Justin Tocci:
> On Jun 2, 2011, at 7:44 PM, Wietse Venema wrote:
>
> > Justin Tocci:
> >> I did find out how to dump fancier output which I think someone wanted.
> >>
> >> tcpdump -AXXr /opt/mail/dump10.txt
> >>
> >> 17:08:23.323379 IP server.workflowproducts.com.smtp >
> >> mx-ecom.netflix.com.29698: Flags [.], seq 1:47, ack 1, win 65535, length 46
> >
> > Where is the SYN handshake with the TCP-level options?
> >
> > Wietse
>
>
> I didn't want to flood the list with output so I only printed what I thoug
>-ht was a complete connection. I am guessing you mean I didn't show enough of
>- the connection. Here is everything I got in that capture:
>
> root@server:~
> $ tcpdump -Avvr /opt/mail/dump12.txt
> reading from file /opt/mail/dump12.txt, link-type EN10MB (Ethernet)
> 19:27:28.397765 IP (tos 0x0, ttl 46, id 18783, offset 0, flags [DF], proto
> TCP (6), length 52)
> mx-ecom.netflix.com.61142 > server.workflowproducts.com.smtp: Flags [S],
> cksum 0x8338 (correct), seq 1953720321, win 5840, options [mss
> 1380,nop,nop,sackOK,nop,wscale 7], length 0
> e.....@....p.kl...,.....tsh..........8.....d........
> 19:27:28.397838 IP (tos 0x0, ttl 64, id 3095, offset 0, flags [DF], proto TCP
> (6), length 52, bad cksum 0 (->24b9)!)
> server.workflowproducts.com.smtp > mx-ecom.netflix.com.61142: Flags [S.],
> cksum 0x0a1b (incorrect -> 0xc31e), seq 1089115808, ack 1953720322, win
> 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
As you can see, both the sending host and the receiving host are
willing to use TCP Window scaling.
This feature is often mis-implemented by crappy firewalls and
routers.
Turn it off, as repeatedly asked by Victor.
Wietse
