Re: [FW-1] Cannot connect until after ping

Subject:	Re: [FW-1] Cannot connect until after ping
From:	"Erik A. Widholm" <erik.widholm AT MOODY DOT EDU>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 27 Oct 2004 07:31:10 -0500

Additional details:


The switch's perspective (monitor port, using Ethereal 0.10.7):
  1   0.00000 66.185.250.1 -> portfolio.moody.edu HTTP C port=2521
  2   2.99032 66.185.250.1 -> portfolio.moody.edu HTTP C port=2521
  3   5.93445 66.185.250.1 -> portfolio.moody.edu HTTP C port=2521
  4  20.52164 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
  5   3.01498 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
  6   5.26413 66.185.250.1 -> portfolio.moody.edu ICMP Echo request (ID: 512 
Sequence number: 62977)
  7   0.00000 portfolio.moody.edu -> 66.185.250.1 ICMP Echo reply (ID: 512 
Sequence number: 62977)
  8   0.77089 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
  9   0.00082 portfolio.moody.edu -> 66.185.250.1 HTTP R port=2531
 10   0.00015 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531

FW1's perspective (fw monitor):
  1   0.00000 66.185.250.1 -> portfolio.moody.edu ICMP Echo request (ID: 512 
Sequence number: 62977)
  2   0.00011 66.185.250.1 -> portfolio.moody.edu ICMP Echo request (ID: 512 
Sequence number: 62977)
  3   0.00001 66.185.250.1 -> portfolio.moody.edu ICMP Echo request (ID: 512 
Sequence number: 62977)
  4   0.00002 66.185.250.1 -> portfolio.moody.edu ICMP Echo request (ID: 512 
Sequence number: 62977)
  5   0.00046 portfolio.moody.edu -> 66.185.250.1 ICMP Echo reply (ID: 512 
Sequence number: 62977)
  6   0.00003 portfolio.moody.edu -> 66.185.250.1 ICMP Echo reply (ID: 512 
Sequence number: 62977)
  7   0.00001 portfolio.moody.edu -> 66.185.250.1 ICMP Echo reply (ID: 512 
Sequence number: 62977)
  8   0.00001 portfolio.moody.edu -> 66.185.250.1 ICMP Echo reply (ID: 512 
Sequence number: 62977)
  9   0.77262 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531
 10   0.00019 66.185.250.1 -> portfolio.moody.edu HTTP C port=2531

You will notice that FW1 doesn't even see the connection until after the ICMP 
has started! Look at the port numbers of the http request...

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Cannot connect until after ping, Erik A. Widholm Re: [FW-1] Cannot connect until after ping, Erik A. Widholm <= Re: [FW-1] Cannot connect until after ping, Dahl-Stamnes Jørn

Previous by Date:	Re: [FW-1] Lost ssh access to SPLAT firewall!, Mike Feetham
Next by Date:	Re: [FW-1] 802.1p VLAN tagging - FW-1 NG - SPLAT or Linux, Torkel Mathisen
Previous by Thread:	[FW-1] Cannot connect until after ping, Erik A. Widholm
Next by Thread:	Re: [FW-1] Cannot connect until after ping, Dahl-Stamnes Jørn
Indexes:	[Date] [Thread] [Top] [All Lists]