Xnews failure update in XP Home

[Paul]

I think I told you I turned off Kaspersky's and Windows' firewalls
yesterday on the emachine and tried Xnews. No help. Turned Kaspersky's
firewall back on, left Windows' off.

Ken

So as a form of summary...

1) Web surfing, lengthy downloads, all work normally.

2) Only Xnews is affected. Symptoms are not constant.

3) Is the home networking box the same, or is a
brand new ADSL modem/router in the picture ? Then
the router portion is a new ingredient.

4) In the case of (3), going back to dialup, on the same
computer with the trouble, should cure the problem.
Xnews should work consistently, if dialup is running
and *cable running to router is disconnected*.

5) Wireshark is your friend.

6) Other ports are available, like 563 or 443 on the external
news server. But if you use those, it makes the Wireshark
trace unreadable. Only port 119 or port 80 are candidates
for that. And Xnews might not be the best candidate for testing
all those ports. Thunderbird could be used for that.

Since I'm just not seeing a pattern I can work with, you're
going to have to search for a pattern for me.

In the one trace you've shown me, I see traces of UPNP, of
IPV6 router protocols, as well as the USENET news actibity
(that was failing). But I'm failing to lace together what
Xnews is doing with respect to two servers at once. I don't
understand it well enough to comment. I'm not seeing the
normal sequence I see here in Wireshark, when using a USENET
server (with authentication).

Paul

 

[KenK]

So as a form of summary...

1) Web surfing, lengthy downloads, all work normally.
Yes

2) Only Xnews is affected. Symptoms are not constant.

No. Also Thunderbird and Xananews. Also: both Optimax and Individual news
servers worked fine again this morning - once. This is the third time
this has happened. I shut down Xnews and restarted several times without
changing anything. It refused to work again. This is frantically trying
to tell me something but I don't know what.

3) Is the home networking box the same, or is a
brand new ADSL modem/router in the picture ? Then
the router portion is a new ingredient.

The emachine, which doesn't work, uses the new DSL modem. The Compaq,
which works, uses a dial-up modem and a different ISP.

4) In the case of (3), going back to dialup, on the same
computer with the trouble, should cure the problem.
Xnews should work consistently, if dialup is running
and *cable running to router is disconnected*.

I tried the emachine on the dial-up modem a few weeks ago and the
newsreader didn't work that way either. I'm going to try this again this
week.

5) Wireshark is your friend.

6) Other ports are available, like 563 or 443 on the external
news server.

I've tried 0, 110, and 1119. None works on emachine. I use Xnews and
Compaq work wirh port 0 or 119 for Optimax and 119 for Individual. I've
not tried Thunderboird or Xananews on the Compaq machine as Xnews works
fine.

But if you use those, it makes the Wireshark
trace unreadable. Only port 119 or port 80 are candidates
for that. And Xnews might not be the best candidate for testing
all those ports. Thunderbird could be used for that.

Since I'm just not seeing a pattern I can work with, you're
going to have to search for a pattern for me.

In the one trace you've shown me, I see traces of UPNP, of
IPV6 router protocols, as well as the USENET news actibity
(that was failing). But I'm failing to lace together what
Xnews is doing with respect to two servers at once. I don't
understand it well enough to comment. I'm not seeing the
normal sequence I see here in Wireshark, when using a USENET
server (with authentication).

Paul

Today I'm searching Google for a clue and will try Wireshark with T-bird
again. Maybe I can find a Wireshark option that will make the results
clearer.

Ken

 

[KenK]

Since I'm just not seeing a pattern I can work with, you're
going to have to search for a pattern for me.

Is there a way to make the Wireshark printout look as clear and
understandable as the screen trace display? I find them very different. Any
hints please? Also, how can I save the printout to a file so I can send it,
or part of it, to you here if it seems interesting?

TIA

Ken

 

[Paul]

Is there a way to make the Wireshark printout look as clear and
understandable as the screen trace display? I find them very different. Any
hints please? Also, how can I save the printout to a file so I can send it,
or part of it, to you here if it seems interesting?

TIA

Ken

I made this one, by selecting "Print", in the Print dialog box,
selecting the "Generic/Text" output option, instead of my
regular printer.

No. Time Source Destination Protocol Info
1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.16
Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: 192.168.20.180 (00:1f:c6:8c:dc:f4), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

The first line of that, matches the screen (the output seems to truncate after
80 characters or so, perhaps a printer characteristic). I would have to edit and
remove the three lines below. Once edited, I would get

No. Time Source Destination Protocol Info
1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.16

The truncation ruins it a bit.

*******

If I use Export, I can output to text or Postscript. The Postscript you can
open in GIMP (assuming you've set it up to handle PostScript). Some other
viewers probably handle PostScript as well. You can paste the PostScript or
the text, to pastebin.com as a means of passing the trace. Then post a URL.
PostScript is a printer language, related to PDF, and Distiller accepts
PostScript as an input format for making documents. Years ago, you had
a good selection of printers that accepted PostScript.

No. Time Source Destination Protocol Info
1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.168.20.180

Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: 192.168.20.180 (00:1f:c6:8c:dc:f4), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

I ticked the first two boxes in the options to get that.
"Packet Summary" and "Packet Details" (As Displayed).

Now, if I just select "Packet Summary", that doesn't look bad. Using
Packet Summary, there is less to edit out.

No. Time Source Destination Protocol Info
1 12:14:19.720678 192.168.20.180 Broadcast ARP Who has 192.168.20.1? Tell 192.168.2.180

When you have "View:Name Resolution" turned on in the main screen,
that changes the numeric value of my Destination example to "Broadcast",
rather than displaying the number. Since 192.168.20.180 is a non-routeable
address, and there is also no DNS entry for it, the "View" option cannot
translate it. But when you contact "news.individual.net", you should see
the text for that and not a number. As long as all the View:Name Resolution
items are ticked (turned on).

I'm not suggesting Pastebin.com as a means to encourage a humongous
trace, but as a convenient means to pass text. USENET posts do have
a size limit, and Pastebin.com can go larger than that. If there are
any USERNAME or PASSWORD elements in your trace, don't forget to
edit them out (with XXXXXXXX or similar).

HTH,
Paul

 

[Dee]

I don't know if this is related to your problem or not, but I'll share
it as a possibility.

I had something similar happen a long long time ago where I was getting
intermittent connections with my NSP (newsgroup service provider). I
could randomly connect sometimes but other times I couldn't, sometimes
even just a few minutes apart. I called the NSP and it turned out that
they had a bank of modems that was failing. Some modems were okay but
others were not, and it was the luck of the draw which modem you
happened to get. They replaced the modems and my problems went away.

You've probably already thought of this but I just thought I'd throw it
out there.

Dee

 

[KenK]

If there are
any USERNAME or PASSWORD elements in your trace, don't forget to
edit them out (with XXXXXXXX or similar).

Hi Paul

Here's an Wireshark Xnews printout, much briefer and clearer than the
last one. However, I still don't understand my problem. Here it is -
authentication code and user name are Xed out.

30 Standard query response 0x8934 A 130.133.4.11
31 Standard query 0x1e4d A news.optimax.com
32 Standard query response 0x1e4d A 98.100.194.170
33 Standard query 0xd346 A news.sff.net
34 Standard query response 0xd346 A 71.252.193.52
35 webobjects > nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=
1
36 cplscrambler-in > bnetgame [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
37 cplscrambler-al > nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
38 bnetgame > cplscrambler-in [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0
MSS=1452 SACK_PERM=1
39 cplscrambler-in > bnetgame [ACK] Seq=1 Ack=1 Win=65535 Len=0
40 bnetgame > cplscrambler-in [PSH, ACK] Seq=1 Ack=1 Win=65535 Len=
86
41 nntp > cplscrambler-al [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0
MSS=1452 SACK_PERM=1
42 cplscrambler-al > nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0
43 nntp > webobjects [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1452
SACK_PERM=1
44 webobjects > nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0
45 cplscrambler-in > bnetgame [PSH, ACK] Seq=1 Ack=87 Win=65449 Len=
13
46 bnetgame > cplscrambler-in [PSH, ACK] Seq=87 Ack=14 Win=65522
Len=41
47 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24
48 cplscrambler-al > nntp [ACK] Seq=1 Ack=42 Win=65494 Len=0
49 cplscrambler-in > bnetgame [ACK] Seq=14 Ack=128 Win=65408 Len=0
50 cplscrambler-in > bnetgame [PSH, ACK] Seq=14 Ack=128 Win=65408
Len=32
51 bnetgame > cplscrambler-in [PSH, ACK] Seq=128 Ack=46 Win=65490
Len=52
52 Response: 200 The server welcomes 71-223-138-135.phnx.qwest.net
(71.223.138.135). Authorization required for reading and posting.
53 cplscrambler-in > bnetgame [ACK] Seq=46 Ack=180 Win=65356 Len=0
54 Request: MODE READER
55 Request: MODE READER
56 Response: 200 ignored
57 nntp > webobjects [ACK] Seq=122 Ack=14 Win=14600 Len=0
58 Response: 200 You are already in this mode. Ignored.
59 Request: AUTHINFO USER xxxxxxxxxxxxx
60 Request: GROUP sdforum.newsreaders
61 Response: 211 189 1 189 sdforum.newsreaders
62 Response: 381 PASS required
63 Request: AUTHINFO PASS xxxxxxxxxxxx
64 cplscrambler-al > nntp [ACK] Seq=41 Ack=90 Win=65446 Len=0
65 Response: 281 Authentication accepted. (UID=307388)
66 Request: GROUP alt.food.fat-free
67 Response: 211 2 42452 42453 alt.food.fat-free
68 webobjects > nntp [ACK] Seq=92 Ack=265 Win=65271 Len=0
69 avocent-proxy > https [FIN, ACK] Seq=1304 Ack=266 Win=65270 Len=0
70 https > avocent-proxy [ACK] Seq=266 Ack=1305 Win=65535 Len=0
71 https > avocent-proxy [FIN, ACK] Seq=266 Ack=1305 Win=65535 Len=0
72 avocent-proxy > https [ACK] Seq=1305 Ack=267 Win=65270 Len=0
73 Who has 192.168.0.2? Tell 192.168.0.1
74 192.168.0.2 is at 00:11:11:5a:b1:0c
75 NOTIFY * HTTP/1.1
76 NOTIFY * HTTP/1.1
77 NOTIFY * HTTP/1.1
78 NOTIFY * HTTP/1.1
79 cplscrambler-al > nntp [FIN, ACK] Seq=41 Ack=90 Win=65446 Len=0
80 nntp > cplscrambler-al [ACK] Seq=90 Ack=42 Win=65495 Len=0
81 nntp > cplscrambler-al [FIN, ACK] Seq=90 Ack=42 Win=65495 Len=0
82 cplscrambler-al > nntp [ACK] Seq=42 Ack=91 Win=65446 Len=0
83 webobjects > nntp [FIN, ACK] Seq=92 Ack=265 Win=65271 Len=0
84 Response: 205 .
85 nntp > webobjects [FIN, ACK] Seq=272 Ack=93 Win=14600 Len=0
86 webobjects > nntp [ACK] Seq=93 Ack=273 Win=65264 Len=0
87 cplscrambler-in > bnetgame [PSH, ACK] Seq=46 Ack=180 Win=65356
Len=6
88 bnetgame > cplscrambler-in [PSH, ACK] Seq=180 Ack=52 Win=65484
Len=35
89 bnetgame > cplscrambler-in [FIN, ACK] Seq=215 Ack=52 Win=65484
Len=0
90 cplscrambler-in > bnetgame [ACK] Seq=52 Ack=216 Win=65321 Len=0
91 cplscrambler-in > bnetgame [FIN, ACK] Seq=52 Ack=216 Win=65321
Len=0
92 bnetgame > cplscrambler-in [ACK] Seq=216 Ack=53 Win=65484 Len=0

Any clues? I also did this with T-bird but I see no clues in it. Do you
want to see it?

TIA

Ken

 

[Paul]

If there are
any USERNAME or PASSWORD elements in your trace, don't forget to
edit them out (with XXXXXXXX or similar).

Hi Paul

Here's an Wireshark Xnews printout, much briefer and clearer than the
last one. However, I still don't understand my problem. Here it is -
authentication code and user name are Xed out.

30 Standard query response 0x8934 A 130.133.4.11
31 Standard query 0x1e4d A news.optimax.com
32 Standard query response 0x1e4d A 98.100.194.170
33 Standard query 0xd346 A news.sff.net
34 Standard query response 0xd346 A 71.252.193.52
35 webobjects > nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=
1
36 cplscrambler-in > bnetgame [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
37 cplscrambler-al > nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
38 bnetgame > cplscrambler-in [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0
MSS=1452 SACK_PERM=1
39 cplscrambler-in > bnetgame [ACK] Seq=1 Ack=1 Win=65535 Len=0
40 bnetgame > cplscrambler-in [PSH, ACK] Seq=1 Ack=1 Win=65535 Len=
86
41 nntp > cplscrambler-al [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0
MSS=1452 SACK_PERM=1
42 cplscrambler-al > nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0
43 nntp > webobjects [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1452
SACK_PERM=1
44 webobjects > nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0
45 cplscrambler-in > bnetgame [PSH, ACK] Seq=1 Ack=87 Win=65449 Len=
13
46 bnetgame > cplscrambler-in [PSH, ACK] Seq=87 Ack=14 Win=65522
Len=41
47 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24
48 cplscrambler-al > nntp [ACK] Seq=1 Ack=42 Win=65494 Len=0
49 cplscrambler-in > bnetgame [ACK] Seq=14 Ack=128 Win=65408 Len=0
50 cplscrambler-in > bnetgame [PSH, ACK] Seq=14 Ack=128 Win=65408
Len=32
51 bnetgame > cplscrambler-in [PSH, ACK] Seq=128 Ack=46 Win=65490
Len=52
52 Response: 200 The server welcomes 71-223-138-135.phnx.qwest.net
(71.223.138.135). Authorization required for reading and posting.
53 cplscrambler-in > bnetgame [ACK] Seq=46 Ack=180 Win=65356 Len=0
54 Request: MODE READER
55 Request: MODE READER
56 Response: 200 ignored
57 nntp > webobjects [ACK] Seq=122 Ack=14 Win=14600 Len=0
58 Response: 200 You are already in this mode. Ignored.
59 Request: AUTHINFO USER xxxxxxxxxxxxx
60 Request: GROUP sdforum.newsreaders
61 Response: 211 189 1 189 sdforum.newsreaders
62 Response: 381 PASS required
63 Request: AUTHINFO PASS xxxxxxxxxxxx
64 cplscrambler-al > nntp [ACK] Seq=41 Ack=90 Win=65446 Len=0
65 Response: 281 Authentication accepted. (UID=307388)
66 Request: GROUP alt.food.fat-free
67 Response: 211 2 42452 42453 alt.food.fat-free
68 webobjects > nntp [ACK] Seq=92 Ack=265 Win=65271 Len=0
69 avocent-proxy > https [FIN, ACK] Seq=1304 Ack=266 Win=65270 Len=0
70 https > avocent-proxy [ACK] Seq=266 Ack=1305 Win=65535 Len=0
71 https > avocent-proxy [FIN, ACK] Seq=266 Ack=1305 Win=65535 Len=0
72 avocent-proxy > https [ACK] Seq=1305 Ack=267 Win=65270 Len=0
73 Who has 192.168.0.2? Tell 192.168.0.1
74 192.168.0.2 is at 00:11:11:5a:b1:0c
75 NOTIFY * HTTP/1.1
76 NOTIFY * HTTP/1.1
77 NOTIFY * HTTP/1.1
78 NOTIFY * HTTP/1.1
79 cplscrambler-al > nntp [FIN, ACK] Seq=41 Ack=90 Win=65446 Len=0
80 nntp > cplscrambler-al [ACK] Seq=90 Ack=42 Win=65495 Len=0
81 nntp > cplscrambler-al [FIN, ACK] Seq=90 Ack=42 Win=65495 Len=0
82 cplscrambler-al > nntp [ACK] Seq=42 Ack=91 Win=65446 Len=0
83 webobjects > nntp [FIN, ACK] Seq=92 Ack=265 Win=65271 Len=0
84 Response: 205 .
85 nntp > webobjects [FIN, ACK] Seq=272 Ack=93 Win=14600 Len=0
86 webobjects > nntp [ACK] Seq=93 Ack=273 Win=65264 Len=0
87 cplscrambler-in > bnetgame [PSH, ACK] Seq=46 Ack=180 Win=65356
Len=6
88 bnetgame > cplscrambler-in [PSH, ACK] Seq=180 Ack=52 Win=65484
Len=35
89 bnetgame > cplscrambler-in [FIN, ACK] Seq=215 Ack=52 Win=65484
Len=0
90 cplscrambler-in > bnetgame [ACK] Seq=52 Ack=216 Win=65321 Len=0
91 cplscrambler-in > bnetgame [FIN, ACK] Seq=52 Ack=216 Win=65321
Len=0
92 bnetgame > cplscrambler-in [ACK] Seq=216 Ack=53 Win=65484 Len=0

Any clues? I also did this with T-bird but I see no clues in it. Do you
want to see it?

TIA

Ken

Yes, but it's talking to two servers in that trace. Removing the
IP addresses, now you can't tell which line belongs to which
conversation. Here, both servers welcome you, which means
your packet got routed to them on port 119 OK.

47 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24
52 Response: 200 The server welcomes 71-223-138-135.phnx.qwest.net

(71.223.138.135). Authorization required for reading and posting.

One server gets bored, because your client didn't send it anything
further. It closes the connection, presumably on timeout. Servers use
short timeout constants, so not too many connections are open in
the connection table of the server (each one takes RAM).

84 Response: 205 .

The other server, you send it authentication, and can get as far
as querying the low water and high water marks on one newsgroup.
But then it doesn't fetch anything. So it doesn't seem to have
done anything with this info. Or maybe Xnews is now trying to
contact the local server it runs or something ? I don't really
understand how Xnews works. What its purpose is.

67 Response: 211 2 42452 42453 alt.food.fat-free

The Thunderbird trace should be easier to read, as it's going
to be working with just one server at a time, And it doesn't run
its own server, use an external program for SSL, and so on. The
trace should be easier to read (in theory).

Paul

 

[KenK]

The Thunderbird trace should be easier to read, as it's going
to be working with just one server at a time, And it doesn't run
its own server, use an external program for SSL, and so on. The
trace should be easier to read (in theory).

OK. Here's the T-bird trace I made a couple of days ago.

1 http > media-agent [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
2 http > piccolo [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
3 Standard query 0x605d A www.mozilla.org
4 Standard query response 0x605d CNAME mozorg.dynect.mozilla.net A
63.245.215.20
5 fc-faultnotify > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
6 https > fc-faultnotify [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0
MSS=1452 SACK_PERM=1
7 fc-faultnotify > https [ACK] Seq=1 Ack=1 Win=65535 Len=0
8 Client Hello
9 https > fc-faultnotify [ACK] Seq=1 Ack=149 Win=15544 Len=0
10 Server Hello
11 [TCP segment of a reassembled PDU]
12 fc-faultnotify > https [ACK] Seq=149 Ack=2905 Win=65535 Len=0
13 Certificate
14 fc-faultnotify > https [ACK] Seq=149 Ack=3894 Win=64546 Len=0
15 Client Key Exchange, Change Cipher Spec, Encrypted Handshake
Message
16 Change Cipher Spec, Encrypted Handshake Message
17 Application Data
18 Application Data
19 Application Data
20 [TCP segment of a reassembled PDU]
21 Application Data
22 fc-faultnotify > https [ACK] Seq=1301 Ack=7435 Win=65535 Len=0
23 Application Data
24 [TCP segment of a reassembled PDU]
25 [TCP segment of a reassembled PDU]
26 fc-faultnotify > https [ACK] Seq=1754 Ack=10339 Win=65535 Len=0
27 Application Data
28 Application Data
29 [TCP segment of a reassembled PDU]
30 [TCP segment of a reassembled PDU]
31 fc-faultnotify > https [ACK] Seq=2207 Ack=13368 Win=65535 Len=0
32 [TCP segment of a reassembled PDU]
33 fc-faultnotify > https [ACK] Seq=2207 Ack=14820 Win=65535 Len=0
34 Application Data
35 Application Data
36 [TCP segment of a reassembled PDU]
37 [TCP segment of a reassembled PDU]
38 fc-faultnotify > https [ACK] Seq=2660 Ack=18445 Win=65535 Len=0
39 [TCP segment of a reassembled PDU]
40 fc-faultnotify > https [ACK] Seq=2660 Ack=19897 Win=65535 Len=0
41 Application Data
42 fc-faultnotify > https [ACK] Seq=2660 Ack=20378 Win=65054 Len=0
43 Application Data
44 [TCP segment of a reassembled PDU]
45 [TCP segment of a reassembled PDU]
46 fc-faultnotify > https [ACK] Seq=3129 Ack=23282 Win=65535 Len=0
47 [TCP segment of a reassembled PDU]
48 fc-faultnotify > https [ACK] Seq=3129 Ack=24734 Win=65535 Len=0
49 [TCP segment of a reassembled PDU]
50 [TCP segment of a reassembled PDU]
51 fc-faultnotify > https [ACK] Seq=3129 Ack=27638 Win=65535 Len=0
52 Application Data
53 Application Data
54 vrts-at-port > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
55 [TCP segment of a reassembled PDU]
56 [TCP segment of a reassembled PDU]
57 fc-faultnotify > https [ACK] Seq=3582 Ack=30791 Win=65535 Len=0
58 [TCP segment of a reassembled PDU]
59 fc-faultnotify > https [ACK] Seq=3582 Ack=32243 Win=65535 Len=0
60 [TCP segment of a reassembled PDU]
61 [TCP segment of a reassembled PDU]
62 fc-faultnotify > https [ACK] Seq=3582 Ack=35147 Win=65535 Len=0
63 [TCP segment of a reassembled PDU]
64 fc-faultnotify > https [ACK] Seq=3582 Ack=36599 Win=65535 Len=0
65 [TCP segment of a reassembled PDU]
66 [TCP segment of a reassembled PDU]
67 fc-faultnotify > https [ACK] Seq=3582 Ack=39503 Win=65535 Len=0
68 [TCP segment of a reassembled PDU]
69 fc-faultnotify > https [ACK] Seq=3582 Ack=40955 Win=65535 Len=0
70 [TCP segment of a reassembled PDU]
71 https > vrts-at-port [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=
1452 SACK_PERM=1
72 vrts-at-port > https [ACK] Seq=1 Ack=1 Win=65535 Len=0
73 Client Hello
74 [TCP segment of a reassembled PDU]
75 fc-faultnotify > https [ACK] Seq=3582 Ack=43859 Win=65535 Len=0
76 Application Data
77 fc-faultnotify > https [ACK] Seq=3582 Ack=45311 Win=65535 Len=0
78 [TCP segment of a reassembled PDU]
79 [TCP segment of a reassembled PDU]
80 fc-faultnotify > https [ACK] Seq=3582 Ack=48215 Win=65535 Len=0
81 [TCP segment of a reassembled PDU]
82 fc-faultnotify > https [ACK] Seq=3582 Ack=49667 Win=65535 Len=0
83 [TCP segment of a reassembled PDU]
84 [TCP segment of a reassembled PDU]
85 fc-faultnotify > https [ACK] Seq=3582 Ack=52571 Win=65535 Len=0
86 [TCP segment of a reassembled PDU]
87 fc-faultnotify > https [ACK] Seq=3582 Ack=54023 Win=65535 Len=0
88 [TCP segment of a reassembled PDU]
89 [TCP segment of a reassembled PDU]
90 fc-faultnotify > https [ACK] Seq=3582 Ack=56927 Win=65535 Len=0
91 [TCP segment of a reassembled PDU]
92 fc-faultnotify > https [ACK] Seq=3582 Ack=58379 Win=65535 Len=0
93 [TCP segment of a reassembled PDU]
94 Application Data
95 fc-faultnotify > https [ACK] Seq=3582 Ack=61283 Win=65535 Len=0
96 [TCP segment of a reassembled PDU]
97 fc-faultnotify > https [ACK] Seq=3582 Ack=62735 Win=65535 Len=0
98 https > vrts-at-port [ACK] Seq=1 Ack=181 Win=15544 Len=0
99 Server Hello, Change Cipher Spec, Encrypted Handshake Message
100 Change Cipher Spec, Encrypted Handshake Message, Application Data
101 [TCP segment of a reassembled PDU]
102 [TCP segment of a reassembled PDU]
103 fc-faultnotify > https [ACK] Seq=3582 Ack=65639 Win=65535 Len=0
104 [TCP segment of a reassembled PDU]
105 fc-faultnotify > https [ACK] Seq=3582 Ack=67091 Win=65535 Len=0
106 [TCP segment of a reassembled PDU]
107 [TCP segment of a reassembled PDU]
108 fc-faultnotify > https [ACK] Seq=3582 Ack=69995 Win=65535 Len=0
109 [TCP segment of a reassembled PDU]
110 fc-faultnotify > https [ACK] Seq=3582 Ack=71447 Win=65535 Len=0
111 [TCP segment of a reassembled PDU]
112 [TCP segment of a reassembled PDU]
113 fc-faultnotify > https [ACK] Seq=3582 Ack=74351 Win=65535 Len=0
114 [TCP segment of a reassembled PDU]
115 fc-faultnotify > https [ACK] Seq=3582 Ack=75803 Win=65535 Len=0
116 Application Data
117 [TCP segment of a reassembled PDU]
118 fc-faultnotify > https [ACK] Seq=3582 Ack=78707 Win=65535 Len=0
119 [TCP segment of a reassembled PDU]
120 fc-faultnotify > https [ACK] Seq=3582 Ack=80159 Win=65535 Len=0
121 [TCP segment of a reassembled PDU]
122 [TCP segment of a reassembled PDU]
123 fc-faultnotify > https [ACK] Seq=3582 Ack=83063 Win=65535 Len=0
124 [TCP segment of a reassembled PDU]
125 fc-faultnotify > https [ACK] Seq=3582 Ack=84515 Win=65535 Len=0
126 [TCP segment of a reassembled PDU]
127 [TCP segment of a reassembled PDU]
128 fc-faultnotify > https [ACK] Seq=3582 Ack=87419 Win=65535 Len=0
129 [TCP segment of a reassembled PDU]
130 fc-faultnotify > https [ACK] Seq=3582 Ack=88871 Win=65535 Len=0
131 Application Data
132 [TCP segment of a reassembled PDU]
133 [TCP segment of a reassembled PDU]
134 vrts-at-port > https [ACK] Seq=709 Ack=3043 Win=65535 Len=0
135 [TCP segment of a reassembled PDU]
136 vrts-at-port > https [ACK] Seq=709 Ack=4495 Win=65535 Len=0
137 [TCP segment of a reassembled PDU]
138 [TCP segment of a reassembled PDU]
139 vrts-at-port > https [ACK] Seq=709 Ack=7399 Win=65535 Len=0
140 [TCP segment of a reassembled PDU]
141 vrts-at-port > https [ACK] Seq=709 Ack=8851 Win=65535 Len=0
142 [TCP segment of a reassembled PDU]
143 [TCP segment of a reassembled PDU]
144 vrts-at-port > https [ACK] Seq=709 Ack=11755 Win=65535 Len=0
145 [TCP segment of a reassembled PDU]
146 vrts-at-port > https [ACK] Seq=709 Ack=13207 Win=65535 Len=0
147 Application Data
148 vrts-at-port > https [ACK] Seq=709 Ack=13984 Win=64758 Len=0
149 fc-faultnotify > https [ACK] Seq=3582 Ack=88883 Win=65523 Len=0
150 Encrypted Alert
151 vrts-at-port > https [FIN, ACK] Seq=746 Ack=13984 Win=64758 Len=0
152 Encrypted Alert
153 fc-faultnotify > https [FIN, ACK] Seq=3619 Ack=88883 Win=65523
Len=0
154 https > vrts-at-port [FIN, ACK] Seq=13984 Ack=747 Win=16616 Len=0
155 vrts-at-port > https [ACK] Seq=747 Ack=13985 Win=64758 Len=0
156 https > fc-faultnotify [FIN, ACK] Seq=88883 Ack=3620 Win=24120
Len=0
157 fc-faultnotify > https [ACK] Seq=3620 Ack=88884 Win=65523 Len=0
158 Standard query 0x5952 A safebrowsing.google.com
159 Standard query 0x6a02 A safebrowsing.google.com
160 Standard query response 0x5952 CNAME sb.l.google.com A
74.125.224.133 A 74.125.224.132 A 74.125.224.137 A 74.125.224.128 A
74.125.224.130 A 74.125.224.131 A 74.125.224.136 A 74.125.224.142 A
74.125.224.129 A 74.125.224.134 A 74.125.224.135
161 Standard query response 0x6a02 CNAME sb.l.google.com A
74.125.224.137 A 74.125.224.128 A 74.125.224.130 A 74.125.224.131 A
74.125.224.136 A 74.125.224.142 A 74.125.224.129 A 74.125.224.134 A
74.125.224.135 A 74.125.224.133 A 74.125.224.132
162 slc-systemlog > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
163 https > slc-systemlog [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=
1430 SACK_PERM=1
164 slc-systemlog > https [ACK] Seq=1 Ack=1 Win=65535 Len=0
165 Client Hello
166 https > slc-systemlog [ACK] Seq=1 Ack=191 Win=43952 Len=0
167 Server Hello
168 [TCP segment of a reassembled PDU]
169 slc-systemlog > https [ACK] Seq=191 Ack=2861 Win=65535 Len=0
170 Certificate
171 slc-systemlog > https [ACK] Seq=191 Ack=3945 Win=64451 Len=0
172 Standard query 0xb9b9 A clients1.google.com
173 Standard query response 0xb9b9 CNAME clients.l.google.com A
74.125.224.128 A 74.125.224.133 A 74.125.224.135 A 74.125.224.132 A
74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A
74.125.224.136 A 74.125.224.131 A 74.125.224.142
174 Client Key Exchange, Change Cipher Spec, Hello Request, Hello
Request
175 Standard query 0x0f21 A clients1.google.com
176 Standard query response 0x0f21 CNAME clients.l.google.com A
74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A
74.125.224.136 A 74.125.224.131 A 74.125.224.142 A 74.125.224.128 A
74.125.224.133 A 74.125.224.135 A 74.125.224.132
177 silkp2 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
178 New Session Ticket, Change Cipher Spec, Hello Request, Hello
Request
179 Application Data
180 slc-systemlog > https [ACK] Seq=353 Ack=4248 Win=64148 Len=0
181 Application Data
182 http > silkp2 [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430
SACK_PERM=1
183 silkp2 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0
184 Request
185 http > silkp2 [ACK] Seq=1 Ack=435 Win=43952 Len=0
186 slc-systemlog > https [ACK] Seq=353 Ack=4293 Win=65535 Len=0
187 Response
188 silkp2 > http [ACK] Seq=435 Ack=783 Win=64753 Len=0
189 Application Data
190 https > slc-systemlog [ACK] Seq=4293 Ack=418 Win=45024 Len=0
191 Application Data, Application Data
192 https > slc-systemlog [ACK] Seq=4293 Ack=1362 Win=46256 Len=0
193 Application Data
194 Application Data, Application Data
195 slc-systemlog > https [ACK] Seq=1362 Ack=5065 Win=64763 Len=0
196 Application Data
197 Standard query 0x7fb6 A safebrowsing-cache.google.com
198 https > slc-systemlog [ACK] Seq=5065 Ack=1403 Win=46256 Len=0
199 Standard query 0x2f49 A safebrowsing-cache.google.com
200 Standard query response 0x7fb6 CNAME
safebrowsing.cache.l.google.com A 74.125.224.131 A 74.125.224.129 A
74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A
74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A
74.125.224.136
201 Standard query response 0x2f49 CNAME
safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A
74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A
74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A
74.125.224.131
202 evtp > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
203 https > evtp [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430
SACK_PERM=1
204 evtp > https [ACK] Seq=1 Ack=1 Win=65535 Len=0
205 Client Hello
206 https > evtp [ACK] Seq=1 Ack=518 Win=43952 Len=0
207 Server Hello, Change Cipher Spec, Hello Request, Hello Request
208 Change Cipher Spec, Hello Request, Hello Request, Application
Data, Application Data
209 Application Data
210 Application Data
211 evtp > https [ACK] Seq=1287 Ack=284 Win=65252 Len=0
212 Application Data
213 Application Data, Application Data
214 evtp > https [ACK] Seq=1287 Ack=770 Win=64766 Len=0
215 Application Data
216 Standard query 0xbde9 A safebrowsing-cache.google.com
217 Standard query response 0xbde9 CNAME
safebrowsing.cache.l.google.com A 74.125.224.134 A 74.125.224.136 A
74.125.224.131 A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A
74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A
74.125.224.133
218 https > evtp [ACK] Seq=770 Ack=1328 Win=45371 Len=0
219 Application Data
220 https > evtp [ACK] Seq=770 Ack=1955 Win=46909 Len=0
221 Application Data
222 Application Data
223 evtp > https [ACK] Seq=1955 Ack=2272 Win=65535 Len=0
224 Application Data
225 Application Data
226 evtp > https [ACK] Seq=1955 Ack=2404 Win=65403 Len=0
227 Application Data
228 Standard query 0xaab3 A safebrowsing-cache.google.com
229 Standard query response 0xaab3 CNAME
safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A
74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A
74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A
74.125.224.131
230 https > evtp [ACK] Seq=2404 Ack=1996 Win=46909 Len=0
231 Application Data
232 https > evtp [ACK] Seq=2404 Ack=2620 Win=48447 Len=0
233 Application Data
234 Application Data
235 evtp > https [ACK] Seq=2620 Ack=3904 Win=65535 Len=0
236 Application Data
237 Application Data
238 evtp > https [ACK] Seq=2620 Ack=5993 Win=65535 Len=0
239 Application Data
240 Application Data
241 https > evtp [ACK] Seq=6034 Ack=2661 Win=48447 Len=0
242 j-lan-p > nntp [FIN, ACK] Seq=1 Ack=1 Win=65448 Len=0
243 nntp > j-lan-p [ACK] Seq=1 Ack=2 Win=65499 Len=0
244 nntp > j-lan-p [FIN, ACK] Seq=1 Ack=2 Win=65499 Len=0
245 j-lan-p > nntp [ACK] Seq=2 Ack=2 Win=65448 Len=0
246 netsteward > nntp [FIN, ACK] Seq=1 Ack=1 Win=65450 Len=0
247 nntp > netsteward [ACK] Seq=1 Ack=2 Win=65503 Len=0
248 nntp > netsteward [FIN, ACK] Seq=1 Ack=2 Win=65503 Len=0
249 netsteward > nntp [ACK] Seq=2 Ack=2 Win=65450 Len=0

Any better? Or is there something I should have left in the scan? IIRC,
this is just Optimax set to port 119.

More news this morning. On the emachine, the SFF news server using 1119
port continues to work. So I emailed Individual net and they told me to
try 8119 port, among others. Tried it and Individual worked perfectly!
(Optimax still no go with 119.) Restarted Xnews multiple times. No
problems. Then left and returned a few hours later. Restarted Xnews, now
Individual doesn't work again! Checked and still set to 8119.

This is really weird. An ISP (CenturyLink) problem? Emachine problem? I'm
thoroughly snowed, especially with the changing symptoms. Everytime I
think I have it fixed the problem returns!

<sigh>

Ken

 

[Paul]

The Thunderbird trace should be easier to read, as it's going
to be working with just one server at a time, And it doesn't run
its own server, use an external program for SSL, and so on. The
trace should be easier to read (in theory).

OK. Here's the T-bird trace I made a couple of days ago.

1 http > media-agent [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
2 http > piccolo [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
3 Standard query 0x605d A www.mozilla.org
4 Standard query response 0x605d CNAME mozorg.dynect.mozilla.net A
63.245.215.20
5 fc-faultnotify > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
6 https > fc-faultnotify [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0
MSS=1452 SACK_PERM=1
7 fc-faultnotify > https [ACK] Seq=1 Ack=1 Win=65535 Len=0
8 Client Hello
9 https > fc-faultnotify [ACK] Seq=1 Ack=149 Win=15544 Len=0
10 Server Hello
11 [TCP segment of a reassembled PDU]
12 fc-faultnotify > https [ACK] Seq=149 Ack=2905 Win=65535 Len=0
13 Certificate
14 fc-faultnotify > https [ACK] Seq=149 Ack=3894 Win=64546 Len=0
15 Client Key Exchange, Change Cipher Spec, Encrypted Handshake
Message
16 Change Cipher Spec, Encrypted Handshake Message
17 Application Data
18 Application Data
19 Application Data
20 [TCP segment of a reassembled PDU]
21 Application Data
22 fc-faultnotify > https [ACK] Seq=1301 Ack=7435 Win=65535 Len=0
23 Application Data
24 [TCP segment of a reassembled PDU]
25 [TCP segment of a reassembled PDU]
26 fc-faultnotify > https [ACK] Seq=1754 Ack=10339 Win=65535 Len=0
27 Application Data
28 Application Data
29 [TCP segment of a reassembled PDU]
30 [TCP segment of a reassembled PDU]
31 fc-faultnotify > https [ACK] Seq=2207 Ack=13368 Win=65535 Len=0
32 [TCP segment of a reassembled PDU]
33 fc-faultnotify > https [ACK] Seq=2207 Ack=14820 Win=65535 Len=0
34 Application Data
35 Application Data
36 [TCP segment of a reassembled PDU]
37 [TCP segment of a reassembled PDU]
38 fc-faultnotify > https [ACK] Seq=2660 Ack=18445 Win=65535 Len=0
39 [TCP segment of a reassembled PDU]
40 fc-faultnotify > https [ACK] Seq=2660 Ack=19897 Win=65535 Len=0
41 Application Data
42 fc-faultnotify > https [ACK] Seq=2660 Ack=20378 Win=65054 Len=0
43 Application Data
44 [TCP segment of a reassembled PDU]
45 [TCP segment of a reassembled PDU]
46 fc-faultnotify > https [ACK] Seq=3129 Ack=23282 Win=65535 Len=0
47 [TCP segment of a reassembled PDU]
48 fc-faultnotify > https [ACK] Seq=3129 Ack=24734 Win=65535 Len=0
49 [TCP segment of a reassembled PDU]
50 [TCP segment of a reassembled PDU]
51 fc-faultnotify > https [ACK] Seq=3129 Ack=27638 Win=65535 Len=0
52 Application Data
53 Application Data
54 vrts-at-port > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
55 [TCP segment of a reassembled PDU]
56 [TCP segment of a reassembled PDU]
57 fc-faultnotify > https [ACK] Seq=3582 Ack=30791 Win=65535 Len=0
58 [TCP segment of a reassembled PDU]
59 fc-faultnotify > https [ACK] Seq=3582 Ack=32243 Win=65535 Len=0
60 [TCP segment of a reassembled PDU]
61 [TCP segment of a reassembled PDU]
62 fc-faultnotify > https [ACK] Seq=3582 Ack=35147 Win=65535 Len=0
63 [TCP segment of a reassembled PDU]
64 fc-faultnotify > https [ACK] Seq=3582 Ack=36599 Win=65535 Len=0
65 [TCP segment of a reassembled PDU]
66 [TCP segment of a reassembled PDU]
67 fc-faultnotify > https [ACK] Seq=3582 Ack=39503 Win=65535 Len=0
68 [TCP segment of a reassembled PDU]
69 fc-faultnotify > https [ACK] Seq=3582 Ack=40955 Win=65535 Len=0
70 [TCP segment of a reassembled PDU]
71 https > vrts-at-port [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=
1452 SACK_PERM=1
72 vrts-at-port > https [ACK] Seq=1 Ack=1 Win=65535 Len=0
73 Client Hello
74 [TCP segment of a reassembled PDU]
75 fc-faultnotify > https [ACK] Seq=3582 Ack=43859 Win=65535 Len=0
76 Application Data
77 fc-faultnotify > https [ACK] Seq=3582 Ack=45311 Win=65535 Len=0
78 [TCP segment of a reassembled PDU]
79 [TCP segment of a reassembled PDU]
80 fc-faultnotify > https [ACK] Seq=3582 Ack=48215 Win=65535 Len=0
81 [TCP segment of a reassembled PDU]
82 fc-faultnotify > https [ACK] Seq=3582 Ack=49667 Win=65535 Len=0
83 [TCP segment of a reassembled PDU]
84 [TCP segment of a reassembled PDU]
85 fc-faultnotify > https [ACK] Seq=3582 Ack=52571 Win=65535 Len=0
86 [TCP segment of a reassembled PDU]
87 fc-faultnotify > https [ACK] Seq=3582 Ack=54023 Win=65535 Len=0
88 [TCP segment of a reassembled PDU]
89 [TCP segment of a reassembled PDU]
90 fc-faultnotify > https [ACK] Seq=3582 Ack=56927 Win=65535 Len=0
91 [TCP segment of a reassembled PDU]
92 fc-faultnotify > https [ACK] Seq=3582 Ack=58379 Win=65535 Len=0
93 [TCP segment of a reassembled PDU]
94 Application Data
95 fc-faultnotify > https [ACK] Seq=3582 Ack=61283 Win=65535 Len=0
96 [TCP segment of a reassembled PDU]
97 fc-faultnotify > https [ACK] Seq=3582 Ack=62735 Win=65535 Len=0
98 https > vrts-at-port [ACK] Seq=1 Ack=181 Win=15544 Len=0
99 Server Hello, Change Cipher Spec, Encrypted Handshake Message
100 Change Cipher Spec, Encrypted Handshake Message, Application Data
101 [TCP segment of a reassembled PDU]
102 [TCP segment of a reassembled PDU]
103 fc-faultnotify > https [ACK] Seq=3582 Ack=65639 Win=65535 Len=0
104 [TCP segment of a reassembled PDU]
105 fc-faultnotify > https [ACK] Seq=3582 Ack=67091 Win=65535 Len=0
106 [TCP segment of a reassembled PDU]
107 [TCP segment of a reassembled PDU]
108 fc-faultnotify > https [ACK] Seq=3582 Ack=69995 Win=65535 Len=0
109 [TCP segment of a reassembled PDU]
110 fc-faultnotify > https [ACK] Seq=3582 Ack=71447 Win=65535 Len=0
111 [TCP segment of a reassembled PDU]
112 [TCP segment of a reassembled PDU]
113 fc-faultnotify > https [ACK] Seq=3582 Ack=74351 Win=65535 Len=0
114 [TCP segment of a reassembled PDU]
115 fc-faultnotify > https [ACK] Seq=3582 Ack=75803 Win=65535 Len=0
116 Application Data
117 [TCP segment of a reassembled PDU]
118 fc-faultnotify > https [ACK] Seq=3582 Ack=78707 Win=65535 Len=0
119 [TCP segment of a reassembled PDU]
120 fc-faultnotify > https [ACK] Seq=3582 Ack=80159 Win=65535 Len=0
121 [TCP segment of a reassembled PDU]
122 [TCP segment of a reassembled PDU]
123 fc-faultnotify > https [ACK] Seq=3582 Ack=83063 Win=65535 Len=0
124 [TCP segment of a reassembled PDU]
125 fc-faultnotify > https [ACK] Seq=3582 Ack=84515 Win=65535 Len=0
126 [TCP segment of a reassembled PDU]
127 [TCP segment of a reassembled PDU]
128 fc-faultnotify > https [ACK] Seq=3582 Ack=87419 Win=65535 Len=0
129 [TCP segment of a reassembled PDU]
130 fc-faultnotify > https [ACK] Seq=3582 Ack=88871 Win=65535 Len=0
131 Application Data
132 [TCP segment of a reassembled PDU]
133 [TCP segment of a reassembled PDU]
134 vrts-at-port > https [ACK] Seq=709 Ack=3043 Win=65535 Len=0
135 [TCP segment of a reassembled PDU]
136 vrts-at-port > https [ACK] Seq=709 Ack=4495 Win=65535 Len=0
137 [TCP segment of a reassembled PDU]
138 [TCP segment of a reassembled PDU]
139 vrts-at-port > https [ACK] Seq=709 Ack=7399 Win=65535 Len=0
140 [TCP segment of a reassembled PDU]
141 vrts-at-port > https [ACK] Seq=709 Ack=8851 Win=65535 Len=0
142 [TCP segment of a reassembled PDU]
143 [TCP segment of a reassembled PDU]
144 vrts-at-port > https [ACK] Seq=709 Ack=11755 Win=65535 Len=0
145 [TCP segment of a reassembled PDU]
146 vrts-at-port > https [ACK] Seq=709 Ack=13207 Win=65535 Len=0
147 Application Data
148 vrts-at-port > https [ACK] Seq=709 Ack=13984 Win=64758 Len=0
149 fc-faultnotify > https [ACK] Seq=3582 Ack=88883 Win=65523 Len=0
150 Encrypted Alert
151 vrts-at-port > https [FIN, ACK] Seq=746 Ack=13984 Win=64758 Len=0
152 Encrypted Alert
153 fc-faultnotify > https [FIN, ACK] Seq=3619 Ack=88883 Win=65523
Len=0
154 https > vrts-at-port [FIN, ACK] Seq=13984 Ack=747 Win=16616 Len=0
155 vrts-at-port > https [ACK] Seq=747 Ack=13985 Win=64758 Len=0
156 https > fc-faultnotify [FIN, ACK] Seq=88883 Ack=3620 Win=24120
Len=0
157 fc-faultnotify > https [ACK] Seq=3620 Ack=88884 Win=65523 Len=0
158 Standard query 0x5952 A safebrowsing.google.com
159 Standard query 0x6a02 A safebrowsing.google.com
160 Standard query response 0x5952 CNAME sb.l.google.com A
74.125.224.133 A 74.125.224.132 A 74.125.224.137 A 74.125.224.128 A
74.125.224.130 A 74.125.224.131 A 74.125.224.136 A 74.125.224.142 A
74.125.224.129 A 74.125.224.134 A 74.125.224.135
161 Standard query response 0x6a02 CNAME sb.l.google.com A
74.125.224.137 A 74.125.224.128 A 74.125.224.130 A 74.125.224.131 A
74.125.224.136 A 74.125.224.142 A 74.125.224.129 A 74.125.224.134 A
74.125.224.135 A 74.125.224.133 A 74.125.224.132
162 slc-systemlog > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1
163 https > slc-systemlog [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=
1430 SACK_PERM=1
164 slc-systemlog > https [ACK] Seq=1 Ack=1 Win=65535 Len=0
165 Client Hello
166 https > slc-systemlog [ACK] Seq=1 Ack=191 Win=43952 Len=0
167 Server Hello
168 [TCP segment of a reassembled PDU]
169 slc-systemlog > https [ACK] Seq=191 Ack=2861 Win=65535 Len=0
170 Certificate
171 slc-systemlog > https [ACK] Seq=191 Ack=3945 Win=64451 Len=0
172 Standard query 0xb9b9 A clients1.google.com
173 Standard query response 0xb9b9 CNAME clients.l.google.com A
74.125.224.128 A 74.125.224.133 A 74.125.224.135 A 74.125.224.132 A
74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A
74.125.224.136 A 74.125.224.131 A 74.125.224.142
174 Client Key Exchange, Change Cipher Spec, Hello Request, Hello
Request
175 Standard query 0x0f21 A clients1.google.com
176 Standard query response 0x0f21 CNAME clients.l.google.com A
74.125.224.137 A 74.125.224.129 A 74.125.224.130 A 74.125.224.134 A
74.125.224.136 A 74.125.224.131 A 74.125.224.142 A 74.125.224.128 A
74.125.224.133 A 74.125.224.135 A 74.125.224.132
177 silkp2 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
178 New Session Ticket, Change Cipher Spec, Hello Request, Hello
Request
179 Application Data
180 slc-systemlog > https [ACK] Seq=353 Ack=4248 Win=64148 Len=0
181 Application Data
182 http > silkp2 [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430
SACK_PERM=1
183 silkp2 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0
184 Request
185 http > silkp2 [ACK] Seq=1 Ack=435 Win=43952 Len=0
186 slc-systemlog > https [ACK] Seq=353 Ack=4293 Win=65535 Len=0
187 Response
188 silkp2 > http [ACK] Seq=435 Ack=783 Win=64753 Len=0
189 Application Data
190 https > slc-systemlog [ACK] Seq=4293 Ack=418 Win=45024 Len=0
191 Application Data, Application Data
192 https > slc-systemlog [ACK] Seq=4293 Ack=1362 Win=46256 Len=0
193 Application Data
194 Application Data, Application Data
195 slc-systemlog > https [ACK] Seq=1362 Ack=5065 Win=64763 Len=0
196 Application Data
197 Standard query 0x7fb6 A safebrowsing-cache.google.com
198 https > slc-systemlog [ACK] Seq=5065 Ack=1403 Win=46256 Len=0
199 Standard query 0x2f49 A safebrowsing-cache.google.com
200 Standard query response 0x7fb6 CNAME
safebrowsing.cache.l.google.com A 74.125.224.131 A 74.125.224.129 A
74.125.224.128 A 74.125.224.135 A 74.125.224.132 A 74.125.224.137 A
74.125.224.142 A 74.125.224.130 A 74.125.224.133 A 74.125.224.134 A
74.125.224.136
201 Standard query response 0x2f49 CNAME
safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A
74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A
74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A
74.125.224.131
202 evtp > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1
203 https > evtp [SYN, ACK] Seq=0 Ack=1 Win=42900 Len=0 MSS=1430
SACK_PERM=1
204 evtp > https [ACK] Seq=1 Ack=1 Win=65535 Len=0
205 Client Hello
206 https > evtp [ACK] Seq=1 Ack=518 Win=43952 Len=0
207 Server Hello, Change Cipher Spec, Hello Request, Hello Request
208 Change Cipher Spec, Hello Request, Hello Request, Application
Data, Application Data
209 Application Data
210 Application Data
211 evtp > https [ACK] Seq=1287 Ack=284 Win=65252 Len=0
212 Application Data
213 Application Data, Application Data
214 evtp > https [ACK] Seq=1287 Ack=770 Win=64766 Len=0
215 Application Data
216 Standard query 0xbde9 A safebrowsing-cache.google.com
217 Standard query response 0xbde9 CNAME
safebrowsing.cache.l.google.com A 74.125.224.134 A 74.125.224.136 A
74.125.224.131 A 74.125.224.129 A 74.125.224.128 A 74.125.224.135 A
74.125.224.132 A 74.125.224.137 A 74.125.224.142 A 74.125.224.130 A
74.125.224.133
218 https > evtp [ACK] Seq=770 Ack=1328 Win=45371 Len=0
219 Application Data
220 https > evtp [ACK] Seq=770 Ack=1955 Win=46909 Len=0
221 Application Data
222 Application Data
223 evtp > https [ACK] Seq=1955 Ack=2272 Win=65535 Len=0
224 Application Data
225 Application Data
226 evtp > https [ACK] Seq=1955 Ack=2404 Win=65403 Len=0
227 Application Data
228 Standard query 0xaab3 A safebrowsing-cache.google.com
229 Standard query response 0xaab3 CNAME
safebrowsing.cache.l.google.com A 74.125.224.129 A 74.125.224.128 A
74.125.224.135 A 74.125.224.132 A 74.125.224.137 A 74.125.224.142 A
74.125.224.130 A 74.125.224.133 A 74.125.224.134 A 74.125.224.136 A
74.125.224.131
230 https > evtp [ACK] Seq=2404 Ack=1996 Win=46909 Len=0
231 Application Data
232 https > evtp [ACK] Seq=2404 Ack=2620 Win=48447 Len=0
233 Application Data
234 Application Data
235 evtp > https [ACK] Seq=2620 Ack=3904 Win=65535 Len=0
236 Application Data
237 Application Data
238 evtp > https [ACK] Seq=2620 Ack=5993 Win=65535 Len=0
239 Application Data
240 Application Data
241 https > evtp [ACK] Seq=6034 Ack=2661 Win=48447 Len=0
242 j-lan-p > nntp [FIN, ACK] Seq=1 Ack=1 Win=65448 Len=0
243 nntp > j-lan-p [ACK] Seq=1 Ack=2 Win=65499 Len=0
244 nntp > j-lan-p [FIN, ACK] Seq=1 Ack=2 Win=65499 Len=0
245 j-lan-p > nntp [ACK] Seq=2 Ack=2 Win=65448 Len=0
246 netsteward > nntp [FIN, ACK] Seq=1 Ack=1 Win=65450 Len=0
247 nntp > netsteward [ACK] Seq=1 Ack=2 Win=65503 Len=0
248 nntp > netsteward [FIN, ACK] Seq=1 Ack=2 Win=65503 Len=0
249 netsteward > nntp [ACK] Seq=2 Ack=2 Win=65450 Len=0

Any better? Or is there something I should have left in the scan? IIRC,
this is just Optimax set to port 119.

More news this morning. On the emachine, the SFF news server using 1119
port continues to work. So I emailed Individual net and they told me to
try 8119 port, among others. Tried it and Individual worked perfectly!
(Optimax still no go with 119.) Restarted Xnews multiple times. No
problems. Then left and returned a few hours later. Restarted Xnews, now
Individual doesn't work again! Checked and still set to 8119.

This is really weird. An ISP (CenturyLink) problem? Emachine problem? I'm
thoroughly snowed, especially with the changing symptoms. Everytime I
think I have it fixed the problem returns!

<sigh>

Ken

Your trace above doesn't have enough "NNTP" entries to constitute
a trace of an NNTP session. You should at least be seeing a line
with "nntp", a reference to the outgoing port you've selected
for the session (119). And if we're lucky, a "200" welcome response
from each news server contacted.

You need to turn on more details. IP addresses and so on. Even your
first trace was doing a better job.

If you have a long trace, with full details, copy and paste it into
a pastebin.com window. The pastebin.com window should return a URL,
which you can post here. Just post the URL, and any comments you
might have.

Paul

 

[KenK]

Your trace above doesn't have enough "NNTP" entries to constitute
a trace of an NNTP session. You should at least be seeing a line
with "nntp", a reference to the outgoing port you've selected
for the session (119). And if we're lucky, a "200" welcome response
from each news server contacted.

You need to turn on more details. IP addresses and so on. Even your
first trace was doing a better job.

If you have a long trace, with full details, copy and paste it into
a pastebin.com window. The pastebin.com window should return a URL,
which you can post here. Just post the URL, and any comments you
might have.

Paul

OK. Made another trace printing with

Packet Summary line
Packet details
All expanded

It's ~650K Too long to post here. Undecipherable to my feeble mind.

First of all, is this what you wanted or so I have to set something else
somewhere in Wireshark?

This Pastebin.com looks VERY complicated. Can you think of another
alternative?

Lastest: Xnews seems to be working with Individual news pretty regularly
using port 8119. Optimax news with port 119 keeps timing out. I tried
using emachine, usually CenturyLink ISP and DSL, with Sitestar dial up
ISP. Still doesn't work with Optimax, though Individual is OK, which I
guess points to emachine problem. Must be a VERY strange problem. I
really don't want to buy a new computer to just read this one news
server.

Now what?

TIA

Ken

 

[Paul]

OK. Made another trace printing with

Packet Summary line
Packet details
All expanded

It's ~650K Too long to post here. Undecipherable to my feeble mind.

First of all, is this what you wanted or so I have to set something else
somewhere in Wireshark?

This Pastebin.com looks VERY complicated. Can you think of another
alternative?

Lastest: Xnews seems to be working with Individual news pretty regularly
using port 8119. Optimax news with port 119 keeps timing out. I tried
using emachine, usually CenturyLink ISP and DSL, with Sitestar dial up
ISP. Still doesn't work with Optimax, though Individual is OK, which I
guess points to emachine problem. Must be a VERY strange problem. I
really don't want to buy a new computer to just read this one news
server.

Now what?

TIA

Ken

Yes, pastebin is very complicated.

1) Go to the source window. In this case, it will be Notepad opening
the Wireshark file you saved.
2) Select all the text. Control-a does select all, or just select all
of it manually.
3) Press control-c to copy (or use "copy" from the edit menu).
4) Go to browser and pastebin.com window. Find the rectangular
area where the paste is to go. Click with the left mouse, to
select that rectangular area. Select "Paste" in your browser
menu or do control-v.
5) You need do to something so pastebin.com will recognize the
rectangle is as full as it is going to get. Scroll down a bit
and click the "Submit" button. Somewhere there, you're going
to get a URL specific to that page of pasted text. That URL
is what you want to copy into a new posting here.

HTH,
Paul

 

[KenK]

5) You need do to something so pastebin.com will recognize the
rectangle is as full as it is going to get. Scroll down a bit
and click the "Submit" button. Somewhere there, you're going
to get a URL specific to that page of pasted text. That URL
is what you want to copy into a new posting here.

Tried Pastebin again. Submitter this data twice but couldn't find a URL.
Therefore posting here. Hope this is better than last try. BTW, tried a
new version of Xnews - still didn't work. This Wireshark scan is
Thunderbird trying to get Optimax headers.

No.
1 Membership Query, general

Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: IPv4mcast_
00:00:01 (01:00:5e:00:00:01)
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst:
224.0.0.1 (224.0.0.1)
Internet Group Management Protocol

No.
2 Who has 192.168.0.1? Tell 192.168.0.2

Frame 2: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

No.
3 192.168.0.1 is at 10:5f:06:8f:86:00

Frame 3: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Address Resolution Protocol (reply)

No.
4 Standard query 0xd09d A news.optimax.com

Frame 4: 76 bytes on wire (608 bits), 76 bytes captured (608 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: itm-mccs (3084), Dst Port: domain (53)
Domain Name System (query)

No.
5 Standard query response 0xd09d A 98.100.194.170

Frame 5: 92 bytes on wire (736 bits), 92 bytes captured (736 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst:
192.168.0.2 (192.168.0.2)
User Datagram Protocol, Src Port: domain (53), Dst Port: itm-mccs (3084)
Domain Name System (response)

No.
6 jdl-dbkitchen > nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1

Frame 6: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: jdl-dbkitchen (3086), Dst Port:
nntp (119), Seq: 0, Len: 0

No.
7 nntp > jdl-dbkitchen [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=
1452 SACK_PERM=1

Frame 7: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: jdl-
dbkitchen (3086), Seq: 0, Ack: 1, Len: 0

No.
8 jdl-dbkitchen > nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 8: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: jdl-dbkitchen (3086), Dst Port:
nntp (119), Seq: 1, Ack: 1, Len: 0

No.
9 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24

Frame 9: 95 bytes on wire (760 bits), 95 bytes captured (760 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: jdl-
dbkitchen (3086), Seq: 1, Ack: 1, Len: 41
Network News Transfer Protocol

No.
10 Request: MODE READER

Frame 10: 67 bytes on wire (536 bits), 67 bytes captured (536 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: jdl-dbkitchen (3086), Dst Port:
nntp (119), Seq: 1, Ack: 42, Len: 13
Network News Transfer Protocol

No.
11 Response: 200 ignored

Frame 11: 67 bytes on wire (536 bits), 67 bytes captured (536 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: jdl-
dbkitchen (3086), Seq: 42, Ack: 14, Len: 13
Network News Transfer Protocol

No.
12 Request: GROUP sdforum.general

Frame 12: 77 bytes on wire (616 bits), 77 bytes captured (616 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: jdl-dbkitchen (3086), Dst Port:
nntp (119), Seq: 14, Ack: 55, Len: 23
Network News Transfer Protocol

No.
13 Response: 211 1966 3 1969 sdforum.general

Frame 13: 87 bytes on wire (696 bits), 87 bytes captured (696 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: jdl-
dbkitchen (3086), Seq: 55, Ack: 37, Len: 33
Network News Transfer Protocol

No.
14 jdl-dbkitchen > nntp [ACK] Seq=37 Ack=88 Win=65448 Len=0

Frame 14: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: jdl-dbkitchen (3086), Dst Port:
nntp (119), Seq: 37, Ack: 88, Len: 0

No.
15 xdtp > nntp [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

Frame 15: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: xdtp (3088), Dst Port: nntp
(119), Seq: 0, Len: 0

No.
16 nntp > xdtp [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1452
SACK_PERM=1

Frame 16: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: xdtp
(3088), Seq: 0, Ack: 1, Len: 0

No.
17 xdtp > nntp [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 17: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: xdtp (3088), Dst Port: nntp
(119), Seq: 1, Ack: 1, Len: 0

No.
18 Response: 200 Optimax-NNTP, Optimax-Hamster V1.24

Frame 18: 95 bytes on wire (760 bits), 95 bytes captured (760 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: xdtp
(3088), Seq: 1, Ack: 1, Len: 41
Network News Transfer Protocol

No.
19 Request: MODE READER

Frame 19: 67 bytes on wire (536 bits), 67 bytes captured (536 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: xdtp (3088), Dst Port: nntp
(119), Seq: 1, Ack: 42, Len: 13
Network News Transfer Protocol

No.
20 Response: 200 ignored

Frame 20: 67 bytes on wire (536 bits), 67 bytes captured (536 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: xdtp
(3088), Seq: 42, Ack: 14, Len: 13
Network News Transfer Protocol

No.
21 Request: GROUP sdforum.pub

Frame 21: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: xdtp (3088), Dst Port: nntp
(119), Seq: 14, Ack: 55, Len: 19
Network News Transfer Protocol

No.
22 Response: 211 49723 1 49746 sdforum.pub

Frame 22: 85 bytes on wire (680 bits), 85 bytes captured (680 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: xdtp
(3088), Seq: 55, Ack: 33, Len: 31
Network News Transfer Protocol

No.
23 xdtp > nntp [ACK] Seq=33 Ack=86 Win=65450 Len=0

Frame 23: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: xdtp (3088), Dst Port: nntp
(119), Seq: 33, Ack: 86, Len: 0

No.
24 Membership Report / Join group 239.255.255.250 for any sources

Frame 24: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: IPv4mcast_
00:00:16 (01:00:5e:00:00:16)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
224.0.0.22 (224.0.0.22)
Internet Group Management Protocol

No.
25 Who has 192.168.0.2? Tell 192.168.0.1

Frame 25: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Address Resolution Protocol (request)

No.
26 192.168.0.2 is at 00:11:11:5a:b1:0c

Frame 26: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Address Resolution Protocol (reply)

No.
27 rdrmshc > bnetgame [PSH, ACK] Seq=1 Ack=1 Win=65127 Len=32

Frame 27: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
71.252.193.52 (71.252.193.52)
Transmission Control Protocol, Src Port: rdrmshc (1075), Dst Port:
bnetgame (1119), Seq: 1, Ack: 1, Len: 32
Data (32 bytes)

0000 47 52 4f 55 50 20 73 66 66 2e 70 65 6f 70 6c 65 GROUP sff.people
0010 2e 74 65 72 72 79 2d 6d 63 67 61 72 72 79 0d 0a .terry-mcgarry..

No.
28 bnetgame > rdrmshc [PSH, ACK] Seq=1 Ack=33 Win=64465 Len=52

Frame 28: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 71.252.193.52 (71.252.193.52), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: bnetgame (1119), Dst Port:
rdrmshc (1075), Seq: 1, Ack: 33, Len: 52
Data (52 bytes)

0000 32 31 31 20 37 31 20 35 32 36 38 20 35 33 34 30 211 71 5268 5340
0010 20 73 66 66 2e 70 65 6f 70 6c 65 2e 74 65 72 72 sff.people.terr
0020 79 2d 6d 63 67 61 72 72 79 20 73 65 6c 65 63 74 y-mcgarry select
0030 65 64 0d 0a ed..

No.
29 rdrmshc > bnetgame [PSH, ACK] Seq=33 Ack=53 Win=65075 Len=26

Frame 29: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
71.252.193.52 (71.252.193.52)
Transmission Control Protocol, Src Port: rdrmshc (1075), Dst Port:
bnetgame (1119), Seq: 33, Ack: 53, Len: 26
Data (26 bytes)

0000 47 52 4f 55 50 20 73 66 66 2e 61 64 6d 69 6e 2e GROUP sff.admin.
0010 61 6e 6e 6f 75 6e 63 65 0d 0a announce..

No.
30 bnetgame > rdrmshc [PSH, ACK] Seq=53 Ack=59 Win=64439 Len=44

Frame 30: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 71.252.193.52 (71.252.193.52), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: bnetgame (1119), Dst Port:
rdrmshc (1075), Seq: 53, Ack: 59, Len: 44
Data (44 bytes)

0000 32 31 31 20 35 33 34 20 35 33 20 38 38 33 20 73 211 534 53 883 s
0010 66 66 2e 61 64 6d 69 6e 2e 61 6e 6e 6f 75 6e 63 ff.admin.announc
0020 65 20 73 65 6c 65 63 74 65 64 0d 0a e selected..

No.
31 rdrmshc > bnetgame [PSH, ACK] Seq=59 Ack=97 Win=65031 Len=31

Frame 31: 85 bytes on wire (680 bits), 85 bytes captured (680 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
71.252.193.52 (71.252.193.52)
Transmission Control Protocol, Src Port: rdrmshc (1075), Dst Port:
bnetgame (1119), Seq: 59, Ack: 97, Len: 31
Data (31 bytes)

0000 47 52 4f 55 50 20 73 66 66 2e 70 65 6f 70 6c 65 GROUP sff.people
0010 2e 61 6c 61 6e 2d 72 6f 64 67 65 72 73 0d 0a .alan-rodgers..

No.
32 bnetgame > rdrmshc [PSH, ACK] Seq=97 Ack=90 Win=64408 Len=53

Frame 32: 107 bytes on wire (856 bits), 107 bytes captured (856 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 71.252.193.52 (71.252.193.52), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: bnetgame (1119), Dst Port:
rdrmshc (1075), Seq: 97, Ack: 90, Len: 53
Data (53 bytes)

0000 32 31 31 20 31 30 32 35 20 38 30 31 35 20 39 31 211 1025 8015 91
0010 31 37 20 73 66 66 2e 70 65 6f 70 6c 65 2e 61 6c 17 sff.people.al
0020 61 6e 2d 72 6f 64 67 65 72 73 20 73 65 6c 65 63 an-rodgers selec
0030 74 65 64 0d 0a ted..

No.
33 rdrmshc > bnetgame [PSH, ACK] Seq=90 Ack=150 Win=64978 Len=29

Frame 33: 83 bytes on wire (664 bits), 83 bytes captured (664 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
71.252.193.52 (71.252.193.52)
Transmission Control Protocol, Src Port: rdrmshc (1075), Dst Port:
bnetgame (1119), Seq: 90, Ack: 150, Len: 29
Data (29 bytes)

0000 47 52 4f 55 50 20 73 66 66 2e 70 65 6f 70 6c 65 GROUP sff.people
0010 2e 62 72 6f 6f 6b 2d 77 65 73 74 0d 0a .brook-west..

No.
34 bnetgame > rdrmshc [PSH, ACK] Seq=150 Ack=119 Win=64379 Len=47

Frame 34: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 71.252.193.52 (71.252.193.52), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: bnetgame (1119), Dst Port:
rdrmshc (1075), Seq: 150, Ack: 119, Len: 47
Data (47 bytes)

0000 32 31 31 20 37 33 20 34 30 31 20 34 37 35 20 73 211 73 401 475 s
0010 66 66 2e 70 65 6f 70 6c 65 2e 62 72 6f 6f 6b 2d ff.people.brook-
0020 77 65 73 74 20 73 65 6c 65 63 74 65 64 0d 0a west selected..

No.
35 rdrmshc > bnetgame [PSH, ACK] Seq=119 Ack=197 Win=64931 Len=34

Frame 35: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
71.252.193.52 (71.252.193.52)
Transmission Control Protocol, Src Port: rdrmshc (1075), Dst Port:
bnetgame (1119), Seq: 119, Ack: 197, Len: 34
Data (34 bytes)

0000 47 52 4f 55 50 20 73 66 66 2e 70 65 6f 70 6c 65 GROUP sff.people
0010 2e 64 6f 79 6c 65 2d 6d 61 63 64 6f 6e 61 6c 64 .doyle-macdonald
0020 0d 0a ..

No.
36 bnetgame > rdrmshc [PSH, ACK] Seq=197 Ack=153 Win=64345 Len=58

Frame 36: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 71.252.193.52 (71.252.193.52), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: bnetgame (1119), Dst Port:
rdrmshc (1075), Seq: 197, Ack: 153, Len: 58
Data (58 bytes)

0000 32 31 31 20 31 30 36 34 20 32 31 35 39 35 20 32 211 1064 21595 2
0010 32 36 37 32 20 73 66 66 2e 70 65 6f 70 6c 65 2e 2672 sff.people.
0020 64 6f 79 6c 65 2d 6d 61 63 64 6f 6e 61 6c 64 20 doyle-macdonald
0030 73 65 6c 65 63 74 65 64 0d 0a selected..

No.
37 rdrmshc > bnetgame [PSH, ACK] Seq=153 Ack=255 Win=64873 Len=22

Frame 37: 76 bytes on wire (608 bits), 76 bytes captured (608 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
71.252.193.52 (71.252.193.52)
Transmission Control Protocol, Src Port: rdrmshc (1075), Dst Port:
bnetgame (1119), Seq: 153, Ack: 255, Len: 22
Data (22 bytes)

0000 47 52 4f 55 50 20 73 66 66 2e 70 65 6f 70 6c 65 GROUP sff.people
0010 2e 6c 77 65 0d 0a .lwe..

No.
38 bnetgame > rdrmshc [PSH, ACK] Seq=255 Ack=175 Win=64323 Len=46

Frame 38: 100 bytes on wire (800 bits), 100 bytes captured (800 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 71.252.193.52 (71.252.193.52), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: bnetgame (1119), Dst Port:
rdrmshc (1075), Seq: 255, Ack: 175, Len: 46
Data (46 bytes)

0000 32 31 31 20 31 31 36 33 20 39 38 33 35 37 20 39 211 1163 98357 9
0010 39 35 32 33 20 73 66 66 2e 70 65 6f 70 6c 65 2e 9523 sff.people.
0020 6c 77 65 20 73 65 6c 65 63 74 65 64 0d 0a lwe selected..

No.
39 rdrmshc > bnetgame [PSH, ACK] Seq=175 Ack=301 Win=64827 Len=31

Frame 39: 85 bytes on wire (680 bits), 85 bytes captured (680 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
71.252.193.52 (71.252.193.52)
Transmission Control Protocol, Src Port: rdrmshc (1075), Dst Port:
bnetgame (1119), Seq: 175, Ack: 301, Len: 31
Data (31 bytes)

0000 47 52 4f 55 50 20 73 66 66 2e 70 65 6f 70 6c 65 GROUP sff.people
0010 2e 6d 69 74 63 68 2d 77 61 67 6e 65 72 0d 0a .mitch-wagner..

No.
40 bnetgame > rdrmshc [PSH, ACK] Seq=301 Ack=206 Win=64292 Len=54

Frame 40: 108 bytes on wire (864 bits), 108 bytes captured (864 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 71.252.193.52 (71.252.193.52), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: bnetgame (1119), Dst Port:
rdrmshc (1075), Seq: 301, Ack: 206, Len: 54
Data (54 bytes)

0000 32 31 31 20 31 31 32 30 20 38 39 37 33 20 31 30 211 1120 8973 10
0010 31 30 39 20 73 66 66 2e 70 65 6f 70 6c 65 2e 6d 109 sff.people.m
0020 69 74 63 68 2d 77 61 67 6e 65 72 20 73 65 6c 65 itch-wagner sele
0030 63 74 65 64 0d 0a cted..

No.
41 rdrmshc > bnetgame [ACK] Seq=206 Ack=355 Win=64773 Len=0

Frame 41: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
71.252.193.52 (71.252.193.52)
Transmission Control Protocol, Src Port: rdrmshc (1075), Dst Port:
bnetgame (1119), Seq: 206, Ack: 355, Len: 0

No.
42 1ci-smcs > park-agent [SYN] Seq=0 Win=65535 Len=0 MSS=1460
SACK_PERM=1

Frame 42: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 1ci-smcs (3091), Dst Port: park-
agent (5431), Seq: 0, Len: 0

No.
43 park-agent > 1ci-smcs [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=
1460 SACK_PERM=1

Frame 43: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: park-agent (5431), Dst Port:
1ci-smcs (3091), Seq: 0, Ack: 1, Len: 0

No.
44 1ci-smcs > park-agent [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 44: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 1ci-smcs (3091), Dst Port: park-
agent (5431), Seq: 1, Ack: 1, Len: 0

No.
45 SUBSCRIBE /uuid:105f068f-8600-0086-8f06-
5f105f8f000002/WANPPPConnection:1 HTTP/1.1

Frame 45: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits)
on interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 1ci-smcs (3091), Dst Port: park-
agent (5431), Seq: 1, Ack: 1, Len: 328
Hypertext Transfer Protocol

No.
46 park-agent > 1ci-smcs [ACK] Seq=1 Ack=329 Win=6432 Len=0

Frame 46: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: park-agent (5431), Dst Port:
1ci-smcs (3091), Seq: 1, Ack: 329, Len: 0

No.
47 HTTP/1.1 200 OK

Frame 47: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits)
on interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: park-agent (5431), Dst Port:
1ci-smcs (3091), Seq: 1, Ack: 329, Len: 131
Hypertext Transfer Protocol

No.
48 SUBSCRIBE /uuid:105f068f-8600-0086-8f06-
5f105f8f000001/WANCommonInterfaceConfig:1 HTTP/1.1

Frame 48: 390 bytes on wire (3120 bits), 390 bytes captured (3120 bits)
on interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 1ci-smcs (3091), Dst Port: park-
agent (5431), Seq: 329, Ack: 132, Len: 336
Hypertext Transfer Protocol

No.
49 HTTP/1.1 200 OK

Frame 49: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits)
on interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: park-agent (5431), Dst Port:
1ci-smcs (3091), Seq: 132, Ack: 665, Len: 131
Hypertext Transfer Protocol

No.
50 1ci-smcs > park-agent [ACK] Seq=665 Ack=263 Win=65273 Len=0

Frame 50: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 1ci-smcs (3091), Dst Port: park-
agent (5431), Seq: 665, Ack: 263, Len: 0

No.
51 jdl-dbkitchen > nntp [FIN, ACK] Seq=37 Ack=88 Win=65448 Len=0

Frame 51: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: jdl-dbkitchen (3086), Dst Port:
nntp (119), Seq: 37, Ack: 88, Len: 0

No.
52 nntp > jdl-dbkitchen [ACK] Seq=88 Ack=38 Win=65499 Len=0

Frame 52: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: jdl-
dbkitchen (3086), Seq: 88, Ack: 38, Len: 0

No.
53 nntp > jdl-dbkitchen [FIN, ACK] Seq=88 Ack=38 Win=65499 Len=0

Frame 53: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: jdl-
dbkitchen (3086), Seq: 88, Ack: 38, Len: 0

No.
54 jdl-dbkitchen > nntp [ACK] Seq=38 Ack=89 Win=65448 Len=0

Frame 54: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: jdl-dbkitchen (3086), Dst Port:
nntp (119), Seq: 38, Ack: 89, Len: 0

No.
55 xdtp > nntp [FIN, ACK] Seq=33 Ack=86 Win=65450 Len=0

Frame 55: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: xdtp (3088), Dst Port: nntp
(119), Seq: 33, Ack: 86, Len: 0

No.
56 nntp > xdtp [ACK] Seq=86 Ack=34 Win=65503 Len=0

Frame 56: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: xdtp
(3088), Seq: 86, Ack: 34, Len: 0

No.
57 nntp > xdtp [FIN, ACK] Seq=86 Ack=34 Win=65503 Len=0

Frame 57: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 98.100.194.170 (98.100.194.170), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: nntp (119), Dst Port: xdtp
(3088), Seq: 86, Ack: 34, Len: 0

No.
58 xdtp > nntp [ACK] Seq=34 Ack=87 Win=65450 Len=0

Frame 58: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
98.100.194.170 (98.100.194.170)
Transmission Control Protocol, Src Port: xdtp (3088), Dst Port: nntp
(119), Seq: 34, Ack: 87, Len: 0

No.
59 park-agent > 1ci-smcs [FIN, ACK] Seq=263 Ack=665 Win=7504 Len=0

Frame 59: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: Actionte_8f:86:00 (10:5f:06:8f:86:00), Dst: Intel_
5a:b1:0c (00:11:11:5a:b1:0c)
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst:
192.168.0.2 (192.168.0.2)
Transmission Control Protocol, Src Port: park-agent (5431), Dst Port:
1ci-smcs (3091), Seq: 263, Ack: 665, Len: 0

No.
60 1ci-smcs > park-agent [ACK] Seq=665 Ack=264 Win=65273 Len=0

Frame 60: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on
interface 0
Ethernet II, Src: Intel_5a:b1:0c (00:11:11:5a:b1:0c), Dst: Actionte_
8f:86:00 (10:5f:06:8f:86:00)
Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst:
192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 1ci-smcs (3091), Dst Port: park-
agent (5431), Seq: 665, Ack: 264, Len: 0

Ken

 

[KenK]

This Wireshark scan is
Thunderbird trying to get Optimax headers.

I just looked at the trace I posted. It seems to be for the Sff news
server, not Optimax. I just checked T-bird settings and it is set only
for Optimax news server and during the scan I was trying to get message
headers for Pub group only. I do not know what is going on. T-bird
unsuccessfully trying to get headers for Sff groups. Even if wrong news
server, Xnews gets its (Sff's) groups with no problem.

I'm sorry. I don't know what's going on. <sigh> I just made another
Wireshark trace and see absolutely nothing I recognize. Came out over
twice as large as last trace. I'm afraid this whole thing is getting
hopeless. Guess I'll have to write off the possibility of reading the
Optimax news sever on my emachine.

Ken

 

[Paul]

Tried Pastebin again. Submitter this data twice but couldn't find a URL.
Therefore posting here. Hope this is better than last try. BTW, tried a
new version of Xnews - still didn't work. This Wireshark scan is
Thunderbird trying to get Optimax headers.

When you click "Submit" on Pastebin, the page will re-display after
a moment. It will look like nothing has changed, but look at the
URL bar in your browser. It will have an additional chunk of characters
on the end of the URL.

Copy the entire (new) URL showing in the URL bar. That is how you
navigate back to the page with the pasted text in it. If you want
to give the text to someone, you give them the URL from the URL
bar, after the Submit button was clicked.

*******

Any time I make dynamic content on the Internet, I "test" the URL
before posting it. For example, with tinypic.com URLs, I open a
separate browser window, paste in the URL, and have a look to see
if what I put up, is still there. You can do the same thing with the
Pastebin one, verify in a new window that your data is there.

Paul

 

[Paul]

I just looked at the trace I posted. It seems to be for the Sff news
server, not Optimax. I just checked T-bird settings and it is set only
for Optimax news server and during the scan I was trying to get message
headers for Pub group only. I do not know what is going on. T-bird
unsuccessfully trying to get headers for Sff groups. Even if wrong news
server, Xnews gets its (Sff's) groups with no problem.

I'm sorry. I don't know what's going on. <sigh> I just made another
Wireshark trace and see absolutely nothing I recognize. Came out over
twice as large as last trace. I'm afraid this whole thing is getting
hopeless. Guess I'll have to write off the possibility of reading the
Optimax news sever on my emachine.

Ken

A question for you. How many LAN connections do you have ?

I have a theory that maybe that trace isn't complete. Wireshark,
you tell it to look at a specific interface. What if you had
a second interface, and some of the packets were on there
instead ?

I would review your network setup, like if you have both Wifi and
Ethernet cable, make sure that things are put together in a
simple-to-understand way.

The reason I say that, is I see

Response: 200 Optimax-NNTP, Optimax-Hamster V1.24 Src: 98.100.194.170 Src Port: nntp (119)
Response: 200 ignored Src: 98.100.194.170 Src Port: nntp (119)

It's almost like another path from your machine is sending
a request as well or something.

If I go to Command Prompt and enter

ipconfig /all

currently I get

Windows IP Configuration

<five lines of generic stuff...>

Ethernet adapter Local Area Connection 3

...
IP Address 192.168.20.34
...
Lease Obtained
Lease Espires

and there is just the one interface evident there.
I don't have any IPV6 or anything, showing.

Maybe both your wired and wireless are running at the
same time. The OS is supposed to have a solution for that
(metrics), to figure out which path to use, so it's not
supposed to be a problem. Maybe you need Wireshark to collect
info from both. Or alternately, simplify the setup so it's
a bit easier to analyze.

Paul

 

[KenK]

A question for you. How many LAN connections do you have ?

Disconnected them when I hooked up DSL modem to the Ethernet socket on my
emachine. So none. After I get the newsreader working - if I do - I'll work
on LAN. I think I just need to plug Ethernet line from backup system
(Compaq) into CenturyLink DSL modem next to the one from emachine and I'll
get DSL to Compaq and restore LAN.

I have a theory that maybe that trace isn't complete. Wireshark,
you tell it to look at a specific interface. What if you had
a second interface, and some of the packets were on there
instead ?

I would review your network setup, like if you have both Wifi and
Ethernet cable, make sure that things are put together in a
simple-to-understand way.

No Wi-fi. All I have is DSL modem hooked to emachine Ethernet port. Nothing
but CenturyLink ISP connected to DSL modem.

The reason I say that, is I see

Response: 200 Optimax-NNTP, Optimax-Hamster V1.24 Src:
98.100.194.170 Src Port: nntp (119) Response: 200 ignored
Src: 98.100.194.170 Src Port: nntp (119)

The Optimax - Hamster is the news server I'm trying to get headers from
that is not working. Or are you referring to something else I'm missing?
I'm pretty dense. Sorry.

That 119?

It's almost like another path from your machine is sending
a request as well or something.

If I go to Command Prompt and enter

ipconfig /all

currently I get

Windows IP Configuration

<five lines of generic stuff...>

Ethernet adapter Local Area Connection 3

...
IP Address 192.168.20.34
...
Lease Obtained
Lease Espires

and there is just the one interface evident there.
I don't have any IPV6 or anything, showing.

Maybe both your wired and wireless are running at the
same time. The OS is supposed to have a solution for that
(metrics), to figure out which path to use, so it's not
supposed to be a problem. Maybe you need Wireshark to collect
info from both. Or alternately, simplify the setup so it's
a bit easier to analyze.

Another thing. When I use Xnews on the emachine it connects to Individual
net (Usenet) and Sci-fi (SFF) news servers with no problem. When it tries
to get headers and counts from Optimax it only gets the number of messages
(but not the headers themselves) for the first group, then times out.
Optimax works fine with Xnews on Compaq.

I'll read your message again later when I have more time.

Paul

Ken

 

[KenK]

If I go to Command Prompt and enter

ipconfig /all

currently I get

Windows IP Configuration

<five lines of generic stuff...>

Ethernet adapter Local Area Connection 3

...
IP Address 192.168.20.34
...
Lease Obtained
Lease Espires

and there is just the one interface evident there.
I don't have any IPV6 or anything, showing.

I see the same thing. Nothing about wi-fi, LAN or anything alse I don't
expect.

Ken

 

[KenK]

When I use Xnews on the emachine it connects to Individual
net (Usenet) and Sci-fi (SFF) news servers with no problem. When it
tries to get headers and counts from Optimax it only gets the number
of messages (but not the headers themselves) for the first group, then
times out. Optimax works fine with Xnews on Compaq.

New news. The past two mornings Xnews pulled up the Optimax headers and
messages normally. Unfortunately, back to the usual not working today.

However, though Xnews read and posted ok after I started it, a few hours
later it failed to read or post - while Xnews Usenet connection through
Individual news server continued to work fine. I wonder why it worked
partially. Evidently there's no port number (119) problem? No DSL or DSL
modem problem? No Xnews problem? I don't know. Any new guesses?

Stupidly, I didn't check Thunderbird the days Xnews worked with Optimax.
Might have been interesting.

Ken

 

[Paul]

New news. The past two mornings Xnews pulled up the Optimax headers and
messages normally. Unfortunately, back to the usual not working today.

However, though Xnews read and posted ok after I started it, a few hours
later it failed to read or post - while Xnews Usenet connection through
Individual news server continued to work fine. I wonder why it worked
partially. Evidently there's no port number (119) problem? No DSL or DSL
modem problem? No Xnews problem? I don't know. Any new guesses?

Stupidly, I didn't check Thunderbird the days Xnews worked with Optimax.
Might have been interesting.

Ken

Well, we always like "cheerily non-reproducible" results on a computer
While the problem could be at the ISP end, I don't see a reason for it.
My ISP here doesn't screw around too much. The previous ISP did a few
things, but there was usually an email stream with some advanced notice.

On your end of things, were there any network configuration differences ?
Another device connected to the router ? Different software running
on the machine itself ?

There was a case a couple weeks ago, of a strange network outage,
and it was a dirty NIC connector. Unplugging and replugging fixed it.
The symptoms there, were lots of things worked, and one specific
thing did not. Exactly how you could get a dirty connector
to do that just doesn't make sense. But that's the world
we live in.

Paul

 

[KenK]

On your end of things, were there any network configuration
differences ?
Nope.

Another device connected to the router ? Nope.
Nope.

Different software running
on the machine itself ?

Nope.

Obviously the machine has been hexed by an enemy. Didn't know I had any.
<sigh>

I'll let you know of any interesting new symptoms.

Ken