2.1.95 packets outside tcp window?

Mike Perry (mikepery@mikepery.linuxos.org)
Sat, 11 Apr 1998 09:33:15 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bo Johansson: "Re: 2.1.95: freezes persist"
Previous message: mlord: "Re: 2.1.95 warnings in ide.c ide-disk-c and console.c"

I have been getting alot of icmp packet outside the tcp window while using
jdk 1.1.5v5 (Steve Byrne's) and AIM (Aol's instant messanger) 1.1.18.

The server I connect to with AIM has always been crappy, and I always get
ICMP time exceeded messages from them, but in kernels 2.1.94 and .95 I
have just started to get the following:

Apr 11 09:17:38 mikepery kernel: icmp packet outside the tcp window: s:1
1254564717,1254564746,1254564746

icmpinfo dump:

root:/root> /usr/local/sbin/icmpinfo -vvvvv
icmpinfo: Icmp monitoring in progress...
Apr 11 14:17:39 ICMP_Time_Exceeded < 198.81.3.28 [bos-r041.blue.aol.com] >
152.163.247.103 sp=8708 dp=5190 seq=0x4ac7236d sz=36(+20)
0000 : 4500 0038 70B7 4000 F401 5D07 C651 031C E..8p.@...]..Q..
0010 : CC5F 2339 0B00 6171 0000 0000 4500 0045 ._#9..aq....E..E
0020 : 0702 4000 ..@.
Apr 11 14:17:39 ICMP_Time_Exceeded < 198.81.3.28 [bos-r041.blue.aol.com] >
152.163.247.103 sp=8708 dp=5190 seq=0x4ac7238a sz=36(+20)
0000 : 4500 0038 72FB 4000 F501 59C3 C651 031C E..8r.@...Y..Q..
0010 : CC5F 2339 0B00 616F 0000 0000 4500 0028 ._#9..ao....E..(
0020 : 0704 4000 ..@.
Apr 11 14:17:40 ICMP_Time_Exceeded < 198.81.3.28 [bos-r041.blue.aol.com] >
152.163.247.103 sp=8708 dp=5190 seq=0x4ac7238a sz=36(+20)
0000 : 4500 0038 72FC 4000 F501 59C2 C651 031C E..8r.@...Y..Q..
0010 : CC5F 2339 0B00 616E 0000 0000 4500 0028 ._#9..an....E..(
0020 : 0705 4000 ..@.

kernel logs during the following tcpdump:

Apr 11 14:26:00 mikepery icmpinfo: ICMP_Time_Exceeded < 198.81.3.28
[bos-r041.blue.aol.com] > 152.163.247.103 sp=8708 dp=5190 seq=0x4ac723e4
sz=36(+20)
Apr 11 14:26:00 mikepery icmpinfo: ICMP_Time_Exceeded < 198.81.3.28
[bos-r041.blue.aol.com] > 152.163.247.103 sp=8708 dp=5190 seq=0x4ac72401
sz=36(+20)

Apr 11 09:26:09 mikepery kernel: icmp packet outside the tcp window: s:1
1254564865,1254564894,1254564894

Apr 11 14:26:10 mikepery icmpinfo: ICMP_Time_Exceeded < 198.81.3.28
[bos-r041.blue.aol.com] > 152.163.247.103 sp=8708 dp=5190 seq=0x4ac72401
sz=36(+20)
Apr 11 14:26:10 mikepery icmpinfo: ICMP_Time_Exceeded < 198.81.3.28
[bos-r041.blue.aol.com] > 152.163.247.103 sp=8708 dp=5190 seq=0x4ac7241e
sz=36(+20)

tcpdump version 3.4a5 dump:
09:25:59.122599 204.95.35.57.1058 > 152.163.247.103.5190: P 1254564836:1254564865(29) ack 2118096946 win 32436 (DF)
09:25:59.318793 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.348754 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.408780 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.408801 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.458765 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.458786 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.468773 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.528779 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.528801 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.588767 198.81.3.28 > 204.95.35.57: icmp: time exceeded in-transit (DF)
09:25:59.588827 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.591783 204.95.35.57.1027 > 192.160.127.90.domain: 29104+ (42)
09:25:59.598807 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.658772 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.658794 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.658815 152.163.247.103.5190 > 204.95.35.57.1058: . ack 29 win 16384 (DF)
09:25:59.688788 152.163.247.103.5190 > 204.95.35.57.1058: P 1:54(53) ack 29 win 16384 (DF)
09:25:59.708781 204.95.35.57.1058 > 152.163.247.103.5190: . ack 54 win 32436 (DF)
09:25:59.868809 192.160.127.90.domain > 204.95.35.57.1027: 29104 1/2/2 (172)
09:25:59.870007 204.95.35.57.1027 > 192.160.127.90.domain: 29105+ (46)
09:25:59.918804 198.81.3.28 > 204.95.35.57: icmp: time exceeded in-transit (DF)
09:26:00.158784 192.160.127.90.domain > 204.95.35.57.1027: 29105 NXDomain* 0/1/0 (138)
09:26:00.162442 204.95.35.57.1027 > 192.160.127.90.domain: 29106+ (42)
09:26:00.438804 192.160.127.90.domain > 204.95.35.57.1027: 29106 1/2/2 (172)
09:26:00.440353 204.95.35.57.1027 > 192.160.127.90.domain: 29107+ (46)
09:26:00.698788 192.160.127.90.domain > 204.95.35.57.1027: 29107 NXDomain* 0/1/0 (138)
09:26:09.191683 204.95.35.57.1058 > 152.163.247.103.5190: P 29:58(29) ack 54 win 32436 (DF)
09:26:09.388793 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.448787 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.458775 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.458798 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.488780 198.81.3.28 > 204.95.35.57: icmp: time exceeded in-transit (DF)
09:26:09.490162 204.95.35.57.1027 > 192.160.127.90.domain: 29108+ (42)
09:26:09.518782 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.568761 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.568783 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.628780 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.628804 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.688774 152.163.247.103.5190 > 204.95.35.57.1058: P 54:107(53) ack 58 win 16384 (DF)
09:26:09.698772 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.698801 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.708775 204.95.35.57.1058 > 152.163.247.103.5190: . ack 107 win 32436 (DF)
09:26:09.748812 152.163.247.103.5190 > 204.95.35.57.1058: P 54:107(53) ack 58 win 16384 (DF)
09:26:09.748896 204.95.35.57.1058 > 152.163.247.103.5190: . ack 107 win 32436 (DF)
09:26:09.758789 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.758816 152.163.247.103.5190 > 204.95.35.57.1058: . ack 58 win 16384 (DF)
09:26:09.858818 192.160.127.90.domain > 204.95.35.57.1027: 29108 1/2/2 (172)
09:26:09.860330 204.95.35.57.1027 > 192.160.127.90.domain: 29109+ (46)
09:26:09.918791 198.81.3.28 > 204.95.35.57: icmp: time exceeded in-transit (DF)
09:26:09.978794 198.81.3.28 > 204.95.35.57: icmp: time exceeded in-transit (DF)
09:26:10.118784 192.160.127.90.domain > 204.95.35.57.1027: 29109 NXDomain* 0/1/0 (138)
09:26:10.122069 204.95.35.57.1027 > 192.160.127.90.domain: 29110+ (42)
09:26:10.398832 192.160.127.90.domain > 204.95.35.57.1027: 29110 1/2/2 (172)
09:26:10.400413 204.95.35.57.1027 > 192.160.127.90.domain: 29111+ (46)
09:26:10.658774 192.160.127.90.domain > 204.95.35.57.1027: 29111 NXDomain* 0/1/0 (138)
09:26:10.662271 204.95.35.57.1027 > 192.160.127.90.domain: 29112+ (42)
09:26:10.938795 192.160.127.90.domain > 204.95.35.57.1027: 29112 1/2/2 (172)
09:26:10.939932 204.95.35.57.1027 > 192.160.127.90.domain: 29113+ (46)
09:26:11.198781 192.160.127.90.domain > 204.95.35.57.1027: 29113 NXDomain* 0/1/0 (138)

--- Mike Perry Maintainer of www.linuxos.org and subpages.

Insert funny fortune here.

---

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu

Next message: Bo Johansson: "Re: 2.1.95: freezes persist"
Previous message: mlord: "Re: 2.1.95 warnings in ide.c ide-disk-c and console.c"