Xnews failure update in XP Home

Nil wrote in
:

On 22 Oct 2014, KenK wrote in
microsoft.public.windowsxp.general:

Nil wrote in
news:XnsA3CAA9A7881F0nilch1 @wheedledeedle.moc:

Firewall blocking the port?

Turned off Windows firewall. No help so turned it back on. Having
a problem finding Kaspersky firewall settings. Next will try
Google.

You should never have two firewalls running at the same time.

Haven't caused a problem in many many years that I know of.

If you
have Kapersky's firewall, turn off Windows' and leave it off.

Try turning off all firewalls temporarily and see if that relieves the
problem.


Kaspersky firewall accepts Mozxilla stuff so T-bird should not be
affected.

I don't know how to turn off Kaspersky firewall. I'd also like to turn
off Kaspersky entirely temporily to see if it helps but don't know how.
Neither is obvious. Back to Google to try to find out.


--
You know it's time to clean the refrigerator
when something closes the door from the inside.

KenK wrote:


Made a mistake as usual. When I looked for Thunderbird in Kaspersky
firewall list I missed entry for Mozilla, which it lists as accepted. So
if T-bird doesn't work, as it doesn't, then the Kaspersky firewall is not
the problem.

New grist for the mill:

To check for a port 119 problem, someone told me to use Xnews on

news.sff.net port 1119

I did and it worked perfectly. Then I turned off Xnews, turned it back on
- several times - and the sff news server no longer works, just like
Individual and Optimax. Wonder why it worked once? Just like Xnews worked
once on all news servers a few days ago. Weirder and weirder.

A clue?

TIA

Ken

Good detective work.

The fact port 1119 is blocked, suggests the same mechanism that
is used to block email relays. If the ISP uses a Deep Packet
Inspection box (DPI), they can watch for particular protocols
and block them.

If you wait a while (more than fifteen minutes), it's just possible
1119 will work for a short time again. Then stop working.

Someone tested email relays on our ISP here. And they
described how the DPI box would notice the attempt to relay
on other than port 25? or whatever it is. And the DPI box would
"block" that port for fifteen minutes (even if you ran a
different protocol on the port, it remained blocked). Or, until
you attempted to relay again. So if you attempted to email relay
on Port 80 (as if you were running a web server), it would still
recognize the cogent parts of emailing, and stop the transaction.

I'm sure there are other explanations. If port 1119 worked forever,
or 1119 was blocked forever, we'd have to find another
explanation. But if port 1119 "flaps in the breeze", that
hints the DPI box at the ISP is involved. If it works sometimes
and not others, and if Wireshark is not showing any duplicate
packets, that might be it.

My ISP even took to (accidentally) blocking web sites with the
DPI box. The symptoms, are a lot more RST responses than normal.
How web sites are blocked, is as follows


ISP ------- RST() -----
---- RST()----

Like a Man in the Middle (MITM), the ISP sends RST responses,
fooling both ends into thinking there is a congestion problem.
And causing both ends to drop the connection. And it's all made
possible by DPI boxes. It took the idiots at my ISP *three months*
to figure out the mistake and stop doing that. The symptoms
were not perfectly consistent, but I refuse to believe every
major web site (Google) could not be reached at the same time.

Do not expect entry-level Tech Support at the ISP to admit
to this. You can counter any answer they might attempt to
give, by pointing out that any good ISP needs a DPI box,
just to block email relays. Using a DPI box, automates
the whole process, so no human operator is directly involved.
Escalate to the next level of support, or to a manager, if
the explanations are "too dumb for words".

So wait an hour, and carefully do your port 1119 test again.
My expectation is, it'll work for a short time. The DPI box
can't block the port forever, because some other protocol
might use that port number.

Paul

On 23 Oct 2014, KenK wrote in
microsoft.public.windowsxp.general:

Haven't caused a problem in many many years that I know of.

They are redundant and will be working at cross-purposes, and you will
need to maintain the rules in both. You may be experiencing a problem
right now.

Usually, when you install a third-party firewall, Windows is smart
enough to shut off its built in one. You must have intentionally turned
it back on.

Kaspersky firewall accepts Mozxilla stuff so T-bird should not be
affected.

Not necessarily.

I don't know how to turn off Kaspersky firewall. I'd also like to
turn off Kaspersky entirely temporily to see if it helps but don't
know how. Neither is obvious. Back to Google to try to find out.

I'm surprised you haven't done that already. It should have been one of
your first troubleshooting steps.

http://www.google.com/search?q=how+t...ersky+firewall

Nil wrote in
:

On 23 Oct 2014, KenK wrote in
microsoft.public.windowsxp.general:

Haven't caused a problem in many many years that I know of.

They are redundant and will be working at cross-purposes, and you will
need to maintain the rules in both. You may be experiencing a problem
right now.

Usually, when you install a third-party firewall, Windows is smart
enough to shut off its built in one. You must have intentionally turned
it back on.

Kaspersky firewall accepts Mozxilla stuff so T-bird should not be
affected.

Not necessarily.

I don't know how to turn off Kaspersky firewall. I'd also like to
turn off Kaspersky entirely temporily to see if it helps but don't
know how. Neither is obvious. Back to Google to try to find out.

I'm surprised you haven't done that already. It should have been one of
your first troubleshooting steps.

http://www.google.com/search?q=how+t...ersky+firewall


Turned off Windows and Kaspersky firewalls. Xnews still doesn't work.
Turned Kaspersky's back on, left Windows' off.




--
You know it's time to clean the refrigerator
when something closes the door from the inside.

Paul wrote in :

The fact port 1119 is blocked, suggests the same mechanism that
is used to block email relays. If the ISP uses a Deep Packet
Inspection box (DPI), they can watch for particular protocols
and block them.

Some days back I tried the faulty emachine and Xnews on the Sitestar ISP's
dial-up connection instead of CenturyLink's DSL. Made no difference. Still
didn't work. The backup system with Xnews still works fine, as you can see,
with the Sitestar dial-up.


If you wait a while (more than fifteen minutes), it's just possible
1119 will work for a short time again. Then stop working.

Someone tested email relays on our ISP here. And they
described how the DPI box would notice the attempt to relay
on other than port 25? or whatever it is. And the DPI box would
"block" that port for fifteen minutes (even if you ran a
different protocol on the port, it remained blocked). Or, until
you attempted to relay again. So if you attempted to email relay
on Port 80 (as if you were running a web server), it would still
recognize the cogent parts of emailing, and stop the transaction.

I'm sure there are other explanations. If port 1119 worked forever,
or 1119 was blocked forever, we'd have to find another
explanation. But if port 1119 "flaps in the breeze", that
hints the DPI box at the ISP is involved. If it works sometimes
and not others, and if Wireshark is not showing any duplicate
packets, that might be it.

Nope. I must have been unclear. It (port 1119 server) only worked once,
when I first tried it. Since then I've tried Xnews often and it no longer
works. In fact, Xnews worked again this morning when I turned on emachine.
Second time this has happened. EXCEPT the port 1119 SERVER! The two 119
port news servers worked. Updated group files (newscr files - these work
fine as I'm using them right now on backup system). As happened last time,
then Xnews failed repeatedly again. Wonder why it does this?

Something else. I just looked and I'm running Optimax server on port 0 on
this backup machine! Individual net on port 119. I have not tried the port
1119 server on this machine.

My ISP even took to (accidentally) blocking web sites with the
DPI box. The symptoms, are a lot more RST responses than normal.
How web sites are blocked, is as follows


ISP ------- RST() -----
---- RST()----

Like a Man in the Middle (MITM), the ISP sends RST responses,
fooling both ends into thinking there is a congestion problem.
And causing both ends to drop the connection. And it's all made
possible by DPI boxes. It took the idiots at my ISP *three months*
to figure out the mistake and stop doing that. The symptoms
were not perfectly consistent, but I refuse to believe every
major web site (Google) could not be reached at the same time.

Do not expect entry-level Tech Support at the ISP to admit
to this. You can counter any answer they might attempt to
give, by pointing out that any good ISP needs a DPI box,
just to block email relays. Using a DPI box, automates
the whole process, so no human operator is directly involved.
Escalate to the next level of support, or to a manager, if
the explanations are "too dumb for words".

So wait an hour, and carefully do your port 1119 test again.
My expectation is, it'll work for a short time. The DPI box
can't block the port forever, because some other protocol
might use that port number.

See earlier response. It only worked once, didn't every time since.

Paul



I think I told you I turned off Kaspersky's and Windows' firewalls
yesterday on the emachine and tried Xnews. No help. Turned Kaspersky's
firewall back on, left Windows' off.

Ken



--
You know it's time to clean the refrigerator
when something closes the door from the inside.

KenK wrote:


I think I told you I turned off Kaspersky's and Windows' firewalls
yesterday on the emachine and tried Xnews. No help. Turned Kaspersky's
firewall back on, left Windows' off.

Ken

So as a form of summary...

1) Web surfing, lengthy downloads, all work normally.

2) Only Xnews is affected. Symptoms are not constant.

3) Is the home networking box the same, or is a
brand new ADSL modem/router in the picture ? Then
the router portion is a new ingredient.

4) In the case of (3), going back to dialup, on the same
computer with the trouble, should cure the problem.
Xnews should work consistently, if dialup is running
and *cable running to router is disconnected*.

5) Wireshark is your friend.

6) Other ports are available, like 563 or 443 on the external
news server. But if you use those, it makes the Wireshark
trace unreadable. Only port 119 or port 80 are candidates
for that. And Xnews might not be the best candidate for testing
all those ports. Thunderbird could be used for that.

Since I'm just not seeing a pattern I can work with, you're
going to have to search for a pattern for me.

In the one trace you've shown me, I see traces of UPNP, of
IPV6 router protocols, as well as the USENET news actibity
(that was failing). But I'm failing to lace together what
Xnews is doing with respect to two servers at once. I don't
understand it well enough to comment. I'm not seeing the
normal sequence I see here in Wireshark, when using a USENET
server (with authentication).

Paul

Paul wrote in :

KenK wrote:


I think I told you I turned off Kaspersky's and Windows' firewalls
yesterday on the emachine and tried Xnews. No help. Turned Kaspersky's
firewall back on, left Windows' off.

Ken

So as a form of summary...

1) Web surfing, lengthy downloads, all work normally.

Yes

2) Only Xnews is affected. Symptoms are not constant.

No. Also Thunderbird and Xananews. Also: both Optimax and Individual news
servers worked fine again this morning - once. This is the third time
this has happened. I shut down Xnews and restarted several times without
changing anything. It refused to work again. This is frantically trying
to tell me something but I don't know what.

3) Is the home networking box the same, or is a
brand new ADSL modem/router in the picture ? Then
the router portion is a new ingredient.

The emachine, which doesn't work, uses the new DSL modem. The Compaq,
which works, uses a dial-up modem and a different ISP.

4) In the case of (3), going back to dialup, on the same
computer with the trouble, should cure the problem.
Xnews should work consistently, if dialup is running
and *cable running to router is disconnected*.

I tried the emachine on the dial-up modem a few weeks ago and the
newsreader didn't work that way either. I'm going to try this again this
week.

5) Wireshark is your friend.

6) Other ports are available, like 563 or 443 on the external
news server.

I've tried 0, 110, and 1119. None works on emachine. I use Xnews and
Compaq work wirh port 0 or 119 for Optimax and 119 for Individual. I've
not tried Thunderboird or Xananews on the Compaq machine as Xnews works
fine.

But if you use those, it makes the Wireshark
trace unreadable. Only port 119 or port 80 are candidates
for that. And Xnews might not be the best candidate for testing
all those ports. Thunderbird could be used for that.

Since I'm just not seeing a pattern I can work with, you're
going to have to search for a pattern for me.

In the one trace you've shown me, I see traces of UPNP, of
IPV6 router protocols, as well as the USENET news actibity
(that was failing). But I'm failing to lace together what
Xnews is doing with respect to two servers at once. I don't
understand it well enough to comment. I'm not seeing the
normal sequence I see here in Wireshark, when using a USENET
server (with authentication).

Paul

Today I'm searching Google for a clue and will try Wireshark with T-bird
again. Maybe I can find a Wireshark option that will make the results
clearer.

Ken

--
You know it's time to clean the refrigerator
when something closes the door from the inside.

Paul wrote in :

Since I'm just not seeing a pattern I can work with, you're
going to have to search for a pattern for me.


Is there a way to make the Wireshark printout look as clear and
understandable as the screen trace display? I find them very different. Any
hints please? Also, how can I save the printout to a file so I can send it,
or part of it, to you here if it seems interesting?

TIA

Ken


--
You know it's time to clean the refrigerator
when something closes the door from the inside.

KenK wrote:
Paul wrote in :

Since I'm just not seeing a pattern I can work with, you're
going to have to search for a pattern for me.


Is there a way to make the Wireshark printout look as clear and
understandable as the screen trace display? I find them very different. Any
hints please? Also, how can I save the printout to a file so I can send it,
or part of it, to you here if it seems interesting?

TIA

Ken



I made this one, by selecting "Print", in the Print dialog box,
selecting the "Generic/Text" output option, instead of my
regular printer.

No. Time Source Destination Protocol Info
1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.16
Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: 192.168.20.180 (00:1f:c6:8c:dc:f4), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

The first line of that, matches the screen (the output seems to truncate after
80 characters or so, perhaps a printer characteristic). I would have to edit and
remove the three lines below. Once edited, I would get

No. Time Source Destination Protocol Info
1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.16

The truncation ruins it a bit.

*******

If I use Export, I can output to text or Postscript. The Postscript you can
open in GIMP (assuming you've set it up to handle PostScript). Some other
viewers probably handle PostScript as well. You can paste the PostScript or
the text, to pastebin.com as a means of passing the trace. Then post a URL.
PostScript is a printer language, related to PDF, and Distiller accepts
PostScript as an input format for making documents. Years ago, you had
a good selection of printers that accepted PostScript.

No. Time Source Destination Protocol Info
1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.168.20.180

Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: 192.168.20.180 (00:1f:c6:8c:dc:f4), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

I ticked the first two boxes in the options to get that.
"Packet Summary" and "Packet Details" (As Displayed).

Now, if I just select "Packet Summary", that doesn't look bad. Using
Packet Summary, there is less to edit out.

No. Time Source Destination Protocol Info
1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.168.2.180

When you have "View:Name Resolution" turned on in the main screen,
that changes the numeric value of my Destination example to "Broadcast",
rather than displaying the number. Since 192.168.20.180 is a non-routeable
address, and there is also no DNS entry for it, the "View" option cannot
translate it. But when you contact "news.individual.net", you should see
the text for that and not a number. As long as all the View:Name Resolution
items are ticked (turned on).

I'm not suggesting Pastebin.com as a means to encourage a humongous
trace, but as a convenient means to pass text. USENET posts do have
a size limit, and Pastebin.com can go larger than that. If there are
any USERNAME or PASSWORD elements in your trace, don't forget to
edit them out (with XXXXXXXX or similar).

HTH,
Paul

I don't know if this is related to your problem or not, but I'll share
it as a possibility.

I had something similar happen a long long time ago where I was getting
intermittent connections with my NSP (newsgroup service provider). I
could randomly connect sometimes but other times I couldn't, sometimes
even just a few minutes apart. I called the NSP and it turned out that
they had a bank of modems that was failing. Some modems were okay but
others were not, and it was the luck of the draw which modem you
happened to get. They replaced the modems and my problems went away.

You've probably already thought of this but I just thought I'd throw it
out there.

Dee

Paul wrote in :

If there are
any USERNAME or PASSWORD elements in your trace, don't forget to
edit them out (with XXXXXXXX or similar).


Hi Paul

Here's an Wireshark Xnews printout, much briefer and clearer than the
last one. However, I still don't understand my problem. Here it is -
authentication code and user name are Xed out.

30 Standard query response 0x8934 A 130.133.4.11
31 Standard query 0x1e4d A news.optimax.com
32 Standard query response 0x1e4d A 98.100.194.170
33 Standard query 0xd346 A news.sff.net
34 Standard query response 0xd346 A 71.252.193.52
35 webobjects nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=
1
36 cplscrambler-in bnetgame [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
37 cplscrambler-al nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
38 bnetgame cplscrambler-in [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0
MSS=1452 SACK_PERM=1
39 cplscrambler-in bnetgame [ACK] Seq=1 Ack=1 Win=65535 Len=0
40 bnetgame cplscrambler-in [PSH, ACK] Seq=1 Ack=1 Win=65535 Len=
86
41 nntp cplscrambler-al [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0
MSS=1452 SACK_PERM=1
42 cplscrambler-al nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0
43 nntp webobjects [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1452
SACK_PERM=1
44 webobjects nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0
45 cplscrambler-in bnetgame [PSH, ACK] Seq=1 Ack=87 Win=65449 Len=
13
46 bnetgame cplscrambler-in [PSH, ACK] Seq=87 Ack=14 Win=65522
Len=41
47 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24
48 cplscrambler-al nntp [ACK] Seq=1 Ack=42 Win=65494 Len=0
49 cplscrambler-in bnetgame [ACK] Seq=14 Ack=128 Win=65408 Len=0
50 cplscrambler-in bnetgame [PSH, ACK] Seq=14 Ack=128 Win=65408
Len=32
51 bnetgame cplscrambler-in [PSH, ACK] Seq=128 Ack=46 Win=65490
Len=52
52 Response: 200 The server welcomes 71-223-138-135.phnx.qwest.net
(71.223.138.135). Authorization required for reading and posting.
53 cplscrambler-in bnetgame [ACK] Seq=46 Ack=180 Win=65356 Len=0
54 Request: MODE READER
55 Request: MODE READER
56 Response: 200 ignored
57 nntp webobjects [ACK] Seq=122 Ack=14 Win=14600 Len=0
58 Response: 200 You are already in this mode. Ignored.
59 Request: AUTHINFO USER xxxxxxxxxxxxx
60 Request: GROUP sdforum.newsreaders
61 Response: 211 189 1 189 sdforum.newsreaders
62 Response: 381 PASS required
63 Request: AUTHINFO PASS xxxxxxxxxxxx
64 cplscrambler-al nntp [ACK] Seq=41 Ack=90 Win=65446 Len=0
65 Response: 281 Authentication accepted. (UID=307388)
66 Request: GROUP alt.food.fat-free
67 Response: 211 2 42452 42453 alt.food.fat-free
68 webobjects nntp [ACK] Seq=92 Ack=265 Win=65271 Len=0
69 avocent-proxy https [FIN, ACK] Seq=1304 Ack=266 Win=65270 Len=0
70 https avocent-proxy [ACK] Seq=266 Ack=1305 Win=65535 Len=0
71 https avocent-proxy [FIN, ACK] Seq=266 Ack=1305 Win=65535 Len=0
72 avocent-proxy https [ACK] Seq=1305 Ack=267 Win=65270 Len=0
73 Who has 192.168.0.2? Tell 192.168.0.1
74 192.168.0.2 is at 00:11:11:5a:b1:0c
75 NOTIFY * HTTP/1.1
76 NOTIFY * HTTP/1.1
77 NOTIFY * HTTP/1.1
78 NOTIFY * HTTP/1.1
79 cplscrambler-al nntp [FIN, ACK] Seq=41 Ack=90 Win=65446 Len=0
80 nntp cplscrambler-al [ACK] Seq=90 Ack=42 Win=65495 Len=0
81 nntp cplscrambler-al [FIN, ACK] Seq=90 Ack=42 Win=65495 Len=0
82 cplscrambler-al nntp [ACK] Seq=42 Ack=91 Win=65446 Len=0
83 webobjects nntp [FIN, ACK] Seq=92 Ack=265 Win=65271 Len=0
84 Response: 205 .
85 nntp webobjects [FIN, ACK] Seq=272 Ack=93 Win=14600 Len=0
86 webobjects nntp [ACK] Seq=93 Ack=273 Win=65264 Len=0
87 cplscrambler-in bnetgame [PSH, ACK] Seq=46 Ack=180 Win=65356
Len=6
88 bnetgame cplscrambler-in [PSH, ACK] Seq=180 Ack=52 Win=65484
Len=35
89 bnetgame cplscrambler-in [FIN, ACK] Seq=215 Ack=52 Win=65484
Len=0
90 cplscrambler-in bnetgame [ACK] Seq=52 Ack=216 Win=65321 Len=0
91 cplscrambler-in bnetgame [FIN, ACK] Seq=52 Ack=216 Win=65321
Len=0
92 bnetgame cplscrambler-in [ACK] Seq=216 Ack=53 Win=65484 Len=0

Any clues? I also did this with T-bird but I see no clues in it. Do you
want to see it?

TIA

Ken

--
You know it's time to clean the refrigerator
when something closes the door from the inside.

KenK wrote:
Paul wrote in :

If there are
any USERNAME or PASSWORD elements in your trace, don't forget to
edit them out (with XXXXXXXX or similar).


Hi Paul

Here's an Wireshark Xnews printout, much briefer and clearer than the
last one. However, I still don't understand my problem. Here it is -
authentication code and user name are Xed out.

30 Standard query response 0x8934 A 130.133.4.11
31 Standard query 0x1e4d A news.optimax.com
32 Standard query response 0x1e4d A 98.100.194.170
33 Standard query 0xd346 A news.sff.net
34 Standard query response 0xd346 A 71.252.193.52
35 webobjects nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=
1
36 cplscrambler-in bnetgame [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
37 cplscrambler-al nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
38 bnetgame cplscrambler-in [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0
MSS=1452 SACK_PERM=1
39 cplscrambler-in bnetgame [ACK] Seq=1 Ack=1 Win=65535 Len=0
40 bnetgame cplscrambler-in [PSH, ACK] Seq=1 Ack=1 Win=65535 Len=
86
41 nntp cplscrambler-al [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0
MSS=1452 SACK_PERM=1
42 cplscrambler-al nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0
43 nntp webobjects [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1452
SACK_PERM=1
44 webobjects nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0
45 cplscrambler-in bnetgame [PSH, ACK] Seq=1 Ack=87 Win=65449 Len=
13
46 bnetgame cplscrambler-in [PSH, ACK] Seq=87 Ack=14 Win=65522
Len=41
47 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24
48 cplscrambler-al nntp [ACK] Seq=1 Ack=42 Win=65494 Len=0
49 cplscrambler-in bnetgame [ACK] Seq=14 Ack=128 Win=65408 Len=0
50 cplscrambler-in bnetgame [PSH, ACK] Seq=14 Ack=128 Win=65408
Len=32
51 bnetgame cplscrambler-in [PSH, ACK] Seq=128 Ack=46 Win=65490
Len=52
52 Response: 200 The server welcomes 71-223-138-135.phnx.qwest.net
(71.223.138.135). Authorization required for reading and posting.
53 cplscrambler-in bnetgame [ACK] Seq=46 Ack=180 Win=65356 Len=0
54 Request: MODE READER
55 Request: MODE READER
56 Response: 200 ignored
57 nntp webobjects [ACK] Seq=122 Ack=14 Win=14600 Len=0
58 Response: 200 You are already in this mode. Ignored.
59 Request: AUTHINFO USER xxxxxxxxxxxxx
60 Request: GROUP sdforum.newsreaders
61 Response: 211 189 1 189 sdforum.newsreaders
62 Response: 381 PASS required
63 Request: AUTHINFO PASS xxxxxxxxxxxx
64 cplscrambler-al nntp [ACK] Seq=41 Ack=90 Win=65446 Len=0
65 Response: 281 Authentication accepted. (UID=307388)
66 Request: GROUP alt.food.fat-free
67 Response: 211 2 42452 42453 alt.food.fat-free
68 webobjects nntp [ACK] Seq=92 Ack=265 Win=65271 Len=0
69 avocent-proxy https [FIN, ACK] Seq=1304 Ack=266 Win=65270 Len=0
70 https avocent-proxy [ACK] Seq=266 Ack=1305 Win=65535 Len=0
71 https avocent-proxy [FIN, ACK] Seq=266 Ack=1305 Win=65535 Len=0
72 avocent-proxy https [ACK] Seq=1305 Ack=267 Win=65270 Len=0
73 Who has 192.168.0.2? Tell 192.168.0.1
74 192.168.0.2 is at 00:11:11:5a:b1:0c
75 NOTIFY * HTTP/1.1
76 NOTIFY * HTTP/1.1
77 NOTIFY * HTTP/1.1
78 NOTIFY * HTTP/1.1
79 cplscrambler-al nntp [FIN, ACK] Seq=41 Ack=90 Win=65446 Len=0
80 nntp cplscrambler-al [ACK] Seq=90 Ack=42 Win=65495 Len=0
81 nntp cplscrambler-al [FIN, ACK] Seq=90 Ack=42 Win=65495 Len=0
82 cplscrambler-al nntp [ACK] Seq=42 Ack=91 Win=65446 Len=0
83 webobjects nntp [FIN, ACK] Seq=92 Ack=265 Win=65271 Len=0
84 Response: 205 .
85 nntp webobjects [FIN, ACK] Seq=272 Ack=93 Win=14600 Len=0
86 webobjects nntp [ACK] Seq=93 Ack=273 Win=65264 Len=0
87 cplscrambler-in bnetgame [PSH, ACK] Seq=46 Ack=180 Win=65356
Len=6
88 bnetgame cplscrambler-in [PSH, ACK] Seq=180 Ack=52 Win=65484
Len=35
89 bnetgame cplscrambler-in [FIN, ACK] Seq=215 Ack=52 Win=65484
Len=0
90 cplscrambler-in bnetgame [ACK] Seq=52 Ack=216 Win=65321 Len=0
91 cplscrambler-in bnetgame [FIN, ACK] Seq=52 Ack=216 Win=65321
Len=0
92 bnetgame cplscrambler-in [ACK] Seq=216 Ack=53 Win=65484 Len=0

Any clues? I also did this with T-bird but I see no clues in it. Do you
want to see it?

TIA

Ken


Yes, but it's talking to two servers in that trace. Removing the
IP addresses, now you can't tell which line belongs to which
conversation. Here, both servers welcome you, which means
your packet got routed to them on port 119 OK.

47 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24
52 Response: 200 The server welcomes 71-223-138-135.phnx.qwest.net
(71.223.138.135). Authorization required for reading and posting.

One server gets bored, because your client didn't send it anything
further. It closes the connection, presumably on timeout. Servers use
short timeout constants, so not too many connections are open in
the connection table of the server (each one takes RAM).

84 Response: 205 .

The other server, you send it authentication, and can get as far
as querying the low water and high water marks on one newsgroup.
But then it doesn't fetch anything. So it doesn't seem to have
done anything with this info. Or maybe Xnews is now trying to
contact the local server it runs or something ? I don't really
understand how Xnews works. What its purpose is.

67 Response: 211 2 42452 42453 alt.food.fat-free

The Thunderbird trace should be easier to read, as it's going
to be working with just one server at a time, And it doesn't run
its own server, use an external program for SSL, and so on. The
trace should be easier to read (in theory).

Paul

Paul wrote in :

The Thunderbird trace should be easier to read, as it's going
to be working with just one server at a time, And it doesn't run
its own server, use an external program for SSL, and so on. The
trace should be easier to read (in theory).


OK. Here's the T-bird trace I made a couple of days ago.

1 http media-agent [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
2 http piccolo [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
3 Standard query 0x605d A www.mozilla.org
4 Standard query response 0x605d CNAME mozorg.dynect.mozilla.net A
63.245.215.20
5 fc-faultnotify https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
6 https fc-faultnotify [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0
MSS=1452 SACK_PERM=1
7 fc-faultnotify https [ACK] Seq=1 Ack=1 Win=65535 Len=0
8 Client Hello
9 https fc-faultnotify [ACK] Seq=1 Ack=149 Win=15544 Len=0
10 Server Hello
11 [TCP segment of a reassembled PDU]
12 fc-faultnotify https [ACK] Seq=149 Ack=2905 Win=65535 Len=0
13 Certificate
14 fc-faultnotify https [ACK] Seq=149 Ack=3894 Win=64546 Len=0
15 Client Key Exchange, Change Cipher Spec, Encrypted Handshake
Message
16 Change Cipher Spec, Encrypted Handshake Message
17 Application Data
18 Application Data
19 Application Data
20 [TCP segment of a reassembled PDU]
21 Application Data
22 fc-faultnotify https [ACK] Seq=1301 Ack=7435 Win=65535 Len=0
23 Application Data
24 [TCP segment of a reassembled PDU]
25 [TCP segment of a reassembled PDU]
26 fc-faultnotify https [ACK] Seq=1754 Ack=10339 Win=65535 Len=0
27 Application Data
28 Application Data
29 [TCP segment of a reassembled PDU]
30 [TCP segment of a reassembled PDU]
31 fc-faultnotify https [ACK] Seq=2207 Ack=13368 Win=65535 Len=0
32 [TCP segment of a reassembled PDU]
33 fc-faultnotify https [ACK] Seq=2207 Ack=14820 Win=65535 Len=0
34 Application Data
35 Application Data
36 [TCP segment of a reassembled PDU]
37 [TCP segment of a reassembled PDU]
38 fc-faultnotify https [ACK] Seq=2660 Ack=18445 Win=65535 Len=0
39 [TCP segment of a reassembled PDU]
40 fc-faultnotify https [ACK] Seq=2660 Ack=19897 Win=65535 Len=0
41 Application Data
42 fc-faultnotify https [ACK] Seq=2660 Ack=20378 Win=65054 Len=0
43 Application Data
44 [TCP segment of a reassembled PDU]
45 [TCP segment of a reassembled PDU]
46 fc-faultnotify https [ACK] Seq=3129 Ack=23282 Win=65535 Len=0
47 [TCP segment of a reassembled PDU]
48 fc-faultnotify https [ACK] Seq=3129 Ack=24734 Win=65535 Len=0
49 [TCP segment of a reassembled PDU]
50 [TCP segment of a reassembled PDU]
51 fc-faultnotify https [ACK] Seq=3129 Ack=27638 Win=65535 Len=0
52 Application Data
53 Application Data
54 vrts-at-port https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
55 [TCP segment of a reassembled PDU]
56 [TCP segment of a reassembled PDU]
57 fc-faultnotify https [ACK] Seq=3582 Ack=30791 Win=65535 Len=0
58 [TCP segment of a reassembled PDU]
59 fc-faultnotify https [ACK] Seq=3582 Ack=32243 Win=65535 Len=0
60 [TCP segment of a reassembled PDU]
61 [TCP segment of a reassembled PDU]
62 fc-faultnotify https [ACK] Seq=3582 Ack=35147 Win=65535 Len=0
63 [TCP segment of a reassembled PDU]
64 fc-faultnotify https [ACK] Seq=3582 Ack=36599 Win=65535 Len=0
65 [TCP segment of a reassembled PDU]
66 [TCP segment of a reassembled PDU]
67 fc-faultnotify https [ACK] Seq=3582 Ack=39503 Win=65535 Len=0
68 [TCP segment of a reassembled PDU]
69 fc-faultnotify https [ACK] Seq=3582 Ack=40955 Win=65535 Len=0
70 [TCP segment of a reassembled PDU]
71 https vrts-at-port [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=
1452 SACK_PERM=1
72 vrts-at-port https [ACK] Seq=1 Ack=1 Win=65535 Len=0
73 Client Hello
74 [TCP segment of a reassembled PDU]
75 fc-faultnotify https [ACK] Seq=3582 Ack=43859 Win=65535 Len=0
76 Application Data
77 fc-faultnotify https [ACK] Seq=3582 Ack=45311 Win=65535 Len=0
78 [TCP segment of a reassembled PDU]
79 [TCP segment of a reassembled PDU]
80 fc-faultnotify https [ACK] Seq=3582 Ack=48215 Win=65535 Len=0
81 [TCP segment of a reassembled PDU]
82 fc-faultnotify https [ACK] Seq=3582 Ack=49667 Win=65535 Len=0
83 [TCP segment of a reassembled PDU]
84 [TCP segment of a reassembled PDU]
85 fc-faultnotify https [ACK] Seq=3582 Ack=52571 Win=65535 Len=0
86 [TCP segment of a reassembled PDU]
87 fc-faultnotify https [ACK] Seq=3582 Ack=54023 Win=65535 Len=0
88 [TCP segment of a reassembled PDU]
89 [TCP segment of a reassembled PDU]
90 fc-faultnotify https [ACK] Seq=3582 Ack=56927 Win=65535 Len=0
91 [TCP segment of a reassembled PDU]
92 fc-faultnotify https [ACK] Seq=3582 Ack=58379 Win=65535 Len=0
93 [TCP segment of a reassembled PDU]
94 Application Data
95 fc-faultnotify https [ACK] Seq=3582 Ack=61283 Win=65535 Len=0
96 [TCP segment of a reassembled PDU]
97 fc-faultnotify https [ACK] Seq=3582 Ack=62735 Win=65535 Len=0
98 https vrts-at-port [ACK] Seq=1 Ack=181 Win=15544 Len=0
99 Server Hello, Change Cipher Spec, Encrypted Handshake Message
100 Change Cipher Spec, Encrypted Handshake Message, Application Data
101 [TCP segment of a reassembled PDU]
102 [TCP segment of a reassembled PDU]
103 fc-faultnotify https [ACK] Seq=3582 Ack=65639 Win=65535 Len=0
104 [TCP segment of a reassembled PDU]
105 fc-faultnotify https [ACK] Seq=3582 Ack=67091 Win=65535 Len=0
106 [TCP segment of a reassembled PDU]
107 [TCP segment of a reassembled PDU]
108 fc-faultnotify https [ACK] Seq=3582 Ack=69995 Win=65535 Len=0
109 [TCP segment of a reassembled PDU]
110 fc-faultnotify https [ACK] Seq=3582 Ack=71447 Win=65535 Len=0
111 [TCP segment of a reassembled PDU]
112 [TCP segment of a reassembled PDU]
113 fc-faultnotify https [ACK] Seq=3582 Ack=74351 Win=65535 Len=0
114 [TCP segment of a reassembled PDU]
115 fc-faultnotify https [ACK] Seq=3582 Ack=75803 Win=65535 Len=0
116 Application Data
117 [TCP segment of a reassembled PDU]
118 fc-faultnotify https [ACK] Seq=3582 Ack=78707 Win=65535 Len=0
119 [TCP segment of a reassembled PDU]
120 fc-faultnotify https [ACK] Seq=3582 Ack=80159 Win=65535 Len=0
121 [TCP segment of a reassembled PDU]
122 [TCP segment of a reassembled PDU]
123 fc-faultnotify https [ACK] Seq=3582 Ack=83063 Win=65535 Len=0
124 [TCP segment of a reassembled PDU]
125 fc-faultnotify https [ACK] Seq=3582 Ack=84515 Win=65535 Len=0
126 [TCP segment of a reassembled PDU]
127 [TCP segment of a reassembled PDU]
128 fc-faultnotify https [ACK] Seq=3582 Ack=87419 Win=65535 Len=0
129 [TCP segment of a reassembled PDU]
130 fc-faultnotify https [ACK] Seq=3582 Ack=88871 Win=65535 Len=0
131 Application Data
132 [TCP segment of a reassembled PDU]
133 [TCP segment of a reassembled PDU]
134 vrts-at-port https [ACK] Seq=709 Ack=3043 Win=65535 Len=0
135 [TCP segment of a reassembled PDU]
136 vrts-at-port https [ACK] Seq=709 Ack=4495 Win=65535 Len=0
137 [TCP segment of a reassembled PDU]
138 [TCP segment of a reassembled PDU]
139 vrts-at-port https [ACK] Seq=709 Ack=7399 Win=65535 Len=0
140 [TCP segment of a reassembled PDU]
141 vrts-at-port https [ACK] Seq=709 Ack=8851 Win=65535 Len=0
142 [TCP segment of a reassembled PDU]
143 [TCP segment of a reassembled PDU]
144 vrts-at-port https [ACK] Seq=709 Ack=11755 Win=65535 Len=0
145 [TCP segment of a reassembled PDU]
146 vrts-at-port https [ACK] Seq=709 Ack=13207 Win=65535 Len=0
147 Application Data
148 vrts-at-port https [ACK] Seq=709 Ack=13984 Win=64758 Len=0
149 fc-faultnotify https [ACK] Seq=3582 Ack=88883 Win=65523 Len=0
150 Encrypted Alert
151 vrts-at-port https [FIN, ACK] Seq=746 Ack=13984 Win=64758 Len=0
152 Encrypted Alert
153 fc-faultnotify https [FIN, ACK] Seq=3619 Ack=88883 Win=65523
Len=0
154 https vrts-at-port [FIN, ACK] Seq=13984 Ack=747 Win=16616 Len=0
155 vrts-at-port https [ACK] Seq=747 Ack=13985 Win=64758 Len=0
156 https fc-faultnotify [FIN, ACK] Seq=88883 Ack=3620 Win=24120
Len=0
157 fc-faultnotify https [ACK] Seq=3620 Ack=88884 Win=65523 Len=0
158 Standard query 0x5952 A safebrowsing.google.com
159 Standard query 0x6a02 A safebrowsing.google.com
160 Standard query response 0x5952 CNAME sb.l.google.com A
74.125.224.133 A 74.125.224.132 A 74.125.224.137 A 74.125.224.128 A
74.125.224.130 A 74.125.224.131 A 74.125.224.136 A 74.125.224.142 A
74.125.224.129 A 74.125.224.134 A 74.125.224.135
161 Standard query response 0x6a02 CNAME sb.l.google.com A
74.125.224.137 A 74.125.224.128 A 74.125.224.130 A 74.125.224.131 A
74.125.224.136 A 74.125.224.142 A 74.125.224.129 A 74.125.224.134 A
74.125.224.135 A 74.125.224.133 A 74.125.224.132
162 slc-systemlog https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
163 https slc-systemlog [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=
1430 SACK_PERM=1
164 slc-systemlog https [ACK] Seq=1 Ack=1 Win=65535 Len=0
165 Client Hello
166 https slc-systemlog [ACK] Seq=1 Ack=191 Win=43952 Len=0
167 Server Hello
168 [TCP segment of a reassembled PDU]
169 slc-systemlog https [ACK] Seq=191 Ack=2861 Win=65535 Len=0
170 Certificate
171 slc-systemlog https [ACK] Seq=191 Ack=3945 Win=64451 Len=0
172 Standard query 0xb9b9 A clients1.google.com
173 Standard query response 0xb9b9 CNAME clients.l.google.com A
74.125.224.128 A 74.125.224.133 A 74.125.224.135 A 74.125.224.132 A
74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A
74.125.224.136 A 74.125.224.131 A 74.125.224.142
174 Client Key Exchange, Change Cipher Spec, Hello Request, Hello
Request
175 Standard query 0x0f21 A clients1.google.com
176 Standard query response 0x0f21 CNAME clients.l.google.com A
74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A
74.125.224.136 A 74.125.224.131 A 74.125.224.142 A 74.125.224.128 A
74.125.224.133 A 74.125.224.135 A 74.125.224.132
177 silkp2 http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
178 New Session Ticket, Change Cipher Spec, Hello Request, Hello
Request
179 Application Data
180 slc-systemlog https [ACK] Seq=353 Ack=4248 Win=64148 Len=0
181 Application Data
182 http silkp2 [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430
SACK_PERM=1
183 silkp2 http [ACK] Seq=1 Ack=1 Win=65535 Len=0
184 Request
185 http silkp2 [ACK] Seq=1 Ack=435 Win=43952 Len=0
186 slc-systemlog https [ACK] Seq=353 Ack=4293 Win=65535 Len=0
187 Response
188 silkp2 http [ACK] Seq=435 Ack=783 Win=64753 Len=0
189 Application Data
190 https slc-systemlog [ACK] Seq=4293 Ack=418 Win=45024 Len=0
191 Application Data, Application Data
192 https slc-systemlog [ACK] Seq=4293 Ack=1362 Win=46256 Len=0
193 Application Data
194 Application Data, Application Data
195 slc-systemlog https [ACK] Seq=1362 Ack=5065 Win=64763 Len=0
196 Application Data
197 Standard query 0x7fb6 A safebrowsing-cache.google.com
198 https slc-systemlog [ACK] Seq=5065 Ack=1403 Win=46256 Len=0
199 Standard query 0x2f49 A safebrowsing-cache.google.com
200 Standard query response 0x7fb6 CNAME
safebrowsing.cache.l.google.com A 74.125.224.131 A 74.125.224.129 A
74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A
74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A
74.125.224.136
201 Standard query response 0x2f49 CNAME
safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A
74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A
74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A
74.125.224.131
202 evtp https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
203 https evtp [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430
SACK_PERM=1
204 evtp https [ACK] Seq=1 Ack=1 Win=65535 Len=0
205 Client Hello
206 https evtp [ACK] Seq=1 Ack=518 Win=43952 Len=0
207 Server Hello, Change Cipher Spec, Hello Request, Hello Request
208 Change Cipher Spec, Hello Request, Hello Request, Application
Data, Application Data
209 Application Data
210 Application Data
211 evtp https [ACK] Seq=1287 Ack=284 Win=65252 Len=0
212 Application Data
213 Application Data, Application Data
214 evtp https [ACK] Seq=1287 Ack=770 Win=64766 Len=0
215 Application Data
216 Standard query 0xbde9 A safebrowsing-cache.google.com
217 Standard query response 0xbde9 CNAME
safebrowsing.cache.l.google.com A 74.125.224.134 A 74.125.224.136 A
74.125.224.131 A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A
74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A
74.125.224.133
218 https evtp [ACK] Seq=770 Ack=1328 Win=45371 Len=0
219 Application Data
220 https evtp [ACK] Seq=770 Ack=1955 Win=46909 Len=0
221 Application Data
222 Application Data
223 evtp https [ACK] Seq=1955 Ack=2272 Win=65535 Len=0
224 Application Data
225 Application Data
226 evtp https [ACK] Seq=1955 Ack=2404 Win=65403 Len=0
227 Application Data
228 Standard query 0xaab3 A safebrowsing-cache.google.com
229 Standard query response 0xaab3 CNAME
safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A
74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A
74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A
74.125.224.131
230 https evtp [ACK] Seq=2404 Ack=1996 Win=46909 Len=0
231 Application Data
232 https evtp [ACK] Seq=2404 Ack=2620 Win=48447 Len=0
233 Application Data
234 Application Data
235 evtp https [ACK] Seq=2620 Ack=3904 Win=65535 Len=0
236 Application Data
237 Application Data
238 evtp https [ACK] Seq=2620 Ack=5993 Win=65535 Len=0
239 Application Data
240 Application Data
241 https evtp [ACK] Seq=6034 Ack=2661 Win=48447 Len=0
242 j-lan-p nntp [FIN, ACK] Seq=1 Ack=1 Win=65448 Len=0
243 nntp j-lan-p [ACK] Seq=1 Ack=2 Win=65499 Len=0
244 nntp j-lan-p [FIN, ACK] Seq=1 Ack=2 Win=65499 Len=0
245 j-lan-p nntp [ACK] Seq=2 Ack=2 Win=65448 Len=0
246 netsteward nntp [FIN, ACK] Seq=1 Ack=1 Win=65450 Len=0
247 nntp netsteward [ACK] Seq=1 Ack=2 Win=65503 Len=0
248 nntp netsteward [FIN, ACK] Seq=1 Ack=2 Win=65503 Len=0
249 netsteward nntp [ACK] Seq=2 Ack=2 Win=65450 Len=0

Any better? Or is there something I should have left in the scan? IIRC,
this is just Optimax set to port 119.

More news this morning. On the emachine, the SFF news server using 1119
port continues to work. So I emailed Individual net and they told me to
try 8119 port, among others. Tried it and Individual worked perfectly!
(Optimax still no go with 119.) Restarted Xnews multiple times. No
problems. Then left and returned a few hours later. Restarted Xnews, now
Individual doesn't work again! Checked and still set to 8119.

This is really weird. An ISP (CenturyLink) problem? Emachine problem? I'm
thoroughly snowed, especially with the changing symptoms. Everytime I
think I have it fixed the problem returns!

sigh

Ken


--
You know it's time to clean the refrigerator
when something closes the door from the inside.

KenK wrote:
Paul wrote in :

The Thunderbird trace should be easier to read, as it's going
to be working with just one server at a time, And it doesn't run
its own server, use an external program for SSL, and so on. The
trace should be easier to read (in theory).


OK. Here's the T-bird trace I made a couple of days ago.

1 http media-agent [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
2 http piccolo [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
3 Standard query 0x605d A www.mozilla.org
4 Standard query response 0x605d CNAME mozorg.dynect.mozilla.net A
63.245.215.20
5 fc-faultnotify https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
6 https fc-faultnotify [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0
MSS=1452 SACK_PERM=1
7 fc-faultnotify https [ACK] Seq=1 Ack=1 Win=65535 Len=0
8 Client Hello
9 https fc-faultnotify [ACK] Seq=1 Ack=149 Win=15544 Len=0
10 Server Hello
11 [TCP segment of a reassembled PDU]
12 fc-faultnotify https [ACK] Seq=149 Ack=2905 Win=65535 Len=0
13 Certificate
14 fc-faultnotify https [ACK] Seq=149 Ack=3894 Win=64546 Len=0
15 Client Key Exchange, Change Cipher Spec, Encrypted Handshake
Message
16 Change Cipher Spec, Encrypted Handshake Message
17 Application Data
18 Application Data
19 Application Data
20 [TCP segment of a reassembled PDU]
21 Application Data
22 fc-faultnotify https [ACK] Seq=1301 Ack=7435 Win=65535 Len=0
23 Application Data
24 [TCP segment of a reassembled PDU]
25 [TCP segment of a reassembled PDU]
26 fc-faultnotify https [ACK] Seq=1754 Ack=10339 Win=65535 Len=0
27 Application Data
28 Application Data
29 [TCP segment of a reassembled PDU]
30 [TCP segment of a reassembled PDU]
31 fc-faultnotify https [ACK] Seq=2207 Ack=13368 Win=65535 Len=0
32 [TCP segment of a reassembled PDU]
33 fc-faultnotify https [ACK] Seq=2207 Ack=14820 Win=65535 Len=0
34 Application Data
35 Application Data
36 [TCP segment of a reassembled PDU]
37 [TCP segment of a reassembled PDU]
38 fc-faultnotify https [ACK] Seq=2660 Ack=18445 Win=65535 Len=0
39 [TCP segment of a reassembled PDU]
40 fc-faultnotify https [ACK] Seq=2660 Ack=19897 Win=65535 Len=0
41 Application Data
42 fc-faultnotify https [ACK] Seq=2660 Ack=20378 Win=65054 Len=0
43 Application Data
44 [TCP segment of a reassembled PDU]
45 [TCP segment of a reassembled PDU]
46 fc-faultnotify https [ACK] Seq=3129 Ack=23282 Win=65535 Len=0
47 [TCP segment of a reassembled PDU]
48 fc-faultnotify https [ACK] Seq=3129 Ack=24734 Win=65535 Len=0
49 [TCP segment of a reassembled PDU]
50 [TCP segment of a reassembled PDU]
51 fc-faultnotify https [ACK] Seq=3129 Ack=27638 Win=65535 Len=0
52 Application Data
53 Application Data
54 vrts-at-port https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
55 [TCP segment of a reassembled PDU]
56 [TCP segment of a reassembled PDU]
57 fc-faultnotify https [ACK] Seq=3582 Ack=30791 Win=65535 Len=0
58 [TCP segment of a reassembled PDU]
59 fc-faultnotify https [ACK] Seq=3582 Ack=32243 Win=65535 Len=0
60 [TCP segment of a reassembled PDU]
61 [TCP segment of a reassembled PDU]
62 fc-faultnotify https [ACK] Seq=3582 Ack=35147 Win=65535 Len=0
63 [TCP segment of a reassembled PDU]
64 fc-faultnotify https [ACK] Seq=3582 Ack=36599 Win=65535 Len=0
65 [TCP segment of a reassembled PDU]
66 [TCP segment of a reassembled PDU]
67 fc-faultnotify https [ACK] Seq=3582 Ack=39503 Win=65535 Len=0
68 [TCP segment of a reassembled PDU]
69 fc-faultnotify https [ACK] Seq=3582 Ack=40955 Win=65535 Len=0
70 [TCP segment of a reassembled PDU]
71 https vrts-at-port [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=
1452 SACK_PERM=1
72 vrts-at-port https [ACK] Seq=1 Ack=1 Win=65535 Len=0
73 Client Hello
74 [TCP segment of a reassembled PDU]
75 fc-faultnotify https [ACK] Seq=3582 Ack=43859 Win=65535 Len=0
76 Application Data
77 fc-faultnotify https [ACK] Seq=3582 Ack=45311 Win=65535 Len=0
78 [TCP segment of a reassembled PDU]
79 [TCP segment of a reassembled PDU]
80 fc-faultnotify https [ACK] Seq=3582 Ack=48215 Win=65535 Len=0
81 [TCP segment of a reassembled PDU]
82 fc-faultnotify https [ACK] Seq=3582 Ack=49667 Win=65535 Len=0
83 [TCP segment of a reassembled PDU]
84 [TCP segment of a reassembled PDU]
85 fc-faultnotify https [ACK] Seq=3582 Ack=52571 Win=65535 Len=0
86 [TCP segment of a reassembled PDU]
87 fc-faultnotify https [ACK] Seq=3582 Ack=54023 Win=65535 Len=0
88 [TCP segment of a reassembled PDU]
89 [TCP segment of a reassembled PDU]
90 fc-faultnotify https [ACK] Seq=3582 Ack=56927 Win=65535 Len=0
91 [TCP segment of a reassembled PDU]
92 fc-faultnotify https [ACK] Seq=3582 Ack=58379 Win=65535 Len=0
93 [TCP segment of a reassembled PDU]
94 Application Data
95 fc-faultnotify https [ACK] Seq=3582 Ack=61283 Win=65535 Len=0
96 [TCP segment of a reassembled PDU]
97 fc-faultnotify https [ACK] Seq=3582 Ack=62735 Win=65535 Len=0
98 https vrts-at-port [ACK] Seq=1 Ack=181 Win=15544 Len=0
99 Server Hello, Change Cipher Spec, Encrypted Handshake Message
100 Change Cipher Spec, Encrypted Handshake Message, Application Data
101 [TCP segment of a reassembled PDU]
102 [TCP segment of a reassembled PDU]
103 fc-faultnotify https [ACK] Seq=3582 Ack=65639 Win=65535 Len=0
104 [TCP segment of a reassembled PDU]
105 fc-faultnotify https [ACK] Seq=3582 Ack=67091 Win=65535 Len=0
106 [TCP segment of a reassembled PDU]
107 [TCP segment of a reassembled PDU]
108 fc-faultnotify https [ACK] Seq=3582 Ack=69995 Win=65535 Len=0
109 [TCP segment of a reassembled PDU]
110 fc-faultnotify https [ACK] Seq=3582 Ack=71447 Win=65535 Len=0
111 [TCP segment of a reassembled PDU]
112 [TCP segment of a reassembled PDU]
113 fc-faultnotify https [ACK] Seq=3582 Ack=74351 Win=65535 Len=0
114 [TCP segment of a reassembled PDU]
115 fc-faultnotify https [ACK] Seq=3582 Ack=75803 Win=65535 Len=0
116 Application Data
117 [TCP segment of a reassembled PDU]
118 fc-faultnotify https [ACK] Seq=3582 Ack=78707 Win=65535 Len=0
119 [TCP segment of a reassembled PDU]
120 fc-faultnotify https [ACK] Seq=3582 Ack=80159 Win=65535 Len=0
121 [TCP segment of a reassembled PDU]
122 [TCP segment of a reassembled PDU]
123 fc-faultnotify https [ACK] Seq=3582 Ack=83063 Win=65535 Len=0
124 [TCP segment of a reassembled PDU]
125 fc-faultnotify https [ACK] Seq=3582 Ack=84515 Win=65535 Len=0
126 [TCP segment of a reassembled PDU]
127 [TCP segment of a reassembled PDU]
128 fc-faultnotify https [ACK] Seq=3582 Ack=87419 Win=65535 Len=0
129 [TCP segment of a reassembled PDU]
130 fc-faultnotify https [ACK] Seq=3582 Ack=88871 Win=65535 Len=0
131 Application Data
132 [TCP segment of a reassembled PDU]
133 [TCP segment of a reassembled PDU]
134 vrts-at-port https [ACK] Seq=709 Ack=3043 Win=65535 Len=0
135 [TCP segment of a reassembled PDU]
136 vrts-at-port https [ACK] Seq=709 Ack=4495 Win=65535 Len=0
137 [TCP segment of a reassembled PDU]
138 [TCP segment of a reassembled PDU]
139 vrts-at-port https [ACK] Seq=709 Ack=7399 Win=65535 Len=0
140 [TCP segment of a reassembled PDU]
141 vrts-at-port https [ACK] Seq=709 Ack=8851 Win=65535 Len=0
142 [TCP segment of a reassembled PDU]
143 [TCP segment of a reassembled PDU]
144 vrts-at-port https [ACK] Seq=709 Ack=11755 Win=65535 Len=0
145 [TCP segment of a reassembled PDU]
146 vrts-at-port https [ACK] Seq=709 Ack=13207 Win=65535 Len=0
147 Application Data
148 vrts-at-port https [ACK] Seq=709 Ack=13984 Win=64758 Len=0
149 fc-faultnotify https [ACK] Seq=3582 Ack=88883 Win=65523 Len=0
150 Encrypted Alert
151 vrts-at-port https [FIN, ACK] Seq=746 Ack=13984 Win=64758 Len=0
152 Encrypted Alert
153 fc-faultnotify https [FIN, ACK] Seq=3619 Ack=88883 Win=65523
Len=0
154 https vrts-at-port [FIN, ACK] Seq=13984 Ack=747 Win=16616 Len=0
155 vrts-at-port https [ACK] Seq=747 Ack=13985 Win=64758 Len=0
156 https fc-faultnotify [FIN, ACK] Seq=88883 Ack=3620 Win=24120
Len=0
157 fc-faultnotify https [ACK] Seq=3620 Ack=88884 Win=65523 Len=0
158 Standard query 0x5952 A safebrowsing.google.com
159 Standard query 0x6a02 A safebrowsing.google.com
160 Standard query response 0x5952 CNAME sb.l.google.com A
74.125.224.133 A 74.125.224.132 A 74.125.224.137 A 74.125.224.128 A
74.125.224.130 A 74.125.224.131 A 74.125.224.136 A 74.125.224.142 A
74.125.224.129 A 74.125.224.134 A 74.125.224.135
161 Standard query response 0x6a02 CNAME sb.l.google.com A
74.125.224.137 A 74.125.224.128 A 74.125.224.130 A 74.125.224.131 A
74.125.224.136 A 74.125.224.142 A 74.125.224.129 A 74.125.224.134 A
74.125.224.135 A 74.125.224.133 A 74.125.224.132
162 slc-systemlog https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
163 https slc-systemlog [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=
1430 SACK_PERM=1
164 slc-systemlog https [ACK] Seq=1 Ack=1 Win=65535 Len=0
165 Client Hello
166 https slc-systemlog [ACK] Seq=1 Ack=191 Win=43952 Len=0
167 Server Hello
168 [TCP segment of a reassembled PDU]
169 slc-systemlog https [ACK] Seq=191 Ack=2861 Win=65535 Len=0
170 Certificate
171 slc-systemlog https [ACK] Seq=191 Ack=3945 Win=64451 Len=0
172 Standard query 0xb9b9 A clients1.google.com
173 Standard query response 0xb9b9 CNAME clients.l.google.com A
74.125.224.128 A 74.125.224.133 A 74.125.224.135 A 74.125.224.132 A
74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A
74.125.224.136 A 74.125.224.131 A 74.125.224.142
174 Client Key Exchange, Change Cipher Spec, Hello Request, Hello
Request
175 Standard query 0x0f21 A clients1.google.com
176 Standard query response 0x0f21 CNAME clients.l.google.com A
74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A
74.125.224.136 A 74.125.224.131 A 74.125.224.142 A 74.125.224.128 A
74.125.224.133 A 74.125.224.135 A 74.125.224.132
177 silkp2 http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
178 New Session Ticket, Change Cipher Spec, Hello Request, Hello
Request
179 Application Data
180 slc-systemlog https [ACK] Seq=353 Ack=4248 Win=64148 Len=0
181 Application Data
182 http silkp2 [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430
SACK_PERM=1
183 silkp2 http [ACK] Seq=1 Ack=1 Win=65535 Len=0
184 Request
185 http silkp2 [ACK] Seq=1 Ack=435 Win=43952 Len=0
186 slc-systemlog https [ACK] Seq=353 Ack=4293 Win=65535 Len=0
187 Response
188 silkp2 http [ACK] Seq=435 Ack=783 Win=64753 Len=0
189 Application Data
190 https slc-systemlog [ACK] Seq=4293 Ack=418 Win=45024 Len=0
191 Application Data, Application Data
192 https slc-systemlog [ACK] Seq=4293 Ack=1362 Win=46256 Len=0
193 Application Data
194 Application Data, Application Data
195 slc-systemlog https [ACK] Seq=1362 Ack=5065 Win=64763 Len=0
196 Application Data
197 Standard query 0x7fb6 A safebrowsing-cache.google.com
198 https slc-systemlog [ACK] Seq=5065 Ack=1403 Win=46256 Len=0
199 Standard query 0x2f49 A safebrowsing-cache.google.com
200 Standard query response 0x7fb6 CNAME
safebrowsing.cache.l.google.com A 74.125.224.131 A 74.125.224.129 A
74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A
74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A
74.125.224.136
201 Standard query response 0x2f49 CNAME
safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A
74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A
74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A
74.125.224.131
202 evtp https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
203 https evtp [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430
SACK_PERM=1
204 evtp https [ACK] Seq=1 Ack=1 Win=65535 Len=0
205 Client Hello
206 https evtp [ACK] Seq=1 Ack=518 Win=43952 Len=0
207 Server Hello, Change Cipher Spec, Hello Request, Hello Request
208 Change Cipher Spec, Hello Request, Hello Request, Application
Data, Application Data
209 Application Data
210 Application Data
211 evtp https [ACK] Seq=1287 Ack=284 Win=65252 Len=0
212 Application Data
213 Application Data, Application Data
214 evtp https [ACK] Seq=1287 Ack=770 Win=64766 Len=0
215 Application Data
216 Standard query 0xbde9 A safebrowsing-cache.google.com
217 Standard query response 0xbde9 CNAME
safebrowsing.cache.l.google.com A 74.125.224.134 A 74.125.224.136 A
74.125.224.131 A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A
74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A
74.125.224.133
218 https evtp [ACK] Seq=770 Ack=1328 Win=45371 Len=0
219 Application Data
220 https evtp [ACK] Seq=770 Ack=1955 Win=46909 Len=0
221 Application Data
222 Application Data
223 evtp https [ACK] Seq=1955 Ack=2272 Win=65535 Len=0
224 Application Data
225 Application Data
226 evtp https [ACK] Seq=1955 Ack=2404 Win=65403 Len=0
227 Application Data
228 Standard query 0xaab3 A safebrowsing-cache.google.com
229 Standard query response 0xaab3 CNAME
safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A
74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A
74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A
74.125.224.131
230 https evtp [ACK] Seq=2404 Ack=1996 Win=46909 Len=0
231 Application Data
232 https evtp [ACK] Seq=2404 Ack=2620 Win=48447 Len=0
233 Application Data
234 Application Data
235 evtp https [ACK] Seq=2620 Ack=3904 Win=65535 Len=0
236 Application Data
237 Application Data
238 evtp https [ACK] Seq=2620 Ack=5993 Win=65535 Len=0
239 Application Data
240 Application Data
241 https evtp [ACK] Seq=6034 Ack=2661 Win=48447 Len=0
242 j-lan-p nntp [FIN, ACK] Seq=1 Ack=1 Win=65448 Len=0
243 nntp j-lan-p [ACK] Seq=1 Ack=2 Win=65499 Len=0
244 nntp j-lan-p [FIN, ACK] Seq=1 Ack=2 Win=65499 Len=0
245 j-lan-p nntp [ACK] Seq=2 Ack=2 Win=65448 Len=0
246 netsteward nntp [FIN, ACK] Seq=1 Ack=1 Win=65450 Len=0
247 nntp netsteward [ACK] Seq=1 Ack=2 Win=65503 Len=0
248 nntp netsteward [FIN, ACK] Seq=1 Ack=2 Win=65503 Len=0
249 netsteward nntp [ACK] Seq=2 Ack=2 Win=65450 Len=0

Any better? Or is there something I should have left in the scan? IIRC,
this is just Optimax set to port 119.

More news this morning. On the emachine, the SFF news server using 1119
port continues to work. So I emailed Individual net and they told me to
try 8119 port, among others. Tried it and Individual worked perfectly!
(Optimax still no go with 119.) Restarted Xnews multiple times. No
problems. Then left and returned a few hours later. Restarted Xnews, now
Individual doesn't work again! Checked and still set to 8119.

This is really weird. An ISP (CenturyLink) problem? Emachine problem? I'm
thoroughly snowed, especially with the changing symptoms. Everytime I
think I have it fixed the problem returns!

sigh

Ken



Your trace above doesn't have enough "NNTP" entries to constitute
a trace of an NNTP session. You should at least be seeing a line
with "nntp", a reference to the outgoing port you've selected
for the session (119). And if we're lucky, a "200" welcome response
from each news server contacted.

You need to turn on more details. IP addresses and so on. Even your
first trace was doing a better job.

If you have a long trace, with full details, copy and paste it into
a pastebin.com window. The pastebin.com window should return a URL,
which you can post here. Just post the URL, and any comments you
might have.

Paul

Paul wrote in :

Your trace above doesn't have enough "NNTP" entries to constitute
a trace of an NNTP session. You should at least be seeing a line
with "nntp", a reference to the outgoing port you've selected
for the session (119). And if we're lucky, a "200" welcome response
from each news server contacted.

You need to turn on more details. IP addresses and so on. Even your
first trace was doing a better job.

If you have a long trace, with full details, copy and paste it into
a pastebin.com window. The pastebin.com window should return a URL,
which you can post here. Just post the URL, and any comments you
might have.

Paul


OK. Made another trace printing with

Packet Summary line
Packet details
All expanded

It's ~650K Too long to post here. Undecipherable to my feeble mind.

First of all, is this what you wanted or so I have to set something else
somewhere in Wireshark?

This Pastebin.com looks VERY complicated. Can you think of another
alternative?

Lastest: Xnews seems to be working with Individual news pretty regularly
using port 8119. Optimax news with port 119 keeps timing out. I tried
using emachine, usually CenturyLink ISP and DSL, with Sitestar dial up
ISP. Still doesn't work with Optimax, though Individual is OK, which I
guess points to emachine problem. Must be a VERY strange problem. I
really don't want to buy a new computer to just read this one news
server.

Now what?

TIA

Ken


--
You know it's time to clean the refrigerator
when something closes the door from the inside.