If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Xnews failure update in XP Home
Nil wrote in
: On 22 Oct 2014, KenK wrote in microsoft.public.windowsxp.general: Nil wrote in news:XnsA3CAA9A7881F0nilch1 @wheedledeedle.moc: Firewall blocking the port? Turned off Windows firewall. No help so turned it back on. Having a problem finding Kaspersky firewall settings. Next will try Google. You should never have two firewalls running at the same time. Haven't caused a problem in many many years that I know of. If you have Kapersky's firewall, turn off Windows' and leave it off. Try turning off all firewalls temporarily and see if that relieves the problem. Kaspersky firewall accepts Mozxilla stuff so T-bird should not be affected. I don't know how to turn off Kaspersky firewall. I'd also like to turn off Kaspersky entirely temporily to see if it helps but don't know how. Neither is obvious. Back to Google to try to find out. -- You know it's time to clean the refrigerator when something closes the door from the inside. |
Ads |
#17
|
|||
|
|||
Xnews failure update in XP Home
KenK wrote:
Made a mistake as usual. When I looked for Thunderbird in Kaspersky firewall list I missed entry for Mozilla, which it lists as accepted. So if T-bird doesn't work, as it doesn't, then the Kaspersky firewall is not the problem. New grist for the mill: To check for a port 119 problem, someone told me to use Xnews on news.sff.net port 1119 I did and it worked perfectly. Then I turned off Xnews, turned it back on - several times - and the sff news server no longer works, just like Individual and Optimax. Wonder why it worked once? Just like Xnews worked once on all news servers a few days ago. Weirder and weirder. A clue? TIA Ken Good detective work. The fact port 1119 is blocked, suggests the same mechanism that is used to block email relays. If the ISP uses a Deep Packet Inspection box (DPI), they can watch for particular protocols and block them. If you wait a while (more than fifteen minutes), it's just possible 1119 will work for a short time again. Then stop working. Someone tested email relays on our ISP here. And they described how the DPI box would notice the attempt to relay on other than port 25? or whatever it is. And the DPI box would "block" that port for fifteen minutes (even if you ran a different protocol on the port, it remained blocked). Or, until you attempted to relay again. So if you attempted to email relay on Port 80 (as if you were running a web server), it would still recognize the cogent parts of emailing, and stop the transaction. I'm sure there are other explanations. If port 1119 worked forever, or 1119 was blocked forever, we'd have to find another explanation. But if port 1119 "flaps in the breeze", that hints the DPI box at the ISP is involved. If it works sometimes and not others, and if Wireshark is not showing any duplicate packets, that might be it. My ISP even took to (accidentally) blocking web sites with the DPI box. The symptoms, are a lot more RST responses than normal. How web sites are blocked, is as follows ISP ------- RST() ----- ---- RST()---- Like a Man in the Middle (MITM), the ISP sends RST responses, fooling both ends into thinking there is a congestion problem. And causing both ends to drop the connection. And it's all made possible by DPI boxes. It took the idiots at my ISP *three months* to figure out the mistake and stop doing that. The symptoms were not perfectly consistent, but I refuse to believe every major web site (Google) could not be reached at the same time. Do not expect entry-level Tech Support at the ISP to admit to this. You can counter any answer they might attempt to give, by pointing out that any good ISP needs a DPI box, just to block email relays. Using a DPI box, automates the whole process, so no human operator is directly involved. Escalate to the next level of support, or to a manager, if the explanations are "too dumb for words". So wait an hour, and carefully do your port 1119 test again. My expectation is, it'll work for a short time. The DPI box can't block the port forever, because some other protocol might use that port number. Paul |
#18
|
|||
|
|||
Xnews failure update in XP Home
On 23 Oct 2014, KenK wrote in
microsoft.public.windowsxp.general: Haven't caused a problem in many many years that I know of. They are redundant and will be working at cross-purposes, and you will need to maintain the rules in both. You may be experiencing a problem right now. Usually, when you install a third-party firewall, Windows is smart enough to shut off its built in one. You must have intentionally turned it back on. Kaspersky firewall accepts Mozxilla stuff so T-bird should not be affected. Not necessarily. I don't know how to turn off Kaspersky firewall. I'd also like to turn off Kaspersky entirely temporily to see if it helps but don't know how. Neither is obvious. Back to Google to try to find out. I'm surprised you haven't done that already. It should have been one of your first troubleshooting steps. http://www.google.com/search?q=how+t...ersky+firewall |
#19
|
|||
|
|||
Xnews failure update in XP Home
Nil wrote in
: On 23 Oct 2014, KenK wrote in microsoft.public.windowsxp.general: Haven't caused a problem in many many years that I know of. They are redundant and will be working at cross-purposes, and you will need to maintain the rules in both. You may be experiencing a problem right now. Usually, when you install a third-party firewall, Windows is smart enough to shut off its built in one. You must have intentionally turned it back on. Kaspersky firewall accepts Mozxilla stuff so T-bird should not be affected. Not necessarily. I don't know how to turn off Kaspersky firewall. I'd also like to turn off Kaspersky entirely temporily to see if it helps but don't know how. Neither is obvious. Back to Google to try to find out. I'm surprised you haven't done that already. It should have been one of your first troubleshooting steps. http://www.google.com/search?q=how+t...ersky+firewall Turned off Windows and Kaspersky firewalls. Xnews still doesn't work. Turned Kaspersky's back on, left Windows' off. -- You know it's time to clean the refrigerator when something closes the door from the inside. |
#20
|
|||
|
|||
Xnews failure update in XP Home
Paul wrote in :
The fact port 1119 is blocked, suggests the same mechanism that is used to block email relays. If the ISP uses a Deep Packet Inspection box (DPI), they can watch for particular protocols and block them. Some days back I tried the faulty emachine and Xnews on the Sitestar ISP's dial-up connection instead of CenturyLink's DSL. Made no difference. Still didn't work. The backup system with Xnews still works fine, as you can see, with the Sitestar dial-up. If you wait a while (more than fifteen minutes), it's just possible 1119 will work for a short time again. Then stop working. Someone tested email relays on our ISP here. And they described how the DPI box would notice the attempt to relay on other than port 25? or whatever it is. And the DPI box would "block" that port for fifteen minutes (even if you ran a different protocol on the port, it remained blocked). Or, until you attempted to relay again. So if you attempted to email relay on Port 80 (as if you were running a web server), it would still recognize the cogent parts of emailing, and stop the transaction. I'm sure there are other explanations. If port 1119 worked forever, or 1119 was blocked forever, we'd have to find another explanation. But if port 1119 "flaps in the breeze", that hints the DPI box at the ISP is involved. If it works sometimes and not others, and if Wireshark is not showing any duplicate packets, that might be it. Nope. I must have been unclear. It (port 1119 server) only worked once, when I first tried it. Since then I've tried Xnews often and it no longer works. In fact, Xnews worked again this morning when I turned on emachine. Second time this has happened. EXCEPT the port 1119 SERVER! The two 119 port news servers worked. Updated group files (newscr files - these work fine as I'm using them right now on backup system). As happened last time, then Xnews failed repeatedly again. Wonder why it does this? Something else. I just looked and I'm running Optimax server on port 0 on this backup machine! Individual net on port 119. I have not tried the port 1119 server on this machine. My ISP even took to (accidentally) blocking web sites with the DPI box. The symptoms, are a lot more RST responses than normal. How web sites are blocked, is as follows ISP ------- RST() ----- ---- RST()---- Like a Man in the Middle (MITM), the ISP sends RST responses, fooling both ends into thinking there is a congestion problem. And causing both ends to drop the connection. And it's all made possible by DPI boxes. It took the idiots at my ISP *three months* to figure out the mistake and stop doing that. The symptoms were not perfectly consistent, but I refuse to believe every major web site (Google) could not be reached at the same time. Do not expect entry-level Tech Support at the ISP to admit to this. You can counter any answer they might attempt to give, by pointing out that any good ISP needs a DPI box, just to block email relays. Using a DPI box, automates the whole process, so no human operator is directly involved. Escalate to the next level of support, or to a manager, if the explanations are "too dumb for words". So wait an hour, and carefully do your port 1119 test again. My expectation is, it'll work for a short time. The DPI box can't block the port forever, because some other protocol might use that port number. See earlier response. It only worked once, didn't every time since. Paul I think I told you I turned off Kaspersky's and Windows' firewalls yesterday on the emachine and tried Xnews. No help. Turned Kaspersky's firewall back on, left Windows' off. Ken -- You know it's time to clean the refrigerator when something closes the door from the inside. |
#21
|
|||
|
|||
Xnews failure update in XP Home
KenK wrote:
I think I told you I turned off Kaspersky's and Windows' firewalls yesterday on the emachine and tried Xnews. No help. Turned Kaspersky's firewall back on, left Windows' off. Ken So as a form of summary... 1) Web surfing, lengthy downloads, all work normally. 2) Only Xnews is affected. Symptoms are not constant. 3) Is the home networking box the same, or is a brand new ADSL modem/router in the picture ? Then the router portion is a new ingredient. 4) In the case of (3), going back to dialup, on the same computer with the trouble, should cure the problem. Xnews should work consistently, if dialup is running and *cable running to router is disconnected*. 5) Wireshark is your friend. 6) Other ports are available, like 563 or 443 on the external news server. But if you use those, it makes the Wireshark trace unreadable. Only port 119 or port 80 are candidates for that. And Xnews might not be the best candidate for testing all those ports. Thunderbird could be used for that. Since I'm just not seeing a pattern I can work with, you're going to have to search for a pattern for me. In the one trace you've shown me, I see traces of UPNP, of IPV6 router protocols, as well as the USENET news actibity (that was failing). But I'm failing to lace together what Xnews is doing with respect to two servers at once. I don't understand it well enough to comment. I'm not seeing the normal sequence I see here in Wireshark, when using a USENET server (with authentication). Paul |
#22
|
|||
|
|||
Xnews failure update in XP Home
Paul wrote in :
KenK wrote: I think I told you I turned off Kaspersky's and Windows' firewalls yesterday on the emachine and tried Xnews. No help. Turned Kaspersky's firewall back on, left Windows' off. Ken So as a form of summary... 1) Web surfing, lengthy downloads, all work normally. Yes 2) Only Xnews is affected. Symptoms are not constant. No. Also Thunderbird and Xananews. Also: both Optimax and Individual news servers worked fine again this morning - once. This is the third time this has happened. I shut down Xnews and restarted several times without changing anything. It refused to work again. This is frantically trying to tell me something but I don't know what. 3) Is the home networking box the same, or is a brand new ADSL modem/router in the picture ? Then the router portion is a new ingredient. The emachine, which doesn't work, uses the new DSL modem. The Compaq, which works, uses a dial-up modem and a different ISP. 4) In the case of (3), going back to dialup, on the same computer with the trouble, should cure the problem. Xnews should work consistently, if dialup is running and *cable running to router is disconnected*. I tried the emachine on the dial-up modem a few weeks ago and the newsreader didn't work that way either. I'm going to try this again this week. 5) Wireshark is your friend. 6) Other ports are available, like 563 or 443 on the external news server. I've tried 0, 110, and 1119. None works on emachine. I use Xnews and Compaq work wirh port 0 or 119 for Optimax and 119 for Individual. I've not tried Thunderboird or Xananews on the Compaq machine as Xnews works fine. But if you use those, it makes the Wireshark trace unreadable. Only port 119 or port 80 are candidates for that. And Xnews might not be the best candidate for testing all those ports. Thunderbird could be used for that. Since I'm just not seeing a pattern I can work with, you're going to have to search for a pattern for me. In the one trace you've shown me, I see traces of UPNP, of IPV6 router protocols, as well as the USENET news actibity (that was failing). But I'm failing to lace together what Xnews is doing with respect to two servers at once. I don't understand it well enough to comment. I'm not seeing the normal sequence I see here in Wireshark, when using a USENET server (with authentication). Paul Today I'm searching Google for a clue and will try Wireshark with T-bird again. Maybe I can find a Wireshark option that will make the results clearer. Ken -- You know it's time to clean the refrigerator when something closes the door from the inside. |
#23
|
|||
|
|||
Xnews failure update in XP Home
Paul wrote in :
Since I'm just not seeing a pattern I can work with, you're going to have to search for a pattern for me. Is there a way to make the Wireshark printout look as clear and understandable as the screen trace display? I find them very different. Any hints please? Also, how can I save the printout to a file so I can send it, or part of it, to you here if it seems interesting? TIA Ken -- You know it's time to clean the refrigerator when something closes the door from the inside. |
#24
|
|||
|
|||
Xnews failure update in XP Home
KenK wrote:
Paul wrote in : Since I'm just not seeing a pattern I can work with, you're going to have to search for a pattern for me. Is there a way to make the Wireshark printout look as clear and understandable as the screen trace display? I find them very different. Any hints please? Also, how can I save the printout to a file so I can send it, or part of it, to you here if it seems interesting? TIA Ken I made this one, by selecting "Print", in the Print dialog box, selecting the "Generic/Text" output option, instead of my regular printer. No. Time Source Destination Protocol Info 1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.16 Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) Ethernet II, Src: 192.168.20.180 (00:1f:c6:8c:dc:f4), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) The first line of that, matches the screen (the output seems to truncate after 80 characters or so, perhaps a printer characteristic). I would have to edit and remove the three lines below. Once edited, I would get No. Time Source Destination Protocol Info 1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.16 The truncation ruins it a bit. ******* If I use Export, I can output to text or Postscript. The Postscript you can open in GIMP (assuming you've set it up to handle PostScript). Some other viewers probably handle PostScript as well. You can paste the PostScript or the text, to pastebin.com as a means of passing the trace. Then post a URL. PostScript is a printer language, related to PDF, and Distiller accepts PostScript as an input format for making documents. Years ago, you had a good selection of printers that accepted PostScript. No. Time Source Destination Protocol Info 1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.168.20.180 Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) Ethernet II, Src: 192.168.20.180 (00:1f:c6:8c:dc:f4), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) I ticked the first two boxes in the options to get that. "Packet Summary" and "Packet Details" (As Displayed). Now, if I just select "Packet Summary", that doesn't look bad. Using Packet Summary, there is less to edit out. No. Time Source Destination Protocol Info 1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.168.2.180 When you have "View:Name Resolution" turned on in the main screen, that changes the numeric value of my Destination example to "Broadcast", rather than displaying the number. Since 192.168.20.180 is a non-routeable address, and there is also no DNS entry for it, the "View" option cannot translate it. But when you contact "news.individual.net", you should see the text for that and not a number. As long as all the View:Name Resolution items are ticked (turned on). I'm not suggesting Pastebin.com as a means to encourage a humongous trace, but as a convenient means to pass text. USENET posts do have a size limit, and Pastebin.com can go larger than that. If there are any USERNAME or PASSWORD elements in your trace, don't forget to edit them out (with XXXXXXXX or similar). HTH, Paul |
#25
|
|||
|
|||
Xnews failure update in XP Home
I don't know if this is related to your problem or not, but I'll share
it as a possibility. I had something similar happen a long long time ago where I was getting intermittent connections with my NSP (newsgroup service provider). I could randomly connect sometimes but other times I couldn't, sometimes even just a few minutes apart. I called the NSP and it turned out that they had a bank of modems that was failing. Some modems were okay but others were not, and it was the luck of the draw which modem you happened to get. They replaced the modems and my problems went away. You've probably already thought of this but I just thought I'd throw it out there. Dee |
#26
|
|||
|
|||
Xnews failure update in XP Home
Paul wrote in :
If there are any USERNAME or PASSWORD elements in your trace, don't forget to edit them out (with XXXXXXXX or similar). Hi Paul Here's an Wireshark Xnews printout, much briefer and clearer than the last one. However, I still don't understand my problem. Here it is - authentication code and user name are Xed out. 30 Standard query response 0x8934 A 130.133.4.11 31 Standard query 0x1e4d A news.optimax.com 32 Standard query response 0x1e4d A 98.100.194.170 33 Standard query 0xd346 A news.sff.net 34 Standard query response 0xd346 A 71.252.193.52 35 webobjects nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM= 1 36 cplscrambler-in bnetgame [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 37 cplscrambler-al nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 38 bnetgame cplscrambler-in [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1452 SACK_PERM=1 39 cplscrambler-in bnetgame [ACK] Seq=1 Ack=1 Win=65535 Len=0 40 bnetgame cplscrambler-in [PSH, ACK] Seq=1 Ack=1 Win=65535 Len= 86 41 nntp cplscrambler-al [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1452 SACK_PERM=1 42 cplscrambler-al nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0 43 nntp webobjects [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1452 SACK_PERM=1 44 webobjects nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0 45 cplscrambler-in bnetgame [PSH, ACK] Seq=1 Ack=87 Win=65449 Len= 13 46 bnetgame cplscrambler-in [PSH, ACK] Seq=87 Ack=14 Win=65522 Len=41 47 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24 48 cplscrambler-al nntp [ACK] Seq=1 Ack=42 Win=65494 Len=0 49 cplscrambler-in bnetgame [ACK] Seq=14 Ack=128 Win=65408 Len=0 50 cplscrambler-in bnetgame [PSH, ACK] Seq=14 Ack=128 Win=65408 Len=32 51 bnetgame cplscrambler-in [PSH, ACK] Seq=128 Ack=46 Win=65490 Len=52 52 Response: 200 The server welcomes 71-223-138-135.phnx.qwest.net (71.223.138.135). Authorization required for reading and posting. 53 cplscrambler-in bnetgame [ACK] Seq=46 Ack=180 Win=65356 Len=0 54 Request: MODE READER 55 Request: MODE READER 56 Response: 200 ignored 57 nntp webobjects [ACK] Seq=122 Ack=14 Win=14600 Len=0 58 Response: 200 You are already in this mode. Ignored. 59 Request: AUTHINFO USER xxxxxxxxxxxxx 60 Request: GROUP sdforum.newsreaders 61 Response: 211 189 1 189 sdforum.newsreaders 62 Response: 381 PASS required 63 Request: AUTHINFO PASS xxxxxxxxxxxx 64 cplscrambler-al nntp [ACK] Seq=41 Ack=90 Win=65446 Len=0 65 Response: 281 Authentication accepted. (UID=307388) 66 Request: GROUP alt.food.fat-free 67 Response: 211 2 42452 42453 alt.food.fat-free 68 webobjects nntp [ACK] Seq=92 Ack=265 Win=65271 Len=0 69 avocent-proxy https [FIN, ACK] Seq=1304 Ack=266 Win=65270 Len=0 70 https avocent-proxy [ACK] Seq=266 Ack=1305 Win=65535 Len=0 71 https avocent-proxy [FIN, ACK] Seq=266 Ack=1305 Win=65535 Len=0 72 avocent-proxy https [ACK] Seq=1305 Ack=267 Win=65270 Len=0 73 Who has 192.168.0.2? Tell 192.168.0.1 74 192.168.0.2 is at 00:11:11:5a:b1:0c 75 NOTIFY * HTTP/1.1 76 NOTIFY * HTTP/1.1 77 NOTIFY * HTTP/1.1 78 NOTIFY * HTTP/1.1 79 cplscrambler-al nntp [FIN, ACK] Seq=41 Ack=90 Win=65446 Len=0 80 nntp cplscrambler-al [ACK] Seq=90 Ack=42 Win=65495 Len=0 81 nntp cplscrambler-al [FIN, ACK] Seq=90 Ack=42 Win=65495 Len=0 82 cplscrambler-al nntp [ACK] Seq=42 Ack=91 Win=65446 Len=0 83 webobjects nntp [FIN, ACK] Seq=92 Ack=265 Win=65271 Len=0 84 Response: 205 . 85 nntp webobjects [FIN, ACK] Seq=272 Ack=93 Win=14600 Len=0 86 webobjects nntp [ACK] Seq=93 Ack=273 Win=65264 Len=0 87 cplscrambler-in bnetgame [PSH, ACK] Seq=46 Ack=180 Win=65356 Len=6 88 bnetgame cplscrambler-in [PSH, ACK] Seq=180 Ack=52 Win=65484 Len=35 89 bnetgame cplscrambler-in [FIN, ACK] Seq=215 Ack=52 Win=65484 Len=0 90 cplscrambler-in bnetgame [ACK] Seq=52 Ack=216 Win=65321 Len=0 91 cplscrambler-in bnetgame [FIN, ACK] Seq=52 Ack=216 Win=65321 Len=0 92 bnetgame cplscrambler-in [ACK] Seq=216 Ack=53 Win=65484 Len=0 Any clues? I also did this with T-bird but I see no clues in it. Do you want to see it? TIA Ken -- You know it's time to clean the refrigerator when something closes the door from the inside. |
#27
|
|||
|
|||
Xnews failure update in XP Home
KenK wrote:
Paul wrote in : If there are any USERNAME or PASSWORD elements in your trace, don't forget to edit them out (with XXXXXXXX or similar). Hi Paul Here's an Wireshark Xnews printout, much briefer and clearer than the last one. However, I still don't understand my problem. Here it is - authentication code and user name are Xed out. 30 Standard query response 0x8934 A 130.133.4.11 31 Standard query 0x1e4d A news.optimax.com 32 Standard query response 0x1e4d A 98.100.194.170 33 Standard query 0xd346 A news.sff.net 34 Standard query response 0xd346 A 71.252.193.52 35 webobjects nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM= 1 36 cplscrambler-in bnetgame [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 37 cplscrambler-al nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 38 bnetgame cplscrambler-in [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1452 SACK_PERM=1 39 cplscrambler-in bnetgame [ACK] Seq=1 Ack=1 Win=65535 Len=0 40 bnetgame cplscrambler-in [PSH, ACK] Seq=1 Ack=1 Win=65535 Len= 86 41 nntp cplscrambler-al [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1452 SACK_PERM=1 42 cplscrambler-al nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0 43 nntp webobjects [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1452 SACK_PERM=1 44 webobjects nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0 45 cplscrambler-in bnetgame [PSH, ACK] Seq=1 Ack=87 Win=65449 Len= 13 46 bnetgame cplscrambler-in [PSH, ACK] Seq=87 Ack=14 Win=65522 Len=41 47 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24 48 cplscrambler-al nntp [ACK] Seq=1 Ack=42 Win=65494 Len=0 49 cplscrambler-in bnetgame [ACK] Seq=14 Ack=128 Win=65408 Len=0 50 cplscrambler-in bnetgame [PSH, ACK] Seq=14 Ack=128 Win=65408 Len=32 51 bnetgame cplscrambler-in [PSH, ACK] Seq=128 Ack=46 Win=65490 Len=52 52 Response: 200 The server welcomes 71-223-138-135.phnx.qwest.net (71.223.138.135). Authorization required for reading and posting. 53 cplscrambler-in bnetgame [ACK] Seq=46 Ack=180 Win=65356 Len=0 54 Request: MODE READER 55 Request: MODE READER 56 Response: 200 ignored 57 nntp webobjects [ACK] Seq=122 Ack=14 Win=14600 Len=0 58 Response: 200 You are already in this mode. Ignored. 59 Request: AUTHINFO USER xxxxxxxxxxxxx 60 Request: GROUP sdforum.newsreaders 61 Response: 211 189 1 189 sdforum.newsreaders 62 Response: 381 PASS required 63 Request: AUTHINFO PASS xxxxxxxxxxxx 64 cplscrambler-al nntp [ACK] Seq=41 Ack=90 Win=65446 Len=0 65 Response: 281 Authentication accepted. (UID=307388) 66 Request: GROUP alt.food.fat-free 67 Response: 211 2 42452 42453 alt.food.fat-free 68 webobjects nntp [ACK] Seq=92 Ack=265 Win=65271 Len=0 69 avocent-proxy https [FIN, ACK] Seq=1304 Ack=266 Win=65270 Len=0 70 https avocent-proxy [ACK] Seq=266 Ack=1305 Win=65535 Len=0 71 https avocent-proxy [FIN, ACK] Seq=266 Ack=1305 Win=65535 Len=0 72 avocent-proxy https [ACK] Seq=1305 Ack=267 Win=65270 Len=0 73 Who has 192.168.0.2? Tell 192.168.0.1 74 192.168.0.2 is at 00:11:11:5a:b1:0c 75 NOTIFY * HTTP/1.1 76 NOTIFY * HTTP/1.1 77 NOTIFY * HTTP/1.1 78 NOTIFY * HTTP/1.1 79 cplscrambler-al nntp [FIN, ACK] Seq=41 Ack=90 Win=65446 Len=0 80 nntp cplscrambler-al [ACK] Seq=90 Ack=42 Win=65495 Len=0 81 nntp cplscrambler-al [FIN, ACK] Seq=90 Ack=42 Win=65495 Len=0 82 cplscrambler-al nntp [ACK] Seq=42 Ack=91 Win=65446 Len=0 83 webobjects nntp [FIN, ACK] Seq=92 Ack=265 Win=65271 Len=0 84 Response: 205 . 85 nntp webobjects [FIN, ACK] Seq=272 Ack=93 Win=14600 Len=0 86 webobjects nntp [ACK] Seq=93 Ack=273 Win=65264 Len=0 87 cplscrambler-in bnetgame [PSH, ACK] Seq=46 Ack=180 Win=65356 Len=6 88 bnetgame cplscrambler-in [PSH, ACK] Seq=180 Ack=52 Win=65484 Len=35 89 bnetgame cplscrambler-in [FIN, ACK] Seq=215 Ack=52 Win=65484 Len=0 90 cplscrambler-in bnetgame [ACK] Seq=52 Ack=216 Win=65321 Len=0 91 cplscrambler-in bnetgame [FIN, ACK] Seq=52 Ack=216 Win=65321 Len=0 92 bnetgame cplscrambler-in [ACK] Seq=216 Ack=53 Win=65484 Len=0 Any clues? I also did this with T-bird but I see no clues in it. Do you want to see it? TIA Ken Yes, but it's talking to two servers in that trace. Removing the IP addresses, now you can't tell which line belongs to which conversation. Here, both servers welcome you, which means your packet got routed to them on port 119 OK. 47 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24 52 Response: 200 The server welcomes 71-223-138-135.phnx.qwest.net (71.223.138.135). Authorization required for reading and posting. One server gets bored, because your client didn't send it anything further. It closes the connection, presumably on timeout. Servers use short timeout constants, so not too many connections are open in the connection table of the server (each one takes RAM). 84 Response: 205 . The other server, you send it authentication, and can get as far as querying the low water and high water marks on one newsgroup. But then it doesn't fetch anything. So it doesn't seem to have done anything with this info. Or maybe Xnews is now trying to contact the local server it runs or something ? I don't really understand how Xnews works. What its purpose is. 67 Response: 211 2 42452 42453 alt.food.fat-free The Thunderbird trace should be easier to read, as it's going to be working with just one server at a time, And it doesn't run its own server, use an external program for SSL, and so on. The trace should be easier to read (in theory). Paul |
#28
|
|||
|
|||
Xnews failure update in XP Home
Paul wrote in :
The Thunderbird trace should be easier to read, as it's going to be working with just one server at a time, And it doesn't run its own server, use an external program for SSL, and so on. The trace should be easier to read (in theory). OK. Here's the T-bird trace I made a couple of days ago. 1 http media-agent [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 2 http piccolo [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 3 Standard query 0x605d A www.mozilla.org 4 Standard query response 0x605d CNAME mozorg.dynect.mozilla.net A 63.245.215.20 5 fc-faultnotify https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 6 https fc-faultnotify [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1452 SACK_PERM=1 7 fc-faultnotify https [ACK] Seq=1 Ack=1 Win=65535 Len=0 8 Client Hello 9 https fc-faultnotify [ACK] Seq=1 Ack=149 Win=15544 Len=0 10 Server Hello 11 [TCP segment of a reassembled PDU] 12 fc-faultnotify https [ACK] Seq=149 Ack=2905 Win=65535 Len=0 13 Certificate 14 fc-faultnotify https [ACK] Seq=149 Ack=3894 Win=64546 Len=0 15 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 16 Change Cipher Spec, Encrypted Handshake Message 17 Application Data 18 Application Data 19 Application Data 20 [TCP segment of a reassembled PDU] 21 Application Data 22 fc-faultnotify https [ACK] Seq=1301 Ack=7435 Win=65535 Len=0 23 Application Data 24 [TCP segment of a reassembled PDU] 25 [TCP segment of a reassembled PDU] 26 fc-faultnotify https [ACK] Seq=1754 Ack=10339 Win=65535 Len=0 27 Application Data 28 Application Data 29 [TCP segment of a reassembled PDU] 30 [TCP segment of a reassembled PDU] 31 fc-faultnotify https [ACK] Seq=2207 Ack=13368 Win=65535 Len=0 32 [TCP segment of a reassembled PDU] 33 fc-faultnotify https [ACK] Seq=2207 Ack=14820 Win=65535 Len=0 34 Application Data 35 Application Data 36 [TCP segment of a reassembled PDU] 37 [TCP segment of a reassembled PDU] 38 fc-faultnotify https [ACK] Seq=2660 Ack=18445 Win=65535 Len=0 39 [TCP segment of a reassembled PDU] 40 fc-faultnotify https [ACK] Seq=2660 Ack=19897 Win=65535 Len=0 41 Application Data 42 fc-faultnotify https [ACK] Seq=2660 Ack=20378 Win=65054 Len=0 43 Application Data 44 [TCP segment of a reassembled PDU] 45 [TCP segment of a reassembled PDU] 46 fc-faultnotify https [ACK] Seq=3129 Ack=23282 Win=65535 Len=0 47 [TCP segment of a reassembled PDU] 48 fc-faultnotify https [ACK] Seq=3129 Ack=24734 Win=65535 Len=0 49 [TCP segment of a reassembled PDU] 50 [TCP segment of a reassembled PDU] 51 fc-faultnotify https [ACK] Seq=3129 Ack=27638 Win=65535 Len=0 52 Application Data 53 Application Data 54 vrts-at-port https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 55 [TCP segment of a reassembled PDU] 56 [TCP segment of a reassembled PDU] 57 fc-faultnotify https [ACK] Seq=3582 Ack=30791 Win=65535 Len=0 58 [TCP segment of a reassembled PDU] 59 fc-faultnotify https [ACK] Seq=3582 Ack=32243 Win=65535 Len=0 60 [TCP segment of a reassembled PDU] 61 [TCP segment of a reassembled PDU] 62 fc-faultnotify https [ACK] Seq=3582 Ack=35147 Win=65535 Len=0 63 [TCP segment of a reassembled PDU] 64 fc-faultnotify https [ACK] Seq=3582 Ack=36599 Win=65535 Len=0 65 [TCP segment of a reassembled PDU] 66 [TCP segment of a reassembled PDU] 67 fc-faultnotify https [ACK] Seq=3582 Ack=39503 Win=65535 Len=0 68 [TCP segment of a reassembled PDU] 69 fc-faultnotify https [ACK] Seq=3582 Ack=40955 Win=65535 Len=0 70 [TCP segment of a reassembled PDU] 71 https vrts-at-port [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS= 1452 SACK_PERM=1 72 vrts-at-port https [ACK] Seq=1 Ack=1 Win=65535 Len=0 73 Client Hello 74 [TCP segment of a reassembled PDU] 75 fc-faultnotify https [ACK] Seq=3582 Ack=43859 Win=65535 Len=0 76 Application Data 77 fc-faultnotify https [ACK] Seq=3582 Ack=45311 Win=65535 Len=0 78 [TCP segment of a reassembled PDU] 79 [TCP segment of a reassembled PDU] 80 fc-faultnotify https [ACK] Seq=3582 Ack=48215 Win=65535 Len=0 81 [TCP segment of a reassembled PDU] 82 fc-faultnotify https [ACK] Seq=3582 Ack=49667 Win=65535 Len=0 83 [TCP segment of a reassembled PDU] 84 [TCP segment of a reassembled PDU] 85 fc-faultnotify https [ACK] Seq=3582 Ack=52571 Win=65535 Len=0 86 [TCP segment of a reassembled PDU] 87 fc-faultnotify https [ACK] Seq=3582 Ack=54023 Win=65535 Len=0 88 [TCP segment of a reassembled PDU] 89 [TCP segment of a reassembled PDU] 90 fc-faultnotify https [ACK] Seq=3582 Ack=56927 Win=65535 Len=0 91 [TCP segment of a reassembled PDU] 92 fc-faultnotify https [ACK] Seq=3582 Ack=58379 Win=65535 Len=0 93 [TCP segment of a reassembled PDU] 94 Application Data 95 fc-faultnotify https [ACK] Seq=3582 Ack=61283 Win=65535 Len=0 96 [TCP segment of a reassembled PDU] 97 fc-faultnotify https [ACK] Seq=3582 Ack=62735 Win=65535 Len=0 98 https vrts-at-port [ACK] Seq=1 Ack=181 Win=15544 Len=0 99 Server Hello, Change Cipher Spec, Encrypted Handshake Message 100 Change Cipher Spec, Encrypted Handshake Message, Application Data 101 [TCP segment of a reassembled PDU] 102 [TCP segment of a reassembled PDU] 103 fc-faultnotify https [ACK] Seq=3582 Ack=65639 Win=65535 Len=0 104 [TCP segment of a reassembled PDU] 105 fc-faultnotify https [ACK] Seq=3582 Ack=67091 Win=65535 Len=0 106 [TCP segment of a reassembled PDU] 107 [TCP segment of a reassembled PDU] 108 fc-faultnotify https [ACK] Seq=3582 Ack=69995 Win=65535 Len=0 109 [TCP segment of a reassembled PDU] 110 fc-faultnotify https [ACK] Seq=3582 Ack=71447 Win=65535 Len=0 111 [TCP segment of a reassembled PDU] 112 [TCP segment of a reassembled PDU] 113 fc-faultnotify https [ACK] Seq=3582 Ack=74351 Win=65535 Len=0 114 [TCP segment of a reassembled PDU] 115 fc-faultnotify https [ACK] Seq=3582 Ack=75803 Win=65535 Len=0 116 Application Data 117 [TCP segment of a reassembled PDU] 118 fc-faultnotify https [ACK] Seq=3582 Ack=78707 Win=65535 Len=0 119 [TCP segment of a reassembled PDU] 120 fc-faultnotify https [ACK] Seq=3582 Ack=80159 Win=65535 Len=0 121 [TCP segment of a reassembled PDU] 122 [TCP segment of a reassembled PDU] 123 fc-faultnotify https [ACK] Seq=3582 Ack=83063 Win=65535 Len=0 124 [TCP segment of a reassembled PDU] 125 fc-faultnotify https [ACK] Seq=3582 Ack=84515 Win=65535 Len=0 126 [TCP segment of a reassembled PDU] 127 [TCP segment of a reassembled PDU] 128 fc-faultnotify https [ACK] Seq=3582 Ack=87419 Win=65535 Len=0 129 [TCP segment of a reassembled PDU] 130 fc-faultnotify https [ACK] Seq=3582 Ack=88871 Win=65535 Len=0 131 Application Data 132 [TCP segment of a reassembled PDU] 133 [TCP segment of a reassembled PDU] 134 vrts-at-port https [ACK] Seq=709 Ack=3043 Win=65535 Len=0 135 [TCP segment of a reassembled PDU] 136 vrts-at-port https [ACK] Seq=709 Ack=4495 Win=65535 Len=0 137 [TCP segment of a reassembled PDU] 138 [TCP segment of a reassembled PDU] 139 vrts-at-port https [ACK] Seq=709 Ack=7399 Win=65535 Len=0 140 [TCP segment of a reassembled PDU] 141 vrts-at-port https [ACK] Seq=709 Ack=8851 Win=65535 Len=0 142 [TCP segment of a reassembled PDU] 143 [TCP segment of a reassembled PDU] 144 vrts-at-port https [ACK] Seq=709 Ack=11755 Win=65535 Len=0 145 [TCP segment of a reassembled PDU] 146 vrts-at-port https [ACK] Seq=709 Ack=13207 Win=65535 Len=0 147 Application Data 148 vrts-at-port https [ACK] Seq=709 Ack=13984 Win=64758 Len=0 149 fc-faultnotify https [ACK] Seq=3582 Ack=88883 Win=65523 Len=0 150 Encrypted Alert 151 vrts-at-port https [FIN, ACK] Seq=746 Ack=13984 Win=64758 Len=0 152 Encrypted Alert 153 fc-faultnotify https [FIN, ACK] Seq=3619 Ack=88883 Win=65523 Len=0 154 https vrts-at-port [FIN, ACK] Seq=13984 Ack=747 Win=16616 Len=0 155 vrts-at-port https [ACK] Seq=747 Ack=13985 Win=64758 Len=0 156 https fc-faultnotify [FIN, ACK] Seq=88883 Ack=3620 Win=24120 Len=0 157 fc-faultnotify https [ACK] Seq=3620 Ack=88884 Win=65523 Len=0 158 Standard query 0x5952 A safebrowsing.google.com 159 Standard query 0x6a02 A safebrowsing.google.com 160 Standard query response 0x5952 CNAME sb.l.google.com A 74.125.224.133 A 74.125.224.132 A 74.125.224.137 A 74.125.224.128 A 74.125.224.130 A 74.125.224.131 A 74.125.224.136 A 74.125.224.142 A 74.125.224.129 A 74.125.224.134 A 74.125.224.135 161 Standard query response 0x6a02 CNAME sb.l.google.com A 74.125.224.137 A 74.125.224.128 A 74.125.224.130 A 74.125.224.131 A 74.125.224.136 A 74.125.224.142 A 74.125.224.129 A 74.125.224.134 A 74.125.224.135 A 74.125.224.133 A 74.125.224.132 162 slc-systemlog https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 163 https slc-systemlog [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS= 1430 SACK_PERM=1 164 slc-systemlog https [ACK] Seq=1 Ack=1 Win=65535 Len=0 165 Client Hello 166 https slc-systemlog [ACK] Seq=1 Ack=191 Win=43952 Len=0 167 Server Hello 168 [TCP segment of a reassembled PDU] 169 slc-systemlog https [ACK] Seq=191 Ack=2861 Win=65535 Len=0 170 Certificate 171 slc-systemlog https [ACK] Seq=191 Ack=3945 Win=64451 Len=0 172 Standard query 0xb9b9 A clients1.google.com 173 Standard query response 0xb9b9 CNAME clients.l.google.com A 74.125.224.128 A 74.125.224.133 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 A 74.125.224.142 174 Client Key Exchange, Change Cipher Spec, Hello Request, Hello Request 175 Standard query 0x0f21 A clients1.google.com 176 Standard query response 0x0f21 CNAME clients.l.google.com A 74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 A 74.125.224.142 A 74.125.224.128 A 74.125.224.133 A 74.125.224.135 A 74.125.224.132 177 silkp2 http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 178 New Session Ticket, Change Cipher Spec, Hello Request, Hello Request 179 Application Data 180 slc-systemlog https [ACK] Seq=353 Ack=4248 Win=64148 Len=0 181 Application Data 182 http silkp2 [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430 SACK_PERM=1 183 silkp2 http [ACK] Seq=1 Ack=1 Win=65535 Len=0 184 Request 185 http silkp2 [ACK] Seq=1 Ack=435 Win=43952 Len=0 186 slc-systemlog https [ACK] Seq=353 Ack=4293 Win=65535 Len=0 187 Response 188 silkp2 http [ACK] Seq=435 Ack=783 Win=64753 Len=0 189 Application Data 190 https slc-systemlog [ACK] Seq=4293 Ack=418 Win=45024 Len=0 191 Application Data, Application Data 192 https slc-systemlog [ACK] Seq=4293 Ack=1362 Win=46256 Len=0 193 Application Data 194 Application Data, Application Data 195 slc-systemlog https [ACK] Seq=1362 Ack=5065 Win=64763 Len=0 196 Application Data 197 Standard query 0x7fb6 A safebrowsing-cache.google.com 198 https slc-systemlog [ACK] Seq=5065 Ack=1403 Win=46256 Len=0 199 Standard query 0x2f49 A safebrowsing-cache.google.com 200 Standard query response 0x7fb6 CNAME safebrowsing.cache.l.google.com A 74.125.224.131 A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 201 Standard query response 0x2f49 CNAME safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 202 evtp https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 203 https evtp [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430 SACK_PERM=1 204 evtp https [ACK] Seq=1 Ack=1 Win=65535 Len=0 205 Client Hello 206 https evtp [ACK] Seq=1 Ack=518 Win=43952 Len=0 207 Server Hello, Change Cipher Spec, Hello Request, Hello Request 208 Change Cipher Spec, Hello Request, Hello Request, Application Data, Application Data 209 Application Data 210 Application Data 211 evtp https [ACK] Seq=1287 Ack=284 Win=65252 Len=0 212 Application Data 213 Application Data, Application Data 214 evtp https [ACK] Seq=1287 Ack=770 Win=64766 Len=0 215 Application Data 216 Standard query 0xbde9 A safebrowsing-cache.google.com 217 Standard query response 0xbde9 CNAME safebrowsing.cache.l.google.com A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A 74.125.224.133 218 https evtp [ACK] Seq=770 Ack=1328 Win=45371 Len=0 219 Application Data 220 https evtp [ACK] Seq=770 Ack=1955 Win=46909 Len=0 221 Application Data 222 Application Data 223 evtp https [ACK] Seq=1955 Ack=2272 Win=65535 Len=0 224 Application Data 225 Application Data 226 evtp https [ACK] Seq=1955 Ack=2404 Win=65403 Len=0 227 Application Data 228 Standard query 0xaab3 A safebrowsing-cache.google.com 229 Standard query response 0xaab3 CNAME safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 230 https evtp [ACK] Seq=2404 Ack=1996 Win=46909 Len=0 231 Application Data 232 https evtp [ACK] Seq=2404 Ack=2620 Win=48447 Len=0 233 Application Data 234 Application Data 235 evtp https [ACK] Seq=2620 Ack=3904 Win=65535 Len=0 236 Application Data 237 Application Data 238 evtp https [ACK] Seq=2620 Ack=5993 Win=65535 Len=0 239 Application Data 240 Application Data 241 https evtp [ACK] Seq=6034 Ack=2661 Win=48447 Len=0 242 j-lan-p nntp [FIN, ACK] Seq=1 Ack=1 Win=65448 Len=0 243 nntp j-lan-p [ACK] Seq=1 Ack=2 Win=65499 Len=0 244 nntp j-lan-p [FIN, ACK] Seq=1 Ack=2 Win=65499 Len=0 245 j-lan-p nntp [ACK] Seq=2 Ack=2 Win=65448 Len=0 246 netsteward nntp [FIN, ACK] Seq=1 Ack=1 Win=65450 Len=0 247 nntp netsteward [ACK] Seq=1 Ack=2 Win=65503 Len=0 248 nntp netsteward [FIN, ACK] Seq=1 Ack=2 Win=65503 Len=0 249 netsteward nntp [ACK] Seq=2 Ack=2 Win=65450 Len=0 Any better? Or is there something I should have left in the scan? IIRC, this is just Optimax set to port 119. More news this morning. On the emachine, the SFF news server using 1119 port continues to work. So I emailed Individual net and they told me to try 8119 port, among others. Tried it and Individual worked perfectly! (Optimax still no go with 119.) Restarted Xnews multiple times. No problems. Then left and returned a few hours later. Restarted Xnews, now Individual doesn't work again! Checked and still set to 8119. This is really weird. An ISP (CenturyLink) problem? Emachine problem? I'm thoroughly snowed, especially with the changing symptoms. Everytime I think I have it fixed the problem returns! sigh Ken -- You know it's time to clean the refrigerator when something closes the door from the inside. |
#29
|
|||
|
|||
Xnews failure update in XP Home
KenK wrote:
Paul wrote in : The Thunderbird trace should be easier to read, as it's going to be working with just one server at a time, And it doesn't run its own server, use an external program for SSL, and so on. The trace should be easier to read (in theory). OK. Here's the T-bird trace I made a couple of days ago. 1 http media-agent [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 2 http piccolo [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 3 Standard query 0x605d A www.mozilla.org 4 Standard query response 0x605d CNAME mozorg.dynect.mozilla.net A 63.245.215.20 5 fc-faultnotify https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 6 https fc-faultnotify [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1452 SACK_PERM=1 7 fc-faultnotify https [ACK] Seq=1 Ack=1 Win=65535 Len=0 8 Client Hello 9 https fc-faultnotify [ACK] Seq=1 Ack=149 Win=15544 Len=0 10 Server Hello 11 [TCP segment of a reassembled PDU] 12 fc-faultnotify https [ACK] Seq=149 Ack=2905 Win=65535 Len=0 13 Certificate 14 fc-faultnotify https [ACK] Seq=149 Ack=3894 Win=64546 Len=0 15 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 16 Change Cipher Spec, Encrypted Handshake Message 17 Application Data 18 Application Data 19 Application Data 20 [TCP segment of a reassembled PDU] 21 Application Data 22 fc-faultnotify https [ACK] Seq=1301 Ack=7435 Win=65535 Len=0 23 Application Data 24 [TCP segment of a reassembled PDU] 25 [TCP segment of a reassembled PDU] 26 fc-faultnotify https [ACK] Seq=1754 Ack=10339 Win=65535 Len=0 27 Application Data 28 Application Data 29 [TCP segment of a reassembled PDU] 30 [TCP segment of a reassembled PDU] 31 fc-faultnotify https [ACK] Seq=2207 Ack=13368 Win=65535 Len=0 32 [TCP segment of a reassembled PDU] 33 fc-faultnotify https [ACK] Seq=2207 Ack=14820 Win=65535 Len=0 34 Application Data 35 Application Data 36 [TCP segment of a reassembled PDU] 37 [TCP segment of a reassembled PDU] 38 fc-faultnotify https [ACK] Seq=2660 Ack=18445 Win=65535 Len=0 39 [TCP segment of a reassembled PDU] 40 fc-faultnotify https [ACK] Seq=2660 Ack=19897 Win=65535 Len=0 41 Application Data 42 fc-faultnotify https [ACK] Seq=2660 Ack=20378 Win=65054 Len=0 43 Application Data 44 [TCP segment of a reassembled PDU] 45 [TCP segment of a reassembled PDU] 46 fc-faultnotify https [ACK] Seq=3129 Ack=23282 Win=65535 Len=0 47 [TCP segment of a reassembled PDU] 48 fc-faultnotify https [ACK] Seq=3129 Ack=24734 Win=65535 Len=0 49 [TCP segment of a reassembled PDU] 50 [TCP segment of a reassembled PDU] 51 fc-faultnotify https [ACK] Seq=3129 Ack=27638 Win=65535 Len=0 52 Application Data 53 Application Data 54 vrts-at-port https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 55 [TCP segment of a reassembled PDU] 56 [TCP segment of a reassembled PDU] 57 fc-faultnotify https [ACK] Seq=3582 Ack=30791 Win=65535 Len=0 58 [TCP segment of a reassembled PDU] 59 fc-faultnotify https [ACK] Seq=3582 Ack=32243 Win=65535 Len=0 60 [TCP segment of a reassembled PDU] 61 [TCP segment of a reassembled PDU] 62 fc-faultnotify https [ACK] Seq=3582 Ack=35147 Win=65535 Len=0 63 [TCP segment of a reassembled PDU] 64 fc-faultnotify https [ACK] Seq=3582 Ack=36599 Win=65535 Len=0 65 [TCP segment of a reassembled PDU] 66 [TCP segment of a reassembled PDU] 67 fc-faultnotify https [ACK] Seq=3582 Ack=39503 Win=65535 Len=0 68 [TCP segment of a reassembled PDU] 69 fc-faultnotify https [ACK] Seq=3582 Ack=40955 Win=65535 Len=0 70 [TCP segment of a reassembled PDU] 71 https vrts-at-port [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS= 1452 SACK_PERM=1 72 vrts-at-port https [ACK] Seq=1 Ack=1 Win=65535 Len=0 73 Client Hello 74 [TCP segment of a reassembled PDU] 75 fc-faultnotify https [ACK] Seq=3582 Ack=43859 Win=65535 Len=0 76 Application Data 77 fc-faultnotify https [ACK] Seq=3582 Ack=45311 Win=65535 Len=0 78 [TCP segment of a reassembled PDU] 79 [TCP segment of a reassembled PDU] 80 fc-faultnotify https [ACK] Seq=3582 Ack=48215 Win=65535 Len=0 81 [TCP segment of a reassembled PDU] 82 fc-faultnotify https [ACK] Seq=3582 Ack=49667 Win=65535 Len=0 83 [TCP segment of a reassembled PDU] 84 [TCP segment of a reassembled PDU] 85 fc-faultnotify https [ACK] Seq=3582 Ack=52571 Win=65535 Len=0 86 [TCP segment of a reassembled PDU] 87 fc-faultnotify https [ACK] Seq=3582 Ack=54023 Win=65535 Len=0 88 [TCP segment of a reassembled PDU] 89 [TCP segment of a reassembled PDU] 90 fc-faultnotify https [ACK] Seq=3582 Ack=56927 Win=65535 Len=0 91 [TCP segment of a reassembled PDU] 92 fc-faultnotify https [ACK] Seq=3582 Ack=58379 Win=65535 Len=0 93 [TCP segment of a reassembled PDU] 94 Application Data 95 fc-faultnotify https [ACK] Seq=3582 Ack=61283 Win=65535 Len=0 96 [TCP segment of a reassembled PDU] 97 fc-faultnotify https [ACK] Seq=3582 Ack=62735 Win=65535 Len=0 98 https vrts-at-port [ACK] Seq=1 Ack=181 Win=15544 Len=0 99 Server Hello, Change Cipher Spec, Encrypted Handshake Message 100 Change Cipher Spec, Encrypted Handshake Message, Application Data 101 [TCP segment of a reassembled PDU] 102 [TCP segment of a reassembled PDU] 103 fc-faultnotify https [ACK] Seq=3582 Ack=65639 Win=65535 Len=0 104 [TCP segment of a reassembled PDU] 105 fc-faultnotify https [ACK] Seq=3582 Ack=67091 Win=65535 Len=0 106 [TCP segment of a reassembled PDU] 107 [TCP segment of a reassembled PDU] 108 fc-faultnotify https [ACK] Seq=3582 Ack=69995 Win=65535 Len=0 109 [TCP segment of a reassembled PDU] 110 fc-faultnotify https [ACK] Seq=3582 Ack=71447 Win=65535 Len=0 111 [TCP segment of a reassembled PDU] 112 [TCP segment of a reassembled PDU] 113 fc-faultnotify https [ACK] Seq=3582 Ack=74351 Win=65535 Len=0 114 [TCP segment of a reassembled PDU] 115 fc-faultnotify https [ACK] Seq=3582 Ack=75803 Win=65535 Len=0 116 Application Data 117 [TCP segment of a reassembled PDU] 118 fc-faultnotify https [ACK] Seq=3582 Ack=78707 Win=65535 Len=0 119 [TCP segment of a reassembled PDU] 120 fc-faultnotify https [ACK] Seq=3582 Ack=80159 Win=65535 Len=0 121 [TCP segment of a reassembled PDU] 122 [TCP segment of a reassembled PDU] 123 fc-faultnotify https [ACK] Seq=3582 Ack=83063 Win=65535 Len=0 124 [TCP segment of a reassembled PDU] 125 fc-faultnotify https [ACK] Seq=3582 Ack=84515 Win=65535 Len=0 126 [TCP segment of a reassembled PDU] 127 [TCP segment of a reassembled PDU] 128 fc-faultnotify https [ACK] Seq=3582 Ack=87419 Win=65535 Len=0 129 [TCP segment of a reassembled PDU] 130 fc-faultnotify https [ACK] Seq=3582 Ack=88871 Win=65535 Len=0 131 Application Data 132 [TCP segment of a reassembled PDU] 133 [TCP segment of a reassembled PDU] 134 vrts-at-port https [ACK] Seq=709 Ack=3043 Win=65535 Len=0 135 [TCP segment of a reassembled PDU] 136 vrts-at-port https [ACK] Seq=709 Ack=4495 Win=65535 Len=0 137 [TCP segment of a reassembled PDU] 138 [TCP segment of a reassembled PDU] 139 vrts-at-port https [ACK] Seq=709 Ack=7399 Win=65535 Len=0 140 [TCP segment of a reassembled PDU] 141 vrts-at-port https [ACK] Seq=709 Ack=8851 Win=65535 Len=0 142 [TCP segment of a reassembled PDU] 143 [TCP segment of a reassembled PDU] 144 vrts-at-port https [ACK] Seq=709 Ack=11755 Win=65535 Len=0 145 [TCP segment of a reassembled PDU] 146 vrts-at-port https [ACK] Seq=709 Ack=13207 Win=65535 Len=0 147 Application Data 148 vrts-at-port https [ACK] Seq=709 Ack=13984 Win=64758 Len=0 149 fc-faultnotify https [ACK] Seq=3582 Ack=88883 Win=65523 Len=0 150 Encrypted Alert 151 vrts-at-port https [FIN, ACK] Seq=746 Ack=13984 Win=64758 Len=0 152 Encrypted Alert 153 fc-faultnotify https [FIN, ACK] Seq=3619 Ack=88883 Win=65523 Len=0 154 https vrts-at-port [FIN, ACK] Seq=13984 Ack=747 Win=16616 Len=0 155 vrts-at-port https [ACK] Seq=747 Ack=13985 Win=64758 Len=0 156 https fc-faultnotify [FIN, ACK] Seq=88883 Ack=3620 Win=24120 Len=0 157 fc-faultnotify https [ACK] Seq=3620 Ack=88884 Win=65523 Len=0 158 Standard query 0x5952 A safebrowsing.google.com 159 Standard query 0x6a02 A safebrowsing.google.com 160 Standard query response 0x5952 CNAME sb.l.google.com A 74.125.224.133 A 74.125.224.132 A 74.125.224.137 A 74.125.224.128 A 74.125.224.130 A 74.125.224.131 A 74.125.224.136 A 74.125.224.142 A 74.125.224.129 A 74.125.224.134 A 74.125.224.135 161 Standard query response 0x6a02 CNAME sb.l.google.com A 74.125.224.137 A 74.125.224.128 A 74.125.224.130 A 74.125.224.131 A 74.125.224.136 A 74.125.224.142 A 74.125.224.129 A 74.125.224.134 A 74.125.224.135 A 74.125.224.133 A 74.125.224.132 162 slc-systemlog https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 163 https slc-systemlog [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS= 1430 SACK_PERM=1 164 slc-systemlog https [ACK] Seq=1 Ack=1 Win=65535 Len=0 165 Client Hello 166 https slc-systemlog [ACK] Seq=1 Ack=191 Win=43952 Len=0 167 Server Hello 168 [TCP segment of a reassembled PDU] 169 slc-systemlog https [ACK] Seq=191 Ack=2861 Win=65535 Len=0 170 Certificate 171 slc-systemlog https [ACK] Seq=191 Ack=3945 Win=64451 Len=0 172 Standard query 0xb9b9 A clients1.google.com 173 Standard query response 0xb9b9 CNAME clients.l.google.com A 74.125.224.128 A 74.125.224.133 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 A 74.125.224.142 174 Client Key Exchange, Change Cipher Spec, Hello Request, Hello Request 175 Standard query 0x0f21 A clients1.google.com 176 Standard query response 0x0f21 CNAME clients.l.google.com A 74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 A 74.125.224.142 A 74.125.224.128 A 74.125.224.133 A 74.125.224.135 A 74.125.224.132 177 silkp2 http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 178 New Session Ticket, Change Cipher Spec, Hello Request, Hello Request 179 Application Data 180 slc-systemlog https [ACK] Seq=353 Ack=4248 Win=64148 Len=0 181 Application Data 182 http silkp2 [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430 SACK_PERM=1 183 silkp2 http [ACK] Seq=1 Ack=1 Win=65535 Len=0 184 Request 185 http silkp2 [ACK] Seq=1 Ack=435 Win=43952 Len=0 186 slc-systemlog https [ACK] Seq=353 Ack=4293 Win=65535 Len=0 187 Response 188 silkp2 http [ACK] Seq=435 Ack=783 Win=64753 Len=0 189 Application Data 190 https slc-systemlog [ACK] Seq=4293 Ack=418 Win=45024 Len=0 191 Application Data, Application Data 192 https slc-systemlog [ACK] Seq=4293 Ack=1362 Win=46256 Len=0 193 Application Data 194 Application Data, Application Data 195 slc-systemlog https [ACK] Seq=1362 Ack=5065 Win=64763 Len=0 196 Application Data 197 Standard query 0x7fb6 A safebrowsing-cache.google.com 198 https slc-systemlog [ACK] Seq=5065 Ack=1403 Win=46256 Len=0 199 Standard query 0x2f49 A safebrowsing-cache.google.com 200 Standard query response 0x7fb6 CNAME safebrowsing.cache.l.google.com A 74.125.224.131 A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 201 Standard query response 0x2f49 CNAME safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 202 evtp https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 203 https evtp [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430 SACK_PERM=1 204 evtp https [ACK] Seq=1 Ack=1 Win=65535 Len=0 205 Client Hello 206 https evtp [ACK] Seq=1 Ack=518 Win=43952 Len=0 207 Server Hello, Change Cipher Spec, Hello Request, Hello Request 208 Change Cipher Spec, Hello Request, Hello Request, Application Data, Application Data 209 Application Data 210 Application Data 211 evtp https [ACK] Seq=1287 Ack=284 Win=65252 Len=0 212 Application Data 213 Application Data, Application Data 214 evtp https [ACK] Seq=1287 Ack=770 Win=64766 Len=0 215 Application Data 216 Standard query 0xbde9 A safebrowsing-cache.google.com 217 Standard query response 0xbde9 CNAME safebrowsing.cache.l.google.com A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A 74.125.224.133 218 https evtp [ACK] Seq=770 Ack=1328 Win=45371 Len=0 219 Application Data 220 https evtp [ACK] Seq=770 Ack=1955 Win=46909 Len=0 221 Application Data 222 Application Data 223 evtp https [ACK] Seq=1955 Ack=2272 Win=65535 Len=0 224 Application Data 225 Application Data 226 evtp https [ACK] Seq=1955 Ack=2404 Win=65403 Len=0 227 Application Data 228 Standard query 0xaab3 A safebrowsing-cache.google.com 229 Standard query response 0xaab3 CNAME safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A 74.125.224.131 230 https evtp [ACK] Seq=2404 Ack=1996 Win=46909 Len=0 231 Application Data 232 https evtp [ACK] Seq=2404 Ack=2620 Win=48447 Len=0 233 Application Data 234 Application Data 235 evtp https [ACK] Seq=2620 Ack=3904 Win=65535 Len=0 236 Application Data 237 Application Data 238 evtp https [ACK] Seq=2620 Ack=5993 Win=65535 Len=0 239 Application Data 240 Application Data 241 https evtp [ACK] Seq=6034 Ack=2661 Win=48447 Len=0 242 j-lan-p nntp [FIN, ACK] Seq=1 Ack=1 Win=65448 Len=0 243 nntp j-lan-p [ACK] Seq=1 Ack=2 Win=65499 Len=0 244 nntp j-lan-p [FIN, ACK] Seq=1 Ack=2 Win=65499 Len=0 245 j-lan-p nntp [ACK] Seq=2 Ack=2 Win=65448 Len=0 246 netsteward nntp [FIN, ACK] Seq=1 Ack=1 Win=65450 Len=0 247 nntp netsteward [ACK] Seq=1 Ack=2 Win=65503 Len=0 248 nntp netsteward [FIN, ACK] Seq=1 Ack=2 Win=65503 Len=0 249 netsteward nntp [ACK] Seq=2 Ack=2 Win=65450 Len=0 Any better? Or is there something I should have left in the scan? IIRC, this is just Optimax set to port 119. More news this morning. On the emachine, the SFF news server using 1119 port continues to work. So I emailed Individual net and they told me to try 8119 port, among others. Tried it and Individual worked perfectly! (Optimax still no go with 119.) Restarted Xnews multiple times. No problems. Then left and returned a few hours later. Restarted Xnews, now Individual doesn't work again! Checked and still set to 8119. This is really weird. An ISP (CenturyLink) problem? Emachine problem? I'm thoroughly snowed, especially with the changing symptoms. Everytime I think I have it fixed the problem returns! sigh Ken Your trace above doesn't have enough "NNTP" entries to constitute a trace of an NNTP session. You should at least be seeing a line with "nntp", a reference to the outgoing port you've selected for the session (119). And if we're lucky, a "200" welcome response from each news server contacted. You need to turn on more details. IP addresses and so on. Even your first trace was doing a better job. If you have a long trace, with full details, copy and paste it into a pastebin.com window. The pastebin.com window should return a URL, which you can post here. Just post the URL, and any comments you might have. Paul |
#30
|
|||
|
|||
Xnews failure update in XP Home
Paul wrote in :
Your trace above doesn't have enough "NNTP" entries to constitute a trace of an NNTP session. You should at least be seeing a line with "nntp", a reference to the outgoing port you've selected for the session (119). And if we're lucky, a "200" welcome response from each news server contacted. You need to turn on more details. IP addresses and so on. Even your first trace was doing a better job. If you have a long trace, with full details, copy and paste it into a pastebin.com window. The pastebin.com window should return a URL, which you can post here. Just post the URL, and any comments you might have. Paul OK. Made another trace printing with Packet Summary line Packet details All expanded It's ~650K Too long to post here. Undecipherable to my feeble mind. First of all, is this what you wanted or so I have to set something else somewhere in Wireshark? This Pastebin.com looks VERY complicated. Can you think of another alternative? Lastest: Xnews seems to be working with Individual news pretty regularly using port 8119. Optimax news with port 119 keeps timing out. I tried using emachine, usually CenturyLink ISP and DSL, with Sitestar dial up ISP. Still doesn't work with Optimax, though Individual is OK, which I guess points to emachine problem. Must be a VERY strange problem. I really don't want to buy a new computer to just read this one news server. Now what? TIA Ken -- You know it's time to clean the refrigerator when something closes the door from the inside. |
Thread Tools | |
Display Modes | |
|
|