• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Yet another SMTP post

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Yet another SMTP post Page: [1]
Login
Message << Older Topic   Newer Topic >>
Yet another SMTP post - 14.Jan.2003 9:05:00 PM   
Jared

 

Posts: 16
Joined: 10.Jan.2003
From: Edmonton, Alberta, Canada
Status: offline
Hey there everybody,

I have been scouring the site/message boards for info on the specific issue I'm having with SMTP access for the last few days since I joined.

Either way, here it is...

I have SP1 installed... general wide open protocol rules, and at this moment even a specific destination set for allowing access to my external mail servers....

here is the issue....

client with FWC cannot send email thru Outlook/Outlook Express.... can receive but cannot send... basically, the connection is made... the email appears to be sent... but there is no disconnect... the error that comes back is a timeout error... leading me to think something about packet filtering???

Of course, same workstation changed to SecureNAT client.... no problems what-so-ever.... LOL

I apoligize if this has been covered... I haven't found anything quit the same as this... and I didn't wanna be a weeny by posting without researching!

Any help would be appreciated....

Thanx everybody... and to the moderators: Thank you soo much for this site! I have learned a lot already..... "[Wink]"

Radar14 "[Confused]"
Post #: 1
RE: Yet another SMTP post - 15.Jan.2003 6:41:00 PM   
Jared

 

Posts: 16
Joined: 10.Jan.2003
From: Edmonton, Alberta, Canada
Status: offline
no ideas??? no worries... it's all good... i'll keep looking!

Radar14

(in reply to Jared)
Post #: 2
RE: Yet another SMTP post - 15.Jan.2003 9:37:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Radar,

No ideas. It can't be a name resolution issue because POP3 works, and I'm assuming you're connecting to both POP3 and SMTP servers by name.

Tom

(in reply to Jared)
Post #: 3
RE: Yet another SMTP post - 16.Jan.2003 8:57:00 AM   
Jared

 

Posts: 16
Joined: 10.Jan.2003
From: Edmonton, Alberta, Canada
Status: offline
That's right... I am connecting by name.... [Smile]

Thanx for the response! Eitherway.... I am determined to figure this out.... I will post if I find the answer..... I'd wager that it is something silly/overlooked..... [Wink]

Radar14 [Cool]

(in reply to Jared)
Post #: 4
RE: Yet another SMTP post - 17.Jan.2003 10:08:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Radar,

Thanks! Yes, please let us know when you figure out this mystery.

Tom

(in reply to Jared)
Post #: 5
RE: Yet another SMTP post - 17.Jan.2003 10:13:00 PM   
Jared

 

Posts: 16
Joined: 10.Jan.2003
From: Edmonton, Alberta, Canada
Status: offline
Okay... I am still searching... but I may be closer!

I have been trying to understand what is happening in the logs. Here is a sample:

Fire Wall Log

#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2003-01-17 20:59:50
#Fields: c-ip cs-username c-agent date time s-computername r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation sc-status sessionid connectionid
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:50 RADARSRV incoming.lincsat.com 198.96.220.2 - - - - - - GHBN 0 2 0
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:53 RADARSRV - 66.82.20.94 25 3015 - - 25 TCP Connect 0 2 1
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:58 RADARSRV incoming.lincsat.com 198.96.220.2 - - - - - - GHBN 0 3 0
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:58 RADARSRV - 198.96.220.2 110 - - - 110 TCP Connect 0 3 2
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:58 RADARSRV - 198.96.220.2 110 - - - 110 TCP Connect 0 3 2
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:00:07 RADARSRV smtp.direcway.com 66.82.20.94 - - - - - - GHBN 0 3 0
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:00:07 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 3 3
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:00:07 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 3 3
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:00:30 RADARSRV - 198.96.220.2 110 32860 50 81 110 TCP Connect 20000 3 2
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:33 RADARSRV - 66.82.20.94 25 85735 9075 319 25 TCP Connect 20001 3 3
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:33 RADARSRV - 66.82.20.94 25 103125 - - 25 TCP Connect 20001 2 1
#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2003-01-17 21:01:48
#Fields: c-ip cs-username c-agent date time s-computername r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation sc-status sessionid connectionid
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:48 RADARSRV smtp.direcway.com 66.82.20.94 - - - - - - GHBN 0 2 0
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:52 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 2 1
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:52 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 2 1
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:06:16 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 2 2
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:06:16 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 2 2

Ip Packet Log

2003-01-17 21:05:19 66.82.20.94 192.168.0.12 Tcp 25 3086 BLOCKED 192.168.0.12
2003-01-17 21:05:19 66.82.20.94 192.168.0.12 Tcp 25 3086 BLOCKED 192.168.0.12
2003-01-17 21:05:19 66.82.20.94 192.168.0.12 Tcp 25 3086 BLOCKED 192.168.0.12

I'm wondering if there is a secondary connection being blocked??? or something along those lines... if there is, and the port setting changes, how do I create the proper packet filter to allow the info back in...

Once again, I make a connection, the email seems to send, but there is no disconnect!

Any input would be greatly appreciated!

Thanx,

Radar14

(in reply to Jared)
Post #: 6
RE: Yet another SMTP post - 18.Jan.2003 4:42:00 PM   
Guest
I am having the sam issue using external SMTP (Internet side of IIS) servers. Receive pop3 mail is fine. Sending SMTP through Outlook 2000. Outlook XP, and other verious versions of Outlook express fails with a lost connection error. I think that dynamic prots may be the issue but have trided various ways around and still fail on outgoing mail. Help would be great.
BTW this worked great with proxy2. A direct connect with the offending machines also works fine.
Thanks,
Vince

(in reply to Jared)
  Post #: 7
RE: Yet another SMTP post - 18.Jan.2003 9:04:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Radar14:
Okay... I am still searching... but I may be closer!

I have been trying to understand what is happening in the logs. Here is a sample:

Fire Wall Log

#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2003-01-17 20:59:50
#Fields: c-ip cs-username c-agent date time s-computername r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation sc-status sessionid connectionid
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:50 RADARSRV incoming.lincsat.com 198.96.220.2 - - - - - - GHBN 0 2 0
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:53 RADARSRV - 66.82.20.94 25 3015 - - 25 TCP Connect 0 2 1
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:58 RADARSRV incoming.lincsat.com 198.96.220.2 - - - - - - GHBN 0 3 0
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:58 RADARSRV - 198.96.220.2 110 - - - 110 TCP Connect 0 3 2
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 20:59:58 RADARSRV - 198.96.220.2 110 - - - 110 TCP Connect 0 3 2
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:00:07 RADARSRV smtp.direcway.com 66.82.20.94 - - - - - - GHBN 0 3 0
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:00:07 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 3 3
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:00:07 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 3 3
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:00:30 RADARSRV - 198.96.220.2 110 32860 50 81 110 TCP Connect 20000 3 2
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:33 RADARSRV - 66.82.20.94 25 85735 9075 319 25 TCP Connect 20001 3 3
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:33 RADARSRV - 66.82.20.94 25 103125 - - 25 TCP Connect 20001 2 1
#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2003-01-17 21:01:48
#Fields: c-ip cs-username c-agent date time s-computername r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation sc-status sessionid connectionid
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:48 RADARSRV smtp.direcway.com 66.82.20.94 - - - - - - GHBN 0 2 0
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:52 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 2 1
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:01:52 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 2 1
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:06:16 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 2 2
192.168.1.14 Jared msimn.exe:3:5.1 2003-01-17 21:06:16 RADARSRV - 66.82.20.94 25 - - - 25 TCP Connect 0 2 2

Ip Packet Log

2003-01-17 21:05:19 66.82.20.94 192.168.0.12 Tcp 25 3086 BLOCKED 192.168.0.12
2003-01-17 21:05:19 66.82.20.94 192.168.0.12 Tcp 25 3086 BLOCKED 192.168.0.12
2003-01-17 21:05:19 66.82.20.94 192.168.0.12 Tcp 25 3086 BLOCKED 192.168.0.12

I'm wondering if there is a secondary connection being blocked??? or something along those lines... if there is, and the port setting changes, how do I create the proper packet filter to allow the info back in...

Once again, I make a connection, the email seems to send, but there is no disconnect!

Any input would be greatly appreciated!

Thanx,

Radar14

Hi Radar,

The 20001 is a "connection terminated abnormally" error. Enable ALL log file fields and maybe we can figure out if a particular Rule is stopping the connection.

What Protocol Rules and Site/Content Rules do you already have in place?

Thanks!
Tom

(in reply to Jared)
Post #: 8
RE: Yet another SMTP post - 18.Jan.2003 9:06:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hey guys,

This might help you:

===========================
A Description of the Various Log Files and Fields

--------------------------------------------------------------------------------
The information in this article applies to:

Microsoft Internet Security and Acceleration Server 2000

--------------------------------------------------------------------------------

SUMMARY
This article describes the various log files and fields. This information is a supplement to the Internet Security and Acceleration (ISA) Server product documentation.

MORE INFORMATION

Packet Filters Log
The ISA Server packet filter log contains entries about the packets that had been handled by the ISA Server packet filter. By default, only "dropped" packets are logged. If an administrator wants to log all of the packets that are dropped and enabled by the firewall, the administrator can enable that option in the IP packet filters dialog box:
Open the ISA Management user interface.

Open the Server or Array node that you want to manage.

Open the Access Policy node.

Right-click the IP packet filters folder, and then click Properties.

On the Packet filters tab, click to select the Log packets from allow filters check box. If you enable this option, the packet filter logs can be potentially very large, depending upon the amount of traffic that ISA Server handles.

NOTE: For a detailed description of the log fields, refer to the ISA Server product documentation. If you set the LogAllInterfaces registry key, the packets that are sent to the internal interface of the firewall are dropped and logged in the packet filter log. These packets are logged as "internal" to distinguish them from blocked packets that arrive from the external interface.
ISA Server Firewall Service Log
There are two fields: Bytes that are sent (cs-bytes) and the bytes that are received (sc-bytes). These two fields provide valuable information about the connection, for example, the actual amount of data and the direction of data that has been either sent or received. These fields indicate the data size for the individual loggings. For the outbound User Datagram Protocol (UDP) traffic, the last log entry summarizes the traffic on the connection.

Operation field (s-operation):
The following operations may be displayed in the firewall log operation field:

"Connect" - Transmission Control Protocol (TCP) connection request (outgoing)
"Bind" - Internal firewall service operation (port bind request)
"Listen" - Internal firewall service operation (listen on specific port)
"Accept" - TCP connection request (incoming)
"UdpMap" - A UDP mapping has been created
"GHBN" - Get host by name request
"GHBA" - Get host by address request

Result code (sc-status):
The following additional result codes that relate to the logged event may be displayed. Other values may seem to indicate a Web request status result or a communications error code. Refer to the ISA Server product documentation for a list of other possible values.

"0" - Operation had been successful
"13301" - Request denied by the firewall policy
"20000" - Connection terminated normally
"20001" - Connection terminated abnormally
"20002" - Malformed request packet

Rule#1 and Rule#2 Fields
These two fields specify the rule that either accepted or denied the request. If a rule is not mentioned for a denied request, an implicit denial occurred (for the default behavior, if a rule does not enable certain traffic, the request is rejected). Refer to the ISA Server product documentation for a complete explanation of those fields.
Traffic Analysis
Analyzing TCP Traffic
In the case of TCP traffic, the firewall log can indicate a "connect" operation (outbound access) or an "accept" operation (inbound access). The status field indicates whether this operation had been successful, had been rejected, or had resulted in an error. The other various fields indicate the Internet Protocol (IP) addresses of the client and server, the ports involved, and the rules that applied to the traffic.
Analyzing UDP traffic
In the case of UDP traffic, the firewall log can display both the "bind" and the "udpMap" operations. These operations indicate that a mapping had been requested for that UDP traffic. (A UDP mapping is a virtual association of the datagram traffic. There is no actual connection in the case of UDP traffic).

The connection and session identification (ID) fields can help to distinguish between overlapping (interleaving) operations, if such operations exist. A single session ID can represent the traffic that has been sent on a virtual connection. Session IDs represent firewall client connections (the same ID equals [=] the same process). Or, in the case of secure network address translation (SecureNAT) clients, the same ID equals (=) the same client IP. Connection IDs represent "remote sockets." Same-connection ID means same-connection TCP or the same local port for UDP. As always, the status field has to be checked to verify if the operation had been enabled, rejected, or resulted in an error. As previously mentioned, the "bytes sent" and the "bytes received" fields indicate the amount and the direction of data that had been either sent or received during the connection.

To distinguish between the success and the failure of a UDP request, and the bytes sent in the transaction (if any), the relevant fields must be checked:
The "Rule#1" field indicates the rule that either enabled or denied the traffic (either a Protocol rule or a Server Publishing rule). If a rule is not logged, the traffic had been implicitly denied for not having any relevant Allow rule.

The "cs-bytes" and "sc-bytes" fields indicate the number of bytes sent and received (respectively) on the connection.

For outbound UDP traffic, the last log entry summarizes the traffic on the connection. The "cs-bytes" and "sc-bytes" fields indicate the total amount of bytes that had been sent and received, respectively. The "Rule#1" and the "Rule#2" fields can be checked to find the rules that had been involved in the traffic denial.

NOTE: Because of the connectionless nature of UDP traffic, there is no guarantee that a sent packet reached its destination. Therefore, an operation that had been logged as successfully completed by the firewall log merely indicates that the packet had been sent, and not that the packet had been received by the destination computer.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
Q283213 Blocking and Logging Traffic on ISA Server Internal Interfaces

Additional query words:

Keywords : kbenv kbtool
Issue type : kbinfo
Technology : kbAudDeveloper kbISAS2000 kbISAServSearch
===============================

HTH,
Tom

(in reply to Jared)
Post #: 9
RE: Yet another SMTP post - 20.Jan.2003 6:42:00 PM   
Jared

 

Posts: 16
Joined: 10.Jan.2003
From: Edmonton, Alberta, Canada
Status: offline
Wow thanx so much for the article Tom.... [Wink]

A thought.... would the 20001 error be caused by me terminating the attempt by choosing the stop button???

I am generating logs... and will post shortly

Thanx again...

Radar14

(in reply to Jared)
Post #: 10
RE: Yet another SMTP post - 21.Jan.2003 2:43:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Radar,

I don't think so, but I can't say for sure. Let us know what you find out.

Thanks!
Tom

(in reply to Jared)
Post #: 11
RE: Yet another SMTP post - 21.Jan.2003 6:13:00 PM   
Jared

 

Posts: 16
Joined: 10.Jan.2003
From: Edmonton, Alberta, Canada
Status: offline
Okay..... here are the results of complete logging for both the FWC and IP packets... Maybe it is a small thing but any idea why the time on the log files is different than that of the server??? Time on log files is 17:00 time they were generated 10:00...

As well I apologize for the size of the logs... they are from the same session.... Thanx for the help! [Smile]

Radar14

Fire Wall Log

#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2003-01-21 06:04:47
#Fields: c-ip cs-username c-agent sc-authenticated date time s-svcname s-computername cs-referred r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation cs-uri cs-mime-type s-object-source sc-status s-cache-info rule#1 rule#2 sessionid connectionid

192.168.1.14 Jared mstsc.exe:3:5.1 N 2003-01-21 16:35:11 fwsrv RADARSRV - 192.168.1.1 192.168.1.1 - - - - - - GHBN - - - 0 - - Allow rule 9 0
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 16:49:45 fwsrv RADARSRV - smtp.direcway.com 66.82.20.92 - 2015 - - - - GHBN - - - 0 - - Mail 10 0
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 16:49:45 fwsrv RADARSRV - - 66.82.20.92 25 - - - 25 TCP Connect - - - 0 - Internet Rule Mail 10 11
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 16:49:45 fwsrv RADARSRV - - 66.82.20.92 25 - - - 25 TCP Connect - - - 0 - Internet Rule Mail 10 11
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 16:55:19 fwsrv RADARSRV - - 66.82.20.92 25 334063 10578 319 25 TCP Connect - - - 20000 - Internet Rule Mail 10 11
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 16:57:11 fwsrv RADARSRV - - 66.82.20.92 25 - - - 25 TCP Connect - - - 0 - Internet Rule Mail 11 12
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 16:57:11 fwsrv RADARSRV - - 66.82.20.92 25 - - - 25 TCP Connect - - - 0 - Internet Rule Mail 11 12
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:02:19 fwsrv RADARSRV - - 66.82.20.92 25 307969 10578 319 25 TCP Connect - - - 20000 - Internet Rule Mail 11 12
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:02:47 fwsrv RADARSRV - - 66.82.20.92 25 - - - 25 TCP Connect - - - 0 - Internet Rule Mail 11 13
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:02:47 fwsrv RADARSRV - - 66.82.20.92 25 - - - 25 TCP Connect - - - 0 - Internet Rule Mail 11 13
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:03:26 fwsrv RADARSRV - incoming.lincsat.com 198.96.220.2 - - - - - - GHBN - - - 0 - - Mail 11 0
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:03:26 fwsrv RADARSRV - - 198.96.220.2 110 - - - 110 TCP Connect - - - 0 - Internet Rule Mail 11 14
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:03:26 fwsrv RADARSRV - - 198.96.220.2 110 - - - 110 TCP Connect - - - 0 - Internet Rule Mail 11 14
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:03:31 fwsrv RADARSRV - pop3.direcway.com 66.82.20.91 - - - - - - GHBN - - - 0 - - Mail 11 0
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:03:31 fwsrv RADARSRV - - 66.82.20.91 110 - - - 110 TCP Connect - - - 0 - Internet Rule Mail 11 15
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:03:31 fwsrv RADARSRV - - 66.82.20.91 110 16 - - 110 TCP Connect - - - 0 - Internet Rule Mail 11 15
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:04:19 fwsrv RADARSRV - - 198.96.220.2 110 53313 50 81 110 TCP Connect - - - 20000 - Internet Rule Mail 11 14
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:04:19 fwsrv RADARSRV - - 66.82.20.91 110 48407 49 168 110 TCP Connect - - - 20000 - Internet Rule Mail 11 15
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:06:20 fwsrv RADARSRV - - 66.82.20.92 25 - - - 25 TCP Connect - - - 0 - Internet Rule Mail 11 16
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:06:20 fwsrv RADARSRV - - 66.82.20.92 25 16 - - 25 TCP Connect - - - 0 - Internet Rule Mail 11 16
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:06:29 fwsrv RADARSRV - - 66.82.20.92 25 - - - 25 TCP Connect - - - 0 - Internet Rule Mail 11 17
192.168.1.14 Jared msimn.exe:3:5.1 N 2003-01-21 17:06:29 fwsrv RADARSRV - - 66.82.20.92 25 - - - 25 TCP Connect - - - 0 - Internet Rule Mail 11 17

Ip Packet Log

2003-01-21 17:06:21 192.168.0.12 66.82.20.92 Tcp 3872 25 SYN ALLOWED 192.168.0.12 45 00 00 30 1a 54 40 00 80 06 c9 11 c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 6d 00 00 00 00 70 02 fa f0 4f e0 00 00
2003-01-21 17:06:22 66.82.20.92 192.168.0.12 Tcp 25 3872 SYN ACK ALLOWED 192.168.0.12 45 00 00 30 42 f4 40 00 3b 06 e5 71 42 52 14 5c c0 a8 00 0c 00 19 0f 20 96 ce b7 dd 2a 45 e7 6e 70 12 63 d8 98 3b 00 00
2003-01-21 17:06:22 192.168.0.12 66.82.20.92 Tcp 3872 25 ACK ALLOWED 192.168.0.12 45 00 00 28 1a 57 40 00 80 06 c9 16 c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 6e 96 ce b7 de 50 10 fa f0 2d e7 00 00
2003-01-21 17:06:22 66.82.20.92 192.168.0.12 Tcp 25 3872 PSH ACK ALLOWED 192.168.0.12 45 00 00 c8 42 f5 40 00 3b 06 e4 d8 42 52 14 5c c0 a8 00 0c 00 19 0f 20 96 ce b7 de 2a 45 e7 6e 50 18 63 d8 a7 b1 00 00
2003-01-21 17:06:22 192.168.0.12 66.82.20.92 Tcp 3872 25 PSH ACK ALLOWED 192.168.0.12 45 00 00 36 1a 59 40 00 80 06 c9 06 c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 6e 96 ce b8 7e 50 18 fa 50 30 79 00 00
2003-01-21 17:06:23 66.82.20.92 192.168.0.12 Tcp 25 3872 ACK ALLOWED 192.168.0.12 45 00 00 28 42 f6 40 00 3b 06 e5 77 42 52 14 5c c0 a8 00 0c 00 19 0f 20 96 ce b8 7e 2a 45 e7 7c 50 10 63 d8 c4 51 00 00
2003-01-21 17:06:23 66.82.20.92 192.168.0.12 Tcp 25 3872 PSH ACK ALLOWED 192.168.0.12 45 00 00 46 42 f7 40 00 3b 06 e5 58 42 52 14 5c c0 a8 00 0c 00 19 0f 20 96 ce b8 7e 2a 45 e7 7c 50 18 63 d8 21 26 00 00
2003-01-21 17:06:23 192.168.0.12 66.82.20.92 Tcp 3872 25 PSH ACK ALLOWED 192.168.0.12 45 00 00 48 1a 5a 40 00 80 06 c8 f3 c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 7c 96 ce b8 9c 50 18 fa 32 d5 fb 00 00
2003-01-21 17:06:24 66.82.20.92 192.168.0.12 Tcp 25 3872 PSH ACK ALLOWED 192.168.0.12 45 00 00 4b 42 f8 40 00 3b 06 e5 52 42 52 14 5c c0 a8 00 0c 00 19 0f 20 96 ce b8 9c 2a 45 e7 9c 50 18 63 d8 b0 ac 00 00
2003-01-21 17:06:24 192.168.0.12 66.82.20.92 Tcp 3872 25 PSH ACK ALLOWED 192.168.0.12 45 00 00 52 1a 5b 40 00 80 06 c8 e8 c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 9c 96 ce b8 bf 50 18 fa 0f ae 58 00 00
2003-01-21 17:06:26 66.82.20.92 192.168.0.12 Tcp 25 3872 PSH ACK ALLOWED 192.168.0.12 45 00 00 5a 42 f9 40 00 3b 06 e5 42 42 52 14 5c c0 a8 00 0c 00 19 0f 20 96 ce b8 bf 2a 45 e7 c6 50 18 63 d8 06 9b 00 00
2003-01-21 17:06:26 192.168.0.12 66.82.20.92 Tcp 3872 25 PSH ACK ALLOWED 192.168.0.12 45 00 00 2e 1a 5c 40 00 80 06 c9 0b c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 c6 96 ce b8 f1 50 18 f9 dd 87 f4 00 00
2003-01-21 17:06:26 192.168.0.12 66.82.20.92 Tcp 3872 25 FIN ACK ALLOWED 192.168.0.12 45 00 00 28 1a 5d 40 00 80 06 c9 10 c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 cc 96 ce b8 f1 50 11 f9 dd 2d 88 00 00
2003-01-21 17:06:27 66.82.20.92 192.168.0.12 Tcp 25 3872 PSH ACK ALLOWED 192.168.0.12 45 00 00 54 42 fa 40 00 3b 06 e5 47 42 52 14 5c c0 a8 00 0c 00 19 0f 20 96 ce b8 f1 2a 45 e7 cc 50 18 63 d8 2e f0 00 00
2003-01-21 17:06:27 192.168.0.12 66.82.20.92 Tcp 3872 25 RST ALLOWED 192.168.0.12 45 00 00 28 1a 5e 40 00 80 06 c9 0f c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 cd 96 ce b8 f1 50 04 00 00 27 72 00 00
2003-01-21 17:06:27 66.82.20.92 192.168.0.12 Tcp 25 3872 ACK ALLOWED 192.168.0.12 45 00 00 28 42 fb 40 00 3b 06 e5 72 42 52 14 5c c0 a8 00 0c 00 19 0f 20 96 ce b9 1d 2a 45 e7 cd 50 10 63 d8 c3 61 00 00
2003-01-21 17:06:27 66.82.20.92 192.168.0.12 Tcp 25 3872 FIN ACK ALLOWED 192.168.0.12 45 00 00 28 42 fc 40 00 3b 06 e5 71 42 52 14 5c c0 a8 00 0c 00 19 0f 20 96 ce b9 1d 2a 45 e7 cd 50 11 63 d8 c3 60 00 00
2003-01-21 17:06:27 192.168.0.12 66.82.20.92 Tcp 3872 25 RST ALLOWED 192.168.0.12 45 00 00 28 1a 5f 00 00 80 06 09 0f c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 cd 2a 45 e7 cd 50 04 00 00 65 1f 00 00
2003-01-21 17:06:27 192.168.0.12 66.82.20.92 Tcp 3872 25 RST ALLOWED 192.168.0.12 45 00 00 28 1a 60 00 00 80 06 09 0e c0 a8 00 0c 42 52 14 5c 0f 20 00 19 2a 45 e7 cd 2a 45 e7 cd 50 04 00 00 65 1f 00 00
2003-01-21 17:06:29 192.168.0.12 66.82.20.92 Tcp 3874 25 SYN ALLOWED 192.168.0.12 45 00 00 30 1a 63 40 00 80 06 c9 02 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae 54 00 00 00 00 70 02 fa f0 88 da 00 00
2003-01-21 17:06:31 66.82.20.92 192.168.0.12 Tcp 25 3874 SYN ACK ALLOWED 192.168.0.12 45 00 00 30 42 fd 40 00 3b 06 e5 68 42 52 14 5c c0 a8 00 0c 00 19 0f 22 97 9e 61 d5 2a 62 ae 55 70 12 63 d8 26 6e 00 00
2003-01-21 17:06:31 192.168.0.12 66.82.20.92 Tcp 3874 25 ACK ALLOWED 192.168.0.12 45 00 00 28 1a 66 40 00 80 06 c9 07 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae 55 97 9e 61 d6 50 10 fa f0 bc 19 00 00
2003-01-21 17:06:32 66.82.20.92 192.168.0.12 Tcp 25 3874 PSH ACK ALLOWED 192.168.0.12 45 00 00 c8 42 fe 40 00 3b 06 e4 cf 42 52 14 5c c0 a8 00 0c 00 19 0f 22 97 9e 61 d6 2a 62 ae 55 50 18 63 d8 34 e6 00 00
2003-01-21 17:06:32 192.168.0.12 66.82.20.92 Tcp 3874 25 PSH ACK ALLOWED 192.168.0.12 45 00 00 36 1a 68 40 00 80 06 c8 f7 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae 55 97 9e 62 76 50 18 fa 50 be ab 00 00
2003-01-21 17:06:33 66.82.20.92 192.168.0.12 Tcp 25 3874 ACK ALLOWED 192.168.0.12 45 00 00 28 42 ff 40 00 3b 06 e5 6e 42 52 14 5c c0 a8 00 0c 00 19 0f 22 97 9e 62 76 2a 62 ae 63 50 10 63 d8 52 84 00 00
2003-01-21 17:06:33 66.82.20.92 192.168.0.12 Tcp 25 3874 PSH ACK ALLOWED 192.168.0.12 45 00 00 46 43 00 40 00 3b 06 e5 4f 42 52 14 5c c0 a8 00 0c 00 19 0f 22 97 9e 62 76 2a 62 ae 63 50 18 63 d8 af 58 00 00
2003-01-21 17:06:33 192.168.0.12 66.82.20.92 Tcp 3874 25 PSH ACK ALLOWED 192.168.0.12 45 00 00 48 1a 6a 40 00 80 06 c8 e3 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae 63 97 9e 62 94 50 18 fa 32 64 2e 00 00
2003-01-21 17:06:33 66.82.20.92 192.168.0.12 Tcp 25 3874 PSH ACK ALLOWED 192.168.0.12 45 00 00 4b 43 01 40 00 3b 06 e5 49 42 52 14 5c c0 a8 00 0c 00 19 0f 22 97 9e 62 94 2a 62 ae 83 50 18 63 d8 3e df 00 00
2003-01-21 17:06:33 192.168.0.12 66.82.20.92 Tcp 3874 25 PSH ACK ALLOWED 192.168.0.12 45 00 00 52 1a 6b 40 00 80 06 c8 d8 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae 83 97 9e 62 b7 50 18 fa 0f 3c 8b 00 00
2003-01-21 17:06:34 66.82.20.92 192.168.0.12 Tcp 25 3874 PSH ACK ALLOWED 192.168.0.12 45 00 00 5a 43 02 40 00 3b 06 e5 39 42 52 14 5c c0 a8 00 0c 00 19 0f 22 97 9e 62 b7 2a 62 ae ad 50 18 63 d8 94 cd 00 00
2003-01-21 17:06:34 192.168.0.12 66.82.20.92 Tcp 3874 25 PSH ACK ALLOWED 192.168.0.12 45 00 00 2e 1a 6c 40 00 80 06 c8 fb c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae ad 97 9e 62 e9 50 18 f9 dd 16 27 00 00
2003-01-21 17:06:35 66.82.20.92 192.168.0.12 Tcp 25 3874 PSH ACK ALLOWED 192.168.0.12 45 00 00 54 43 03 40 00 3b 06 e5 3e 42 52 14 5c c0 a8 00 0c 00 19 0f 22 97 9e 62 e9 2a 62 ae b3 50 18 63 d8 bd 22 00 00
2003-01-21 17:06:35 192.168.0.12 66.82.20.92 Tcp 3874 25 ACK ALLOWED 192.168.0.12 45 00 05 dc 1a 6d 40 00 80 06 c3 4c c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae b3 97 9e 63 15 50 10 f9 b1 c2 e0 00 00
2003-01-21 17:06:35 192.168.0.12 66.82.20.92 Tcp 3874 25 PSH ACK ALLOWED 192.168.0.12 45 00 01 2b 1a 6e 40 00 80 06 c7 fc c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 b4 67 97 9e 63 15 50 18 f9 b1 d0 92 00 00
2003-01-21 17:06:35 192.168.0.1 192.168.0.12 ICMP 3 4 - ALLOWED 192.168.0.12 45 00 00 38 78 5c 00 00 80 01 41 0b c0 a8 00 01 c0 a8 00 0c 03 04 0e f7 00 00 05 b4 45 00 05 dc 1a 6d 40 00 7f 06 c4 4c
2003-01-21 17:06:36 66.82.20.92 192.168.0.12 Tcp 25 3874 ACK ALLOWED 192.168.0.12 45 00 00 34 43 04 40 00 3b 06 e5 5d 42 52 14 5c c0 a8 00 0c 00 19 0f 22 97 9e 63 15 2a 62 ae b3 80 10 63 d8 5c e7 00 00
2003-01-21 17:06:36 192.168.0.12 66.82.20.92 Tcp 3874 25 PSH ACK ALLOWED 192.168.0.12 45 00 00 2d 1a 6f 40 00 80 06 c8 f9 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 b5 6a 97 9e 63 15 50 18 f9 b1 6f e0 00 00
2003-01-21 17:06:37 66.82.20.92 192.168.0.12 Tcp 25 3874 ACK ALLOWED 192.168.0.12 45 00 00 34 43 05 40 00 3b 06 e5 5c 42 52 14 5c c0 a8 00 0c 00 19 0f 22 97 9e 63 15 2a 62 ae b3 80 10 63 d8 5c e2 00 00
2003-01-21 17:06:37 192.168.0.12 66.82.20.92 Tcp 3874 25 ACK ALLOWED 192.168.0.12 45 00 05 dc 1a 71 40 00 80 06 c3 48 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae b3 97 9e 63 15 50 10 f9 b1 c2 e0 00 00
2003-01-21 17:06:37 192.168.0.1 192.168.0.12 ICMP 3 4 - ALLOWED 192.168.0.12 45 00 00 38 78 5d 00 00 80 01 41 0a c0 a8 00 01 c0 a8 00 0c 03 04 0e f7 00 00 05 b4 45 00 05 dc 1a 71 40 00 7f 06 c4 48
2003-01-21 17:06:40 192.168.0.12 66.82.20.92 Tcp 3874 25 ACK ALLOWED 192.168.0.12 45 00 05 dc 1a 74 40 00 80 06 c3 45 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae b3 97 9e 63 15 50 10 f9 b1 c2 e0 00 00
2003-01-21 17:06:40 192.168.0.1 192.168.0.12 ICMP 3 4 - ALLOWED 192.168.0.12 45 00 00 38 78 5e 00 00 80 01 41 09 c0 a8 00 01 c0 a8 00 0c 03 04 0e f7 00 00 05 b4 45 00 05 dc 1a 74 40 00 7f 06 c4 45
2003-01-21 17:06:45 192.168.0.12 66.82.20.92 Tcp 3874 25 ACK ALLOWED 192.168.0.12 45 00 05 dc 1a 7a 40 00 80 06 c3 3f c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae b3 97 9e 63 15 50 10 f9 b1 c2 e0 00 00
2003-01-21 17:06:45 192.168.0.1 192.168.0.12 ICMP 3 4 - ALLOWED 192.168.0.12 45 00 00 38 78 63 00 00 80 01 41 04 c0 a8 00 01 c0 a8 00 0c 03 04 0e f7 00 00 05 b4 45 00 05 dc 1a 7a 40 00 7f 06 c4 3f
2003-01-21 17:06:58 192.168.0.12 66.82.20.92 Tcp 3874 25 ACK ALLOWED 192.168.0.12 45 00 05 dc 1a 84 40 00 80 06 c3 35 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae b3 97 9e 63 15 50 10 f9 b1 c2 e0 00 00
2003-01-21 17:06:58 192.168.0.1 192.168.0.12 ICMP 3 4 - ALLOWED 192.168.0.12 45 00 00 38 78 68 00 00 80 01 40 ff c0 a8 00 01 c0 a8 00 0c 03 04 0e f7 00 00 05 b4 45 00 05 dc 1a 84 40 00 7f 06 c4 35
2003-01-21 17:07:09 192.168.0.12 198.96.220.2 Tcp 3876 110 SYN ALLOWED 192.168.0.12 45 00 00 30 1a 8e 40 00 80 06 7d 22 c0 a8 00 0c c6 60 dc 02 0f 24 00 6e 2a fd a5 f9 00 00 00 00 70 02 fa f0 44 8e 00 00
2003-01-21 17:07:10 198.96.220.2 192.168.0.12 Tcp 110 3876 SYN ACK ALLOWED 192.168.0.12 45 00 00 30 00 00 40 00 31 06 e6 b0 c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b 87 2a fd a5 fa 70 12 16 d0 73 c0 00 00
2003-01-21 17:07:10 192.168.0.12 198.96.220.2 Tcp 3876 110 ACK ALLOWED 192.168.0.12 45 00 00 28 1a 91 40 00 80 06 7d 27 c0 a8 00 0c c6 60 dc 02 0f 24 00 6e 2a fd a5 fa 99 56 1b 88 50 10 fa f0 bc 63 00 00
2003-01-21 17:07:11 198.96.220.2 192.168.0.12 Tcp 110 3876 PSH ACK ALLOWED 192.168.0.12 45 00 00 3a 01 47 40 00 31 06 e5 5f c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b 88 2a fd a5 fa 50 18 16 d0 b9 f5 00 00
2003-01-21 17:07:11 192.168.0.12 198.96.220.2 Tcp 3876 110 PSH ACK ALLOWED 192.168.0.12 45 00 00 40 1a 93 40 00 80 06 7d 0d c0 a8 00 0c c6 60 dc 02 0f 24 00 6e 2a fd a5 fa 99 56 1b 9a 50 18 fa de 20 c0 00 00
2003-01-21 17:07:12 198.96.220.2 192.168.0.12 Tcp 110 3876 ACK ALLOWED 192.168.0.12 45 00 00 28 01 48 40 00 31 06 e5 70 c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b 9a 2a fd a6 12 50 10 16 d0 a0 5a 00 00
2003-01-21 17:07:12 198.96.220.2 192.168.0.12 Tcp 110 3876 PSH ACK ALLOWED 192.168.0.12 45 00 00 40 01 49 40 00 31 06 e5 57 c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b 9a 2a fd a6 12 50 18 16 d0 9d 37 00 00
2003-01-21 17:07:12 192.168.0.12 198.96.220.2 Tcp 3876 110 PSH ACK ALLOWED 192.168.0.12 45 00 00 36 1a 95 40 00 80 06 7d 15 c0 a8 00 0c c6 60 dc 02 0f 24 00 6e 2a fd a6 12 99 56 1b b2 50 18 fa c6 c0 d6 00 00
2003-01-21 17:07:12 198.96.220.2 192.168.0.12 Tcp 110 3876 PSH ACK ALLOWED 192.168.0.12 45 00 00 38 01 4a 40 00 31 06 e5 5e c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b b2 2a fd a6 20 50 18 16 d0 54 d0 00 00
2003-01-21 17:07:12 192.168.0.12 198.96.220.2 Tcp 3876 110 PSH ACK ALLOWED 192.168.0.12 45 00 00 2e 1a 96 40 00 80 06 7d 1c c0 a8 00 0c c6 60 dc 02 0f 24 00 6e 2a fd a6 20 99 56 1b c2 50 18 fa b6 1a 7d 00 00
2003-01-21 17:07:13 198.96.220.2 192.168.0.12 Tcp 110 3876 PSH ACK ALLOWED 192.168.0.12 45 00 00 31 01 4b 40 00 31 06 e5 64 c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b c2 2a fd a6 26 50 18 16 d0 bf 70 00 00
2003-01-21 17:07:13 192.168.0.12 198.96.220.2 Tcp 3876 110 PSH ACK ALLOWED 192.168.0.12 45 00 00 2e 1a 97 40 00 80 06 7d 1b c0 a8 00 0c c6 60 dc 02 0f 24 00 6e 2a fd a6 26 99 56 1b cb 50 18 fa ad 14 76 00 00
2003-01-21 17:07:14 198.96.220.2 192.168.0.12 Tcp 110 3876 PSH ACK ALLOWED 192.168.0.12 45 00 00 36 01 4c 40 00 31 06 e5 5e c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b cb 2a fd a6 2c 50 18 16 d0 ad 31 00 00
2003-01-21 17:07:14 198.96.220.2 192.168.0.12 Tcp 110 3876 FIN ACK ALLOWED 192.168.0.12 45 00 00 28 01 4d 40 00 31 06 e5 6b c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b d9 2a fd a6 2c 50 11 16 d0 a0 00 00 00
2003-01-21 17:07:14 192.168.0.12 198.96.220.2 Tcp 3876 110 ACK ALLOWED 192.168.0.12 45 00 00 28 1a 98 40 00 80 06 7d 20 c0 a8 00 0c c6 60 dc 02 0f 24 00 6e 2a fd a6 2c 99 56 1b da 50 10 fa 9f bc 30 00 00
2003-01-21 17:07:14 192.168.0.12 198.96.220.2 Tcp 3876 110 FIN ACK ALLOWED 192.168.0.12 45 00 00 28 1a 99 40 00 80 06 7d 1f c0 a8 00 0c c6 60 dc 02 0f 24 00 6e 2a fd a6 2c 99 56 1b da 50 11 fa 9f bc 2f 00 00
2003-01-21 17:07:14 192.168.0.12 66.82.20.91 Tcp 3878 110 SYN ALLOWED 192.168.0.12 45 00 00 30 1a 9b 40 00 80 06 c8 cb c0 a8 00 0c 42 52 14 5b 0f 26 00 6e 2b 11 a5 20 00 00 00 00 70 02 fa f0 91 07 00 00
2003-01-21 17:07:14 198.96.220.2 192.168.0.12 Tcp 110 3876 FIN ACK ALLOWED 192.168.0.12 45 00 00 28 01 4e 40 00 31 06 e5 6a c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b d9 2a fd a6 2c 50 11 16 d0 a0 00 00 00
2003-01-21 17:07:14 192.168.0.12 198.96.220.2 Tcp 3876 110 ACK ALLOWED 192.168.0.12 45 00 00 28 1a 9c 40 00 80 06 7d 1c c0 a8 00 0c c6 60 dc 02 0f 24 00 6e 2a fd a6 2d 99 56 1b da 50 10 fa 9f bc 2f 00 00
2003-01-21 17:07:15 198.96.220.2 192.168.0.12 Tcp 110 3876 ACK ALLOWED 192.168.0.12 45 00 00 28 00 00 40 00 f0 06 27 b8 c6 60 dc 02 c0 a8 00 0c 00 6e 0f 24 99 56 1b da 2a fd a6 2d 50 10 16 d0 9f ff 00 00
2003-01-21 17:07:15 66.82.20.91 192.168.0.12 Tcp 110 3878 SYN ACK ALLOWED 192.168.0.12 45 00 00 30 84 60 40 00 3b 06 a4 06 42 52 14 5b c0 a8 00 0c 00 6e 0f 26 41 13 fb 7d 2b 11 a5 21 70 12 63 d8 eb 7d 00 00
2003-01-21 17:07:15 192.168.0.12 66.82.20.91 Tcp 3878 110 ACK ALLOWED 192.168.0.12 45 00 00 28 1a 9d 40 00 80 06 c8 d1 c0 a8 00 0c 42 52 14 5b 0f 26 00 6e 2b 11 a5 21 41 13 fb 7e 50 10 fa f0 81 29 00 00
2003-01-21 17:07:16 66.82.20.91 192.168.0.12 Tcp 110 3878 PSH ACK ALLOWED 192.168.0.12 45 00 00 4a 84 61 40 00 3b 06 a3 eb 42 52 14 5b c0 a8 00 0c 00 6e 0f 26 41 13 fb 7e 2b 11 a5 21 50 18 63 d8 3b 0d 00 00
2003-01-21 17:07:16 192.168.0.12 66.82.20.91 Tcp 3878 110 PSH ACK ALLOWED 192.168.0.12 45 00 00 3f 1a 9f 40 00 80 06 c8 b8 c0 a8 00 0c 42 52 14 5b 0f 26 00 6e 2b 11 a5 21 41 13 fb a0 50 18 fa ce 71 e8 00 00
2003-01-21 17:07:16 66.82.20.91 192.168.0.12 Tcp 110 3878 ACK ALLOWED 192.168.0.12 45 00 00 28 84 62 40 00 3b 06 a4 0c 42 52 14 5b c0 a8 00 0c 00 6e 0f 26 41 13 fb a0 2b 11 a5 38 50 10 63 d8 18 09 00 00
2003-01-21 17:07:16 66.82.20.91 192.168.0.12 Tcp 110 3878 PSH ACK ALLOWED 192.168.0.12 45 00 00 46 84 63 40 00 3b 06 a3 ed 42 52 14 5b c0 a8 00 0c 00 6e 0f 26 41 13 fb a0 2b 11 a5 38 50 18 63 d8 52 09 00 00
2003-01-21 17:07:16 192.168.0.12 66.82.20.91 Tcp 3878 110 PSH ACK ALLOWED 192.168.0.12 45 00 00 36 1a a0 40 00 80 06 c8 c0 c0 a8 00 0c 42 52 14 5b 0f 26 00 6e 2b 11 a5 38 41 13 fb be 50 18 fa b0 e4 1d 00 00
2003-01-21 17:07:17 66.82.20.91 192.168.0.12 Tcp 110 3878 PSH ACK ALLOWED 192.168.0.12 45 00 00 4e 84 64 40 00 3b 06 a3 e4 42 52 14 5b c0 a8 00 0c 00 6e 0f 26 41 13 fb be 2b 11 a5 46 50 18 63 d8 fe 3f 00 00
2003-01-21 17:07:17 192.168.0.12 66.82.20.91 Tcp 3878 110 PSH ACK ALLOWED 192.168.0.12 45 00 00 2e 1a a1 40 00 80 06 c8 c7 c0 a8 00 0c 42 52 14 5b 0f 26 00 6e 2b 11 a5 46 41 13 fb e4 50 18 fa 8a df 43 00 00
2003-01-21 17:07:18 66.82.20.91 192.168.0.12 Tcp 110 3878 PSH ACK ALLOWED 192.168.0.12 45 00 00 31 84 65 40 00 3b 06 a4 00 42 52 14 5b c0 a8 00 0c 00 6e 0f 26 41 13 fb e4 2b 11 a5 4c 50 18 63 d8 37 03 00 00
2003-01-21 17:07:18 192.168.0.12 66.82.20.91 Tcp 3878 110 PSH ACK ALLOWED 192.168.0.12 45 00 00 2e 1a a2 40 00 80 06 c8 c6 c0 a8 00 0c 42 52 14 5b 0f 26 00 6e 2b 11 a5 4c 41 13 fb ed 50 18 fa 81 d9 3c 00 00
2003-01-21 17:07:19 66.82.20.91 192.168.0.12 Tcp 110 3878 PSH ACK ALLOWED 192.168.0.12 45 00 00 61 84 66 40 00 3b 06 a3 cf 42 52 14 5b c0 a8 00 0c 00 6e 0f 26 41 13 fb ed 2b 11 a5 52 50 18 63 d8 73 0c 00 00
2003-01-21 17:07:19 192.168.0.12 66.82.20.91 Tcp 3878 110 FIN ACK ALLOWED 192.168.0.12 45 00 00 28 1a a3 40 00 80 06 c8 cb c0 a8 00 0c 42 52 14 5b 0f 26 00 6e 2b 11 a5 52 41 13 fc 26 50 11 fa 48 80 f7 00 00
2003-01-21 17:07:19 66.82.20.91 192.168.0.12 Tcp 110 3878 FIN ACK ALLOWED 192.168.0.12 45 00 00 28 84 67 40 00 3b 06 a4 07 42 52 14 5b c0 a8 00 0c 00 6e 0f 26 41 13 fc 26 2b 11 a5 52 50 11 63 d8 17 68 00 00
2003-01-21 17:07:19 192.168.0.12 66.82.20.91 Tcp 3878 110 ACK ALLOWED 192.168.0.12 45 00 00 28 1a a4 40 00 80 06 c8 ca c0 a8 00 0c 42 52 14 5b 0f 26 00 6e 2b 11 a5 53 41 13 fc 27 50 10 fa 48 80 f6 00 00
2003-01-21 17:07:19 66.82.20.91 192.168.0.12 Tcp 110 3878 ACK ALLOWED 192.168.0.12 45 00 00 28 84 68 40 00 3b 06 a4 06 42 52 14 5b c0 a8 00 0c 00 6e 0f 26 41 13 fc 27 2b 11 a5 53 50 10 63 d8 17 67 00 00
2003-01-21 17:07:19 192.168.0.12 66.82.20.91 Tcp 3878 110 RST ALLOWED 192.168.0.12 45 00 00 28 52 a8 00 00 80 06 00 00 c0 a8 00 0c 42 52 14 5b 0f 26 00 6e 2b 11 a5 53 2b 11 a5 53 50 04 00 00 e8 21 00 00
2003-01-21 17:07:24 192.168.0.12 66.82.20.92 Tcp 3874 25 ACK ALLOWED 192.168.0.12 45 00 05 dc 1a b1 40 00 80 06 c3 08 c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae b3 97 9e 63 15 50 10 f9 b1 c2 e0 00 00
2003-01-21 17:07:24 192.168.0.1 192.168.0.12 ICMP 3 4 - ALLOWED 192.168.0.12 45 00 00 38 78 71 00 00 80 01 40 f6 c0 a8 00 01 c0 a8 00 0c 03 04 0e f7 00 00 05 b4 45 00 05 dc 1a b1 40 00 7f 06 c4 08
2003-01-21 17:07:52 66.82.20.92 192.168.0.12 Tcp 25 3870 PSH ACK ALLOWED 192.168.0.12 45 00 00 68 43 06 40 00 3b 06 e5 27 42 52 14 5c c0 a8 00 0c 00 19 0f 1e 86 98 0a dd 27 19 af ec 50 18 63 d8 d6 7f 00 00
2003-01-21 17:07:52 66.82.20.92 192.168.0.12 Tcp 25 3870 RST ALLOWED 192.168.0.12 45 00 00 28 43 07 40 00 3b 06 e5 66 42 52 14 5c c0 a8 00 0c 00 19 0f 1e 86 98 0b 1d 00 00 00 00 50 04 63 d8 93 b9 00 00
2003-01-21 17:07:52 66.82.20.92 192.168.0.12 Tcp 25 3870 RST ALLOWED 192.168.0.12 45 00 00 28 43 08 40 00 3b 06 e5 65 42 52 14 5c c0 a8 00 0c 00 19 0f 1e 86 98 0b 1d 00 00 00 00 50 04 00 00 f7 91 00 00
2003-01-21 17:07:52 192.168.0.12 66.82.20.92 Tcp 3870 25 RST ALLOWED 192.168.0.12 45 00 00 28 1b 26 00 00 80 06 08 48 c0 a8 00 0c 42 52 14 5c 0f 1e 00 19 27 19 af ec 27 19 af ec 50 04 00 00 db 3b 00 00
2003-01-21 17:08:15 192.168.0.12 66.82.20.92 Tcp 3874 25 ACK ALLOWED 192.168.0.12 45 00 05 dc 1b 9a 40 00 80 06 c2 1f c0 a8 00 0c 42 52 14 5c 0f 22 00 19 2a 62 ae b3 97 9e 63 15 50 10 f9 b1 c2 e0 00 00
2003-01-21 17:08:15 192.168.0.1 192.168.0.12 ICMP 3 4 - ALLOWED 192.168.0.12 45 00 00 38 78 7a 00 00 80 01 40 ed c0 a8 00 01 c0 a8 00 0c 03 04 0e f7 00 00 05 b4 45 00 05 dc 1b 9a 40 00 7f 06 c3 1f

(in reply to Jared)
Post #: 12
RE: Yet another SMTP post - 21.Jan.2003 6:58:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Radar,

Very odd logs. The only thing that I can think of would be that you're using DSL.

HTH,
Tom

(in reply to Jared)
Post #: 13
RE: Yet another SMTP post - 21.Jan.2003 7:30:00 PM   
Jared

 

Posts: 16
Joined: 10.Jan.2003
From: Edmonton, Alberta, Canada
Status: offline
Actually I am using 2 way satellite from Lincsat... the actual connection is on a XP pro machine running ICS.... could ICS be causing the issue??? up until i tried the FWC, I had no problems at all with SMTP.... SecureNat still works fine....

The XP pro machine is on a completely different IP segment....

XP ICS: 192.168.0.1
Outside ISA nic: 192.168.0.12
Inside ISA nic: 192.168.1.1

LAT is configured with 192.168.1.1 - 192.168.1.255 being the only entry.

The way I reasoned it, the XP pro ICS box would act similar to putting a router in front of ISA.

Everything else works just tickity-boo with the FWC..... [Wink]

What do you think?

Radar14

(in reply to Jared)
Post #: 14
RE: Yet another SMTP post - 22.Jan.2003 9:15:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Radar,

Its an interesting problem. What I would do is put a packet sniffer on whatever it is you use for your external interface on the XP computer, and also on the ISA Server external interface. I would be interested to see if the outbound requests and inbound responses and where they're being stopped. It might just be a timeout issue.

HTH,
Tom

(in reply to Jared)
Post #: 15
RE: Yet another SMTP post - 24.Jan.2003 11:59:00 PM   
Jared

 

Posts: 16
Joined: 10.Jan.2003
From: Edmonton, Alberta, Canada
Status: offline
Well after 3 weeks of troubleshooting the problem has been solved!

Thankyou Tom for the last post..... truly the inspiration that led to the answer....

Okay, I thought that I would introduce a packet sniffer into the equation; so I settled on NetworkActiv Sniffer 1.4 to start with. As well, I was able to get the satellite software to install and connect properly from the ISA server, which in turn took one machine out of the situation. (read posting above if confused)

After confirming connectivity, I tried once again to send email with the FWC enabled.... and once again it did not work, with the same errors...

I then started looking at each packet from the process..... it connected fine, it even sent the data portion of the email message, but then I saw it..... a packet from AVG anti-virus, followed by 2 packets that were blank. The disconnect should have happened where these packets were. I disabled AVG on my client computer and the ISA server, and tried to send the email again.... It worked flawlessly!

Now I understand what happened... but not WHY?

Could it be a byproduct of AVG's Outlook Express plugin? It has worked really well for me and I like it because it integrates completely with Outlook Express - meaning that it scans not only Pop3 email but HTTP as well...... [Smile]

So I guess my question here is..... any recomendations for anti virus, that will not cause issues with my ISA server and clients using the FWC...... SecureNAT clients still haven't had any issues at all!

Thank you for all the help!

Jared (formerly Radar14)

[ January 25, 2003, 12:41 AM: Message edited by: Jared ]

(in reply to Jared)
Post #: 16
RE: Yet another SMTP post - 27.Jan.2003 3:48:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jared,

Wow! That is very interesting. I can't think of waht AVG is doing. Are you seeing AVG riding on top of the same TCP 110 connection?

I know that I don't have this problem with NAV, so you might want to check that out.

HTH,
Tom

(in reply to Jared)
Post #: 17
RE: Yet another SMTP post - 12.Feb.2003 8:39:00 AM   
alanschmarr

 

Posts: 4
Joined: 5.Feb.2003
From: Johannesburg
Status: offline
Hi all,

I had more less the same problem with my ISA server at home. The only that i do is i'm using an dail up.

The problem was that i could get pop mail to work but couldn't send mail by smtp.

If i go to cmd and telnet to the smtp server it works.

So what i did to fix this problem was by deleting my windows profile and recreating it only with outlook and it worked.

Maybe this will help for your problem.

[Smile]

(in reply to Jared)
Post #: 18

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Yet another SMTP post Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts