HTTP/0.9 is not in use today > by > most web sites (including www.ssh.com) and browsers. > Look at 1492-fbsd.org.log file, there is the log of successful HTTP > connection with www.freebsd.org when MTU==MRU==1492. > > Of course I can use smaller MTU and MRU (<=1484) but when I use > Win98SE > with RASPPPOE driver I have no troubles when MTU == 1492. Why in > FreeBSD it is impossibly? If FreeBSD or its ppp have some bug why not > to fix it instead? And it looks like a bug. > > --- Eli Dart <[EMAIL PROTECTED]> wrote: > > Well, I noticed one thing from the tcpdump files -- in the 1492 > case, > > > > your machine is sending a FIN to www.ssh.com. In the 1484 case, of > > > course no FIN is sent. However, if you look at the 1492 tcpdump > > you'll > > see connection establishment, a packet sent to www.ssh.com (an http > > > request I assume), a retransmit of that packet a second later > > (implying that the first did not arrive), an ack for that packet > from > > > > www.ssh.com, and a fin from your box, which is then acknowledged. > > > > I don't know what's causing it, but it appears that the application > > > you're using is seeing something it doesn't like, and is closing > its > > socket. I don't know why the www.ssh.com side does not send its > own > > FIN -- it should (it may also not be getting to you). > > > > I would look at a tcpdump of a successful connection to > > www.freebsd.org with the 1492 config (you said in an earlier post > > that this works). You could also run with a slightly smaller MTU > and > > > > declare victory :) > > > > --eli > > > > > > > > In reply to Rostislav Krasny <[EMAIL PROTECTED]> : > > > > > > > > --0-2081754345-1041105297=:86278 > > > Content-Type: text/plain; charset=us-ascii > > > Content-Disposition: inline > > > > > > --- Eli Dart <[EMAIL PROTECTED]> wrote: > > > > > > > > In reply to Rostislav Krasny <[EMAIL PROTECTED]> : > > > > > > > > > Thank you for your trying to help me. Your version of > ppp.conf > > is very > > > > > similar to mine. I don't have LAN here, but only one box with > > FreeBSD > > > > > connected to the outside world through my ADSL modem. So ' > set > > nat' and > > > > > ' set proxy' options are not required in my case. I don't use > > > > > ' set ifaddr' option because default arguments of it are good > > for me. > > > > > > > > > > I think that the source of my problem isn't in ppp.conf > > probably, > > > > > but somewhere in TCP. Nobody answered me how MTU == MRU == > 1484 > > solves > > > > > my problem. Maybe there is a bug in TCP when MTU and MRU have > > some > > > > > unstandard value. When I use Win98SE in the same box and the > > same ADSL > > > > > modem with RASPPPOE driver of PPPoE I have no troubles when > the > > MTU is > > > > > 1492 there. This is why I think the source of the problem is > in > > TCP > > > > > implementation of FreeBSD. ppp have some dial with TCP, so > > maybe the > > > > > source of the problem is there but most likely not in > ppp.conf > > > > > > > > Are you blocking ICMP for "security reasons?" If so, you can't > > do > > > > path mtu discovery, and tcp will break if it needs a smaller > mtu > > > > (which it appears that you do). > > > > > > No, I'm not blocking ICMP. I have recently installed FreeBSD > > 4.7-RELEASE > > > with custom kernel that is a little simplified version of > GENERIC. > > There > > > is no firewall enabled, yet. Look at CUST01 file in the > > attachments, this > > > is the configuration of the kernel of my system. I also ran > > `tcpdump -n` > > > and saved its output when I ran `links www.ssh.com` in other > > terminal. > > > I did it two times, the first when MRU == MTU == 1492 and the > > second when > > > it was 1484. Look at 1492.log and 1484.log files in the > > attachments. > > > > > > P.S. If one blocks ICMP why he have troubles when MTU == MRU == > > 1492 but > > > don't have the troubles when MTU == MRU == 1484 ? > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > ATTACHMENT part 2 application/octet-stream name=1492-2.log > ATTACHMENT part 3 application/octet-stream name=1492-3.log > ATTACHMENT part 4 application/octet-stream name=1492-fbsd.org.log __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
<<inline: ssh_com.png>>
