Search Results

Search found 1705 results on 69 pages for 'syn packet'.

Page 24/69 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

• How can I limit the number of open AF_INET sockets?

  - by Stefano Palazzo

  Is there a way to limit the number of concurretly open AF_INET sockets (only)? If so, how do I do it, and how will the networking behave if I'm above the limit? For background: My cheap commodity router is a bit eager to detect 'syn flooding'. When it does, it crashes (and doesn't automatically restart itself). I'm thinking limiting concurrent connections to around 1000 should keep it from bickering.

  Read the article

• Wireless is detected, but not connecting. Ethernet works. How to correct the wireless address?

  - by Lucas

  I am running Ubuntu 14.04 with cable internet, and my wireless is detected and connected, but I cannot connect to the internet. I know the problem is with my machine because other machines are connecting to the same router just fine. I can connect via ethernet just fine as well. Here are some notable tests: ping 192.168.0.105 works with 0% packet loss, but ping 192.168.0.1 has 100% packet loss. When I plug in my ethernet, ping 192.168.0.1 works with 0% packet loss. My wireless name is tg, and the router ip is 192.168.0.1 (where I can enter username and password). I suspect that I need to change my wireless address from 192.168.0.105 to 192.168.0.1. Any suggestions on how to proceed? extra info: [lucas@lucas-ThinkPad-W520]/home/lucas$ iwconfig eth0 no wireless extensions. lo no wireless extensions. wlan0 IEEE 802.11abgn ESSID:"tg" Mode:Managed Frequency:2.462 GHz Access Point: 00:02:6F:83:F8:F4 Bit Rate=1 Mb/s Tx-Power=15 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality=62/70 Signal level=-48 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:52 Invalid misc:166 Missed beacon:0 [lucas@lucas-ThinkPad-W520]/home/lucas$ ifconfig eth0 Link encap:Ethernet HWaddr f0:de:f1:b2:53:53 inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::f2de:f1ff:feb2:5353/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:980003 errors:0 dropped:0 overruns:0 frame:0 TX packets:498384 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1320506168 (1.3 GB) TX bytes:59780591 (59.7 MB) Interrupt:20 Memory:f3a00000-f3a20000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:21927 errors:0 dropped:0 overruns:0 frame:0 TX packets:21927 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1781719 (1.7 MB) TX bytes:1781719 (1.7 MB) wlan0 Link encap:Ethernet HWaddr 24:77:03:29:8f:dc inet addr:192.168.0.105 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::2677:3ff:fe29:8fdc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11828 errors:0 dropped:0 overruns:0 frame:0 TX packets:15444 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4855662 (4.8 MB) TX bytes:2250585 (2.2 MB) [lucas@lucas-ThinkPad-W520]/home/lucas$ lspci -nn | grep 0280 03:00.0 Network controller [0280]: Intel Corporation Centrino Ultimate-N 6300 [8086:4238] (rev 3e) [lucas@lucas-ThinkPad-W520]/home/lucas$ rfkill list 0: hci0: Bluetooth Soft blocked: no Hard blocked: no 1: tpacpi_bluetooth_sw: Bluetooth Soft blocked: no Hard blocked: no 2: phy0: Wireless LAN Soft blocked: no Hard blocked: no with ethernet unplugged: [lucas@lucas-ThinkPad-W520]/home/lucas$ route -n | grep UG 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0 with ethernet plugged in: [lucas@lucas-ThinkPad-W520]/home/lucas$ route -n | grep UG 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 [lucas@lucas-ThinkPad-W520]/home/lucas$ nm-tool NetworkManager Tool State: connected (global) - Device: wlan0 [tg] ---------------------------------------------------------- Type: 802.11 WiFi Driver: iwlwifi State: connected Default: no HW Address: 24:77:03:29:8F:DC Capabilities: Speed: 52 Mb/s Wireless Properties WEP Encryption: yes WPA Encryption: yes WPA2 Encryption: yes Wireless Access Points (* = current AP) tatum: Infra, 40:8B:07:D8:A5:04, Freq 2437 MHz, Rate 54 Mb/s, Strength 42 W PA WPA2 ums: Infra, 00:20:A6:72:52:BF, Freq 2437 MHz, Rate 54 Mb/s, Strength 59 Alpha 40: Infra, 28:CF:E9:86:59:5D, Freq 5260 MHz, Rate 54 Mb/s, Strength 30 W PA WPA2 thepromiselan: Infra, 58:6D:8F:51:E5:54, Freq 2452 MHz, Rate 54 Mb/s, Strength 34 $ PA WPA2 xfinitywifi: Infra, 06:1D:D5:84:27:A0, Freq 2437 MHz, Rate 54 Mb/s, Strength 52 *tg: Infra, 00:02:6F:83:F8:F4, Freq 2462 MHz, Rate 54 Mb/s, Strength 73 W PA2 ums: Infra, 00:20:A6:A1:9F:25, Freq 2452 MHz, Rate 54 Mb/s, Strength 44 BRIAN-PC_Network:Infra, 20:AA:4B:DD:93:D6, Freq 2462 MHz, Rate 54 Mb/s, Strength 35 W PA2 HOME-C0F8: Infra, 44:32:C8:D2:C0:F8, Freq 2412 MHz, Rate 54 Mb/s, Strength 40 W PA WPA2 abcsexy: Infra, 28:28:5D:27:5D:85, Freq 2412 MHz, Rate 54 Mb/s, Strength 27 W PA WPA2 IPv4 Settings: Address: 192.168.0.105 Prefix: 24 (255.255.255.0) Gateway: 192.168.0.1 DNS: 192.168.0.1 - Device: eth0 [Wired connection 1] ------------------------------------------- Type: Wired Driver: e1000e State: connected Default: yes HW Address: F0:DE:F1:B2:53:53 Capabilities: Carrier Detect: yes Speed: 100 Mb/s Wired Properties Carrier: on IPv4 Settings: Address: 192.168.0.100 Prefix: 24 (255.255.255.0) Gateway: 192.168.0.1 DNS: 192.168.0.1

  Read the article

• Can't connect to VPN on Ubuntu 12.04

  - by 12rad

  I'm having a lot of trouble connecting to VPN. This used to work on my machine, but i recently did an update and it's stopped working. I'm not sure what the problem is. My question is how do i debug this? I'm not able to narrow it down to a specific problem. This is what i get when i tail the syslogs. Would appreciate any help! Nov 6 23:42:52 meera NetworkManager[1137]: <info> Starting VPN service 'pptp'... Nov 6 23:42:52 meera NetworkManager[1137]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 6132 Nov 6 23:42:52 meera NetworkManager[1137]: <info> VPN service 'pptp' appeared; activating connections Nov 6 23:42:52 meera NetworkManager[1137]: <info> VPN plugin state changed: starting (3) Nov 6 23:42:52 meera NetworkManager[1137]: <info> VPN connection 'NAME VPN' (Connect) reply received. Nov 6 23:42:52 meera pppd[6136]: Plugin /usr/lib/pppd/2.4.5/nm-pptp-pppd-plugin.so loaded. Nov 6 23:42:52 meera pppd[6136]: pppd 2.4.5 started by root, uid 0 Nov 6 23:42:52 meera chat[6139]: timeout set to 15 seconds Nov 6 23:42:52 meera chat[6139]: abort on (NO CARRIER) Nov 6 23:42:52 meera chat[6139]: abort on (NO DIALTONE) Nov 6 23:42:52 meera chat[6139]: abort on (ERROR) Nov 6 23:42:52 meera chat[6139]: abort on (NO ANSWER) Nov 6 23:42:52 meera chat[6139]: abort on (BUSY) Nov 6 23:42:52 meera chat[6139]: abort on (Username/Password Incorrect) Nov 6 23:42:52 meera chat[6139]: send (AT^M) Nov 6 23:42:52 meera pptp[6138]: nm-pptp-service-6132 log[main:pptp.c:314]: The synchronous pptp option is NOT activated Nov 6 23:42:52 meera chat[6139]: expect (OK) Nov 6 23:42:52 meera pptp[6143]: nm-pptp-service-6132 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request' Nov 6 23:42:53 meera pptp[6143]: nm-pptp-service-6132 log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply Nov 6 23:42:53 meera pptp[6143]: nm-pptp-service-6132 log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established. Nov 6 23:42:53 meera pptp[6143]: nm-pptp-service-6132 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request' Nov 6 23:42:54 meera pptp[6143]: nm-pptp-service-6132 log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply. Nov 6 23:42:54 meera pptp[6143]: nm-pptp-service-6132 log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 13077). Nov 6 23:42:54 meera pptp[6138]: nm-pptp-service-6132 warn[decaps_hdlc:pptp_gre.c:231]: The ppp mode is synchronous, yet no pptp --sync option is specified! Nov 6 23:43:07 meera chat[6139]: alarm Nov 6 23:43:07 meera chat[6139]: Failed Nov 6 23:43:07 meera pppd[6136]: Script chat -v -f /etc/ppp/chat-ztisp finished (pid 6139), status = 0x3 Nov 6 23:43:07 meera pppd[6136]: Connect script failed Nov 6 23:43:07 meera pppd[6136]: Waiting for 1 child processes... Nov 6 23:43:07 meera pppd[6136]: script /usr/sbin/pptp 204.197.218.90 --nolaunchpppd --loglevel 0 --logstring nm-pptp-service-6132, pid 6138 Nov 6 23:43:07 meera pptp[6138]: nm-pptp-service-6132 warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error Nov 6 23:43:07 meera pptp[6138]: nm-pptp-service-6132 warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log Nov 6 23:43:07 meera pptp[6143]: nm-pptp-service-6132 log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled) Nov 6 23:43:07 meera pppd[6136]: Script /usr/sbin/pptp 204.197.218.90 --nolaunchpppd --loglevel 0 --logstring nm-pptp-service-6132 finished (pid 6138), status = 0x0 Nov 6 23:43:07 meera pptp[6143]: nm-pptp-service-6132 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request' Nov 6 23:43:07 meera pptp[6143]: nm-pptp-service-6132 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state) Nov 6 23:43:07 meera pppd[6136]: Exit. Nov 6 23:43:07 meera NetworkManager[1137]: <warn> VPN plugin failed: 1 Nov 6 23:43:07 meera NetworkManager[1137]: <info> VPN plugin state changed: stopped (6) Nov 6 23:43:07 meera NetworkManager[1137]: <info> VPN plugin state change reason: 0 Nov 6 23:43:07 meera NetworkManager[1137]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.

  Read the article

• xt_TCPMSS: bad length messages

  - by Matic

  I'm getting loads of messages like: Jun 23 10:24:20 awakening kernel: [ 1691.596823] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:21 awakening kernel: [ 1692.663362] xt_TCPMSS: bad length (1448 bytes) Jun 23 10:24:21 awakening kernel: [ 1692.663495] xt_TCPMSS: bad length (1448 bytes) Jun 23 10:24:21 awakening kernel: [ 1692.663588] xt_TCPMSS: bad length (1448 bytes) Jun 23 10:24:21 awakening kernel: [ 1692.663671] xt_TCPMSS: bad length (1440 bytes) Jun 23 10:24:26 awakening kernel: [ 1697.062914] xt_TCPMSS: bad length (474 bytes) Jun 23 10:24:26 awakening kernel: [ 1697.305525] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:27 awakening kernel: [ 1698.946633] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:36 awakening kernel: [ 1707.481198] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:37 awakening kernel: [ 1708.723526] xt_TCPMSS: bad length (805 bytes) Jun 23 10:24:38 awakening kernel: [ 1709.599461] xt_TCPMSS: bad length (805 bytes) Jun 23 10:24:41 awakening kernel: [ 1712.211052] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:41 awakening kernel: [ 1712.260588] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:41 awakening kernel: [ 1712.976058] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:43 awakening kernel: [ 1714.225209] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:43 awakening kernel: [ 1714.914961] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:55 awakening kernel: [ 1726.192696] xt_TCPMSS: bad length (1480 bytes) Jun 23 10:24:55 awakening kernel: [ 1726.192825] xt_TCPMSS: bad length (1480 bytes) In my dmesg/syslog. This linux machine is among other things used as an internet gateway. Connection is over PPPoE. I have the following line in my iptables script: $IPT -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # PPPoE fix The frequency of this messages increased 10x when I upgraded from Debian lenny with 2.6.27 to squeeze with 2.6.32 few days ago. Why am I seeing this messages and how can I fix them?

  Read the article

• Problems setting NTP sever with w32tm for a DC that is a Hyper-V guest

  - by R.Tonheim

  Hello ! I have tried to sett my DC to get its time from several NTP severs. I follow this answer (http://serverfault.com/questions/24298/w32time-sync-problems-for-hyper-v-guests-w32time-event-ids-38-24-29-35/24299#24299) to do it. First I disable Time Synchronization in the Hyper-V Integration Services for each guest. Then restart the Windows Time serviceon the guest. I had before this used this command: w32tm /config /manualpeerlist:"ntp.uio.no;timekeeper. uio.no;nissen.uio.no;0.no.pool.ntp.org;1.no.pool.ntp.org;2.no.pool.ntp.org" /syn cfromflags:manual /reliable:yes /update And the cmd sad: The command completed successfully. But the time was still 10 min wrong... I run w32tm again after restarted the DC without it having any effect. The w32tm /query /status still say: "Source: Local CMOS Clock" FROM MY CMD: Microsoft Windows [Version 6.0.6002] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Users\Administrator.MHGw32tm /query /status Leap Indicator: 0(no warning) Stratum: 1 (primary reference - syncd by radio clock) Precision: -6 (15.625ms per tick) Root Delay: 0.0000000s Root Dispersion: 10.0000000s ReferenceId: 0x4C4F434C (source name: "LOCL") Last Successful Sync Time: 05.09.2009 20:06:21 Source: Local CMOS Clock Poll Interval: 6 (64s) C:\Users\Administrator.MHGw32tm /config /manualpeerlist:"ntp.uio.no;timekeeper. uio.no;nissen.uio.no;0.no.pool.ntp.org;1.no.pool.ntp.org;2.no.pool.ntp.org" /syn cfromflags:manual /reliable:yes /update The command completed successfully. C:\Users\Administrator.MHGw32tm /query /status Leap Indicator: 0(no warning) Stratum: 1 (primary reference - syncd by radio clock) Precision: -6 (15.625ms per tick) Root Delay: 0.0000000s Root Dispersion: 10.0000000s ReferenceId: 0x4C4F434C (source name: "LOCL") Last Successful Sync Time: 05.09.2009 20:06:21 Source: Local CMOS Clock Poll Interval: 6 (64s) C:\Users\Administrator.MHG

  Read the article

• Vim: Custom Folding function done, custom highlighting required

  - by sixtyfootersdude

  I have defined a function in vim to properly indent folds. Ie so they look like this: Unfolded this is text also text indented text indented text not indented text folded with default function this is text also text +-- 2 lines: indented text ---------------------------- not indented text folded with my new function this is text also text ++- 2 lines: indented text ---------------------------- not indented text The only problem is the the highlighting is still like this: folded with my new function (highlighting shown with tag) this is text also text <hi> ++- 2 lines: indented text ----------------------------</hi> not indented text I would like the highlighting to start at the ++ and not at the beginning of the line. I have looked in the vim manual but could not find anything like that. One so-so solution I found was to make the background black. highlight Folded ctermbg=black ctermfg=white cterm=bold But this make folds less visible. I have tried several variations of: syn keyword Folded lines syn region Folded ... But I don't think that this is the way that folds are selected. Can anyone offer a suggestion? By the way this is my function to indent the folds: set foldmethod=indent function! MyFoldText() let lines = 1 + v:foldend - v:foldstart let ind = indent(v:foldstart) let spaces = '' let i = 0 while i < ind let i = i+1 let spaces = spaces . ' ' endwhile let linestxt = 'lines' if lines == 1 linestxt = 'line' endif return spaces . '+' . v:folddashes . ' '. lines . ' ' . linestxt . ': ' . getline(v:foldstaendfunction endfunction au BufWinEnter,BufRead,BufNewFile * set foldtext=MyFoldText() By the way thanks to njd for helping me get this function setup.

  Read the article

• different nmap results

  - by aasasas

  Hello I have a scan on my server form outside and from inside, why results are different? [root@xxx ~]# nmap -sV -p 0-65535 localhost Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-16 07:59 MSK Nmap scan report for localhost (127.0.0.1) Host is up (0.000015s latency). rDNS record for 127.0.0.1: localhost.localdomain Not shown: 65534 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 80/tcp open http Apache httpd 2.2.3 ((CentOS)) Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 7.99 seconds AND sh-3.2# nmap -sV -p 0-65535 xxx.com Starting Nmap 5.51 ( http://nmap.org ) at 2011-02-16 00:01 EST Warning: Unable to open interface vmnet1 -- skipping it. Warning: Unable to open interface vmnet8 -- skipping it. Stats: 0:07:49 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 36.92% done; ETC: 00:22 (0:13:21 remaining) Stats: 0:22:05 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 75.00% done; ETC: 00:23 (0:00:02 remaining) Nmap scan report for xxx.com (x.x.x.x) Host is up (0.22s latency). Not shown: 65528 closed ports PORT STATE SERVICE VERSION 21/tcp open tcpwrapped 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 25/tcp open tcpwrapped 80/tcp open http Apache httpd 2.2.3 ((CentOS)) 110/tcp open tcpwrapped 143/tcp open tcpwrapped 443/tcp open tcpwrapped 8080/tcp open http-proxy?

  Read the article

• NetApp NDMP backup with BE 2010 R2 works, restore fails

  - by uuwe

  Hi, I'm having some issues with a new Backup Exec 2010 R2 installation. I configured a NetApp FAS2020 as an NDMP device and want to backup files from the NAS to a tape drive connected to my backup server. I set up ndmpd according to this document (http://www.symantec.com/business/support/index?page=content&id=TECH48957) and created a separate backup user (http://filers.blogspot.com/2006/09/setting-veritas-netbackup-with-non.html). Backup works perfectly, but restoring any file gives me an authentication failed error. The NDMP device has a "global" ndmp user configured in the device tab (tried this with the newly created ndmpd backup user and the netapp root) and I can also configure separate resource credentials in the BE restore job. I have tried setting the same accounts for the "global" ndmp device and the restore credentials and have also tried setting different accounts for them. NDMP debug level is at 5 and this is what shows up in /etc/messages. The session is closed immediately after it has been granted. 16:12:07 PST [Java_Thread:info]: ndmpdserver: ndmpd.access allowed for version = 4, sessionId = 51, from src ip = 192.168.11.17, dst ip = FAS2020-1/192.168.11.75, src port = 50857, dst port = 10000 16:12:07 PST [Java_Thread:info]: Ndmpd51: ndmpd session closed successfully for version = 4, sessionId = 51, from src ip = 192.168.11.17, dst ip = FAS2020-1/192.168.11.75, src port = 50857, dst port = 10000 Running wireshark on the backup server doesn't produce much. It shows a SYN - SYN/ACK - NDMP CONNECT_CLOSE Request from the backup server. The Resource Credentials for the restore job behave very oddly. If I enter NDMP credentials and do "Test All" it fails. If I use my regular domain backup account, it is successful. There are no failed or succeeded logons in the NetApp ndmp log and tracing this check shows that it doesn't even connect to the NAS. This makes me think that this is more likely flaky BE behaviour rather than misconfiguration of the NAS. Here is the options ndmp output: FAS2020-1 options ndmp ndmpd.access all ndmpd.authtype challenge ndmpd.connectlog.enabled on ndmpd.enable on ndmpd.ignore_ctime.enabled off ndmpd.offset_map.enable on ndmpd.password_length 16 ndmpd.preferred_interface disable ndmpd.tcpnodelay.enable off

  Read the article

• FreeBSD slow transfers - RFC 1323 scaling issue?

  - by Trey

  I think I may be having an issue with window scaling (RFC 1323) and am hoping that someone can enlighten me on what's going on. Server: FreeBSD 9, apache22, serving a static 100MB zip file. 192.168.18.30 Client: Mac OS X 10.6, Firefox 192.168.17.47 Network: Only a switch between them - the subnet is 192.168.16/22 (In this test, I also have dummynet filtering simulating an 80ms ping time on all IP traffic. I've seen nearly identical traces with a "real" setup, with real internet traffic/latency also) Questions: Does this look normal? Is packet #2 specifying a window size of 65535 and a scale of 512? Is packet #5 then shrinking the window size so it can use the 512 scale and still keep the overall calculated window size near 64K? Why is the window scale so high? Here are the first 6 packets from wireshark. For packets 5 and 6 I've included the details showing the window size and scaling factor being used for the data transfer. Code: No. Time Source Destination Protocol Length Info 108 6.699922 192.168.17.47 192.168.18.30 TCP 78 49190 http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=8 TSval=945617489 TSecr=0 SACK_PERM=1 115 6.781971 192.168.18.30 192.168.17.47 TCP 74 http 49190 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=512 SACK_PERM=1 TSval=2617517338 TSecr=945617489 116 6.782218 192.168.17.47 192.168.18.30 TCP 66 49190 http [ACK] Seq=1 Ack=1 Win=524280 Len=0 TSval=945617490 TSecr=2617517338 117 6.782220 192.168.17.47 192.168.18.30 HTTP 490 GET /utils/speedtest/large.file.zip HTTP/1.1 118 6.867070 192.168.18.30 192.168.17.47 TCP 375 [TCP segment of a reassembled PDU] Details: Transmission Control Protocol, Src Port: http (80), Dst Port: 49190 (49190), Seq: 1, Ack: 425, Len: 309 Source port: http (80) Destination port: 49190 (49190) [Stream index: 4] Sequence number: 1 (relative sequence number) [Next sequence number: 310 (relative sequence number)] Acknowledgement number: 425 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) Window size value: 130 [Calculated window size: 66560] [Window size scaling factor: 512] Checksum: 0xd182 [validation disabled] Options: (12 bytes) No-Operation (NOP) No-Operation (NOP) Timestamps: TSval 2617517423, TSecr 945617490 [SEQ/ACK analysis] TCP segment data (309 bytes) Note: originally posted http://forums.freebsd.org/showthread.php?t=32552

  Read the article

• xt_TCPMSS: bad length messages

  - by Matic

  Hey! I'm getting loads of messages like: Jun 23 10:24:20 awakening kernel: [ 1691.596823] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:21 awakening kernel: [ 1692.663362] xt_TCPMSS: bad length (1448 bytes) Jun 23 10:24:21 awakening kernel: [ 1692.663495] xt_TCPMSS: bad length (1448 bytes) Jun 23 10:24:21 awakening kernel: [ 1692.663588] xt_TCPMSS: bad length (1448 bytes) Jun 23 10:24:21 awakening kernel: [ 1692.663671] xt_TCPMSS: bad length (1440 bytes) Jun 23 10:24:26 awakening kernel: [ 1697.062914] xt_TCPMSS: bad length (474 bytes) Jun 23 10:24:26 awakening kernel: [ 1697.305525] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:27 awakening kernel: [ 1698.946633] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:36 awakening kernel: [ 1707.481198] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:37 awakening kernel: [ 1708.723526] xt_TCPMSS: bad length (805 bytes) Jun 23 10:24:38 awakening kernel: [ 1709.599461] xt_TCPMSS: bad length (805 bytes) Jun 23 10:24:41 awakening kernel: [ 1712.211052] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:41 awakening kernel: [ 1712.260588] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:41 awakening kernel: [ 1712.976058] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:43 awakening kernel: [ 1714.225209] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:43 awakening kernel: [ 1714.914961] xt_TCPMSS: bad length (1492 bytes) Jun 23 10:24:55 awakening kernel: [ 1726.192696] xt_TCPMSS: bad length (1480 bytes) Jun 23 10:24:55 awakening kernel: [ 1726.192825] xt_TCPMSS: bad length (1480 bytes) In my dmesg/syslog. This linux machine is among other things used as an internet gateway. Connection is over PPPoE. I have the following line in my iptables script: $IPT -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # PPPoE fix The frequency of this messages increased 10x when I upgraded from Debian lenny with 2.6.27 to squeeze with 2.6.32 few days ago. Why am I seeing this messages and how can I fix them?

  Read the article

• Real benefits of tcp TIME-WAIT and implications in production environment

  - by user64204

  SOME THEORY I've been doing some reading on tcp TIME-WAIT (here and there) and what I read is that it's a value set to 2 x MSL (maximum segment life) which keeps a connection in the "connection table" for a while to guarantee that, "before your allowed to create a connection with the same tuple, all the packets belonging to previous incarnations of that tuple will be dead". Since segments received (apart from SYN under specific circumstances) while a connection is either in TIME-WAIT or no longer existing would be discarded, why not close the connection right away? Q1: Is it because there is less processing involved in dealing with segments from old connections and less processing to create a new connection on the same tuple when in TIME-WAIT (i.e. are there performance benefits)? If the above explanation doesn't stand, the only reason I see the TIME-WAIT being useful would be if a client sends a SYN for a connection before it sends remaining segments for an old connection on the same tuple in which case the receiver would re-open the connection but then get bad segments and and would have to terminate it. Q2: Is this analysis correct? Q3: Are there other benefits to using TIME-WAIT? SOME PRACTICE I've been looking at the munin graphs on a production server that I administrate. Here is one: As you can see there are more connections in TIME-WAIT than ESTABLISHED, around twice as many most of the time, on some occasions four times as many. Q4: Does this have an impact on performance? Q5: If so, is it wise/recommended to reduce the TIME-WAIT value (and what to)? Q6: Is this ratio of TIME-WAIT / ESTABLISHED connections normal? Could this be related to malicious connection attempts?

  Read the article

• iptables firewall rules not allowing ssh from lan to DMZ

  - by ageis23

  Chain INPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpt:www reject-with tcp-reset REJECT tcp -- anywhere anywhere tcp dpt:telnet reject-with tcp-reset ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED DROP udp -- anywhere anywhere udp dpt:route DROP udp -- anywhere anywhere udp dpt:route ACCEPT udp -- anywhere anywhere udp dpt:route logdrop icmp -- anywhere anywhere logdrop igmp -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp dpt:5060 ACCEPT 0 -- anywhere anywhere state NEW logaccept 0 -- anywhere anywhere state NEW ACCEPT 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere logdrop 0 -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT 0 -- 192.168.0.0/24 192.168.2.0/24 reject-with icmp-port-unreachable ACCEPT tcp -- choister 192.168.2.142 tcp dpt:ssh state NEW REJECT 0 -- 192.168.0.0/24 192.168.3.0/24 reject-with icmp-port-unreachable ACCEPT gre -- 192.168.1.0/24 anywhere ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:1723 ACCEPT 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU lan2wan 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED logaccept tcp -- anywhere choister tcp dpt:www TRIGGER 0 -- anywhere anywhere TRIGGER type:in match:0 relate:0 trigger_out 0 -- anywhere anywhere logaccept 0 -- anywhere anywhere state NEW logdrop 0 -- anywhere anywhere The ssh server I'm trying to connect to is in the DMZ(192.168.0.145). It's mainly used as a web server. I need access to it from my room 192.168.2.142. I don't get why ssh can't forward onto the 192.168.2.0 subnet? I'm sure it's the reject rule that causing this because it works without it.

  Read the article

• Is this a good starting point for iptables in Linux?

  - by sbrattla

  Hi, I'm new to iptables, and i've been trying to put together a firewall which purpose is to protect a web server. The below rules are the ones i've put together so far, and i would like to hear if the rules makes sense - and wether i've left out anything essential? In addition to port 80, i also need to have port 3306 (mysql) and 22 (ssh) open for external connections. Any feedback is highly appreciated! #!/bin/sh # Clear all existing rules. iptables -F # ACCEPT connections for loopback network connection, 127.0.0.1. iptables -A INPUT -i lo -j ACCEPT # ALLOW established traffic iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # DROP packets that are NEW but does not have the SYN but set. iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # DROP fragmented packets, as there is no way to tell the source and destination ports of such a packet. iptables -A INPUT -f -j DROP # DROP packets with all tcp flags set (XMAS packets). iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # DROP packets with no tcp flags set (NULL packets). iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # ALLOW ssh traffic (and prevent against DoS attacks) iptables -A INPUT -p tcp --dport ssh -m limit --limit 1/s -j ACCEPT # ALLOW http traffic (and prevent against DoS attacks) iptables -A INPUT -p tcp --dport http -m limit --limit 5/s -j ACCEPT # ALLOW mysql traffic (and prevent against DoS attacks) iptables -A INPUT -p tcp --dport mysql -m limit --limit 25/s -j ACCEPT # DROP any other traffic. iptables -A INPUT -j DROP

  Read the article

• Linux iptables / conntrack performance issue

  - by tim

  I have a test-setup in the lab with 4 machines: 2 old P4 machines (t1, t2) 1 Xeon 5420 DP 2.5 GHz 8 GB RAM (t3) Intel e1000 1 Xeon 5420 DP 2.5 GHz 8 GB RAM (t4) Intel e1000 to test linux firewall performance since we got bitten by a number of syn-flood attacks in the last months. All machines run Ubuntu 12.04 64bit. t1, t2, t3 are interconnected through an 1GB/s switch, t4 is connected to t3 via an extra interface. So t3 simulates the firewall, t4 is the target, t1,t2 play the attackers generating a packetstorm thorugh (192.168.4.199 is t4): hping3 -I eth1 --rand-source --syn --flood 192.168.4.199 -p 80 t4 drops all incoming packets to avoid confusion with gateways, performance issues of t4 etc. I watch the packet stats in iptraf. I have configured the firewall (t3) as follows: stock 3.2.0-31-generic #50-Ubuntu SMP kernel rhash_entries=33554432 as kernel parameter sysctl as follows: net.ipv4.ip_forward = 1 net.ipv4.route.gc_elasticity = 2 net.ipv4.route.gc_timeout = 1 net.ipv4.route.gc_interval = 5 net.ipv4.route.gc_min_interval_ms = 500 net.ipv4.route.gc_thresh = 2000000 net.ipv4.route.max_size = 20000000 (I have tweaked a lot to keep t3 running when t1+t2 are sending as many packets as possible). The result of this efforts are somewhat odd: t1+t2 manage to send each about 200k packets/s. t4 in the best case sees aroung 200k in total so half of the packets are lost. t3 is nearly unusable on console though packets are flowing through it (high numbers of soft-irqs) the route cache garbage collector is no way near to being predictable and in the default setting overwhelmed by very few packets/s (<50k packets/s) activating stateful iptables rules makes the packet rate arriving on t4 drop to around 100k packets/s, efectively losing more than 75% of the packets And this - here is my main concern - with two old P4 machines sending as many packets as they can - which means nearly everyone on the net should be capable of this. So here goes my question: Did I overlook some importand point in the config or in my test setup? Are there any alternatives for building firewall system especially on smp systems?

  Read the article

• Allow outgoing connections for DNS

  - by Jimmy

  I'm new to IPtables, but I am trying to setup a secure server to host a website and allow SSH. This is what I have so far: #!/bin/sh i=/sbin/iptables # Flush all rules $i -F $i -X # Setup default filter policy $i -P INPUT DROP $i -P OUTPUT DROP $i -P FORWARD DROP # Respond to ping requests $i -A INPUT -p icmp --icmp-type any -j ACCEPT # Force SYN checks $i -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Drop all fragments $i -A INPUT -f -j DROP # Drop XMAS packets $i -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # Drop NULL packets $i -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # Stateful inspection $i -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT # Allow established connections $i -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow unlimited traffic on loopback $i -A INPUT -i lo -j ACCEPT $i -A OUTPUT -o lo -j ACCEPT # Open nginx $i -A INPUT -p tcp --dport 443 -j ACCEPT $i -A INPUT -p tcp --dport 80 -j ACCEPT # Open SSH $i -A INPUT -p tcp --dport 22 -j ACCEPT However I've locked down my outgoing connections and it means I can't resolve any DNS. How do I allow that? Also, any other feedback is appreciated. James

  Read the article

• Decoding tcp packets using python

  - by mikip

  Hello I am trying to decode data received over a tcp connection. The packets are small, no more than 100 bytes. However when there is a lot of them I receive some of the the packets joined together. Is there a way to prevent this. I am using python I have tried to separate the packets, my source is below. The packets start with STX byte and end with ETX bytes, the byte following the STX is the packet length, (packet lengths less than 5 are invalid) the checksum is the last bytes before the ETX def decode(data): while True: start = data.find(STX) if start == -1: #no stx in message pkt = '' data = '' break #stx found , next byte is the length pktlen = ord(data[1]) #check message ends in ETX (pktken -1) or checksum invalid if pktlen < 5 or data[pktlen-1] != ETX or checksum_valid(data[start:pktlen]) == False: print "Invalid Pkt" data = data[start+1:] continue else: pkt = data[start:pktlen] data = data[pktlen:] break return data , pkt I use it like this #process reports try: data = sock.recv(256) except: continue else: while data: data, pkt = decode(data) if pkt: process(pkt) Also if there are multiple packets in the data stream, is it best to return the packets as a collection of lists or just return the first packet I am not that familiar with python, only C, is this method OK. Any advice would be most appreciated. Thanks in advance Thanks

  Read the article

• error detection/correction/recovery in serial protocols

  - by Jason S

  I have some designing to do for a serial protocol and am running into some questions that I figure must have been considered elsewhere. So I'm wondering if there are some recommendations for best practices in designing serial protocols. (Please either state a fact that is easily verifiable, or cite a reputable source if you make a claim.) General recommendations for websites/books are also welcome. In particular I have to deal with issues like parsing a stream of bytes into packets verifying a packet is correct (easy with a CRC, for instance) identifying reasonable types of errors that can occur (e.g. in a point-to-point serial stream, sporadic single bit errors, and dropped series of bytes, are both likely, but extra phantom bytes are unlikely; whereas with a record stored in flash memory or on a disk drive the types of errors that predominate are different) error correction or recovery (if I detect an error in a packet, can I correct it? If not, can I resync to the boundary of the next packet?) how to make variable-length packets robust to error correction / recovery. Any suggestions?

  Read the article

• How frequently IP packets are fragmented at the source host?

  - by Methos

  I know that if IP payload MTU then routers usually fragment the IP packet. Finally all the fragmented packets are assembled at the destination using the fields IP-ID, IP fragment offsets and fragmentation flags. Max length of IP payload is 64K. Thus its very plausible for L4 to hand over payload which is 64K. If the L2 protocol is Ethernet, which often is the case, then the MTU will be about 1600 bytes. Hence IP packet will be fragmented at the source host itself. However, a quick search about IP implementation in Linux tells me that in recent kernels, L4 protocols are fragment friendly i.e. they try to save the fragmentation work for IP by handing over buffers of size which is close to MTU. Considering these two facts, I am wondering about how frequently does the IP packet gets fragmented at the source host itself. Does it occur sometimes/rarely/never? Does anyone know if there are exceptions to the rule of fragmentation in linux kernel (i.e. are there situations where L4 protocols are not fragment friendly)? How is this handled in other common OSes like windows? In general how frequently IP packets are fragmented?

  Read the article

• How to synchronize Silverlight clients with WCF?

  - by user564226

  Hi, this is probably only some conceptual problem, but I cannot seem to find the ideal solution. I'd like to create a Silverlight client application that uses WCF to control a third party application via some self written webservice. If there is more than one Silverlight client, all clients should be synchronized, i.e. parameter changes from one client should be propagated to all clients. I set up a very simple Silverlight GUI that manipulates parameters which are passed to the server (class inherits INotifyPropertyChanged): public double Height { get { return frameworkElement.Height; } set { if (frameworkElement.Height != value) { frameworkElement.Height = value; OnPropertyChanged("Height", value); } } } OnPropertyChanged is responsible for transferring data. The WCF service (duplex net.tcp) maintains a list of all clients and as soon as it receives a data packet (XElement with parameter change description) it forwards this very packet to all clients but the one the packet was received from. The client receives the package, but now I'm not sure, what's the best way to set the property internally. If I use "Height" (see above) a new change message would be generated and sent to all other clients a.s.o. Maybe I could use the data field (frameworkElement.Height) itself or a function - but I'm not sure whether there would arise problems with data binding later on. Also I don't want to simply copy parts of the code properties, to prevent bugs with redundant code. So what would you recommend? Thanks!

  Read the article

• Best practices for encrypting continuous/small UDP data

  - by temp

  Hello everyone, I am having an application where I have to send several small data per second through the network using UDP. The application need to send the data in real-time (no waiting). I want to encrypt these data and insure that what I am doing is as secure as possible. Since I am using UDP, there is no way to use SSL/TLS, so I have to encrypt each packet alone since the protocol is connectionless/unreliable/unregulated. Right now, I am using a 128-bit key derived from a passphrase from the user, and AES in CBC mode (PBE using AES-CBC). I decided to use a random salt with the passphrase to derive the 128-bit key (prevent dictionary attack on the passphrase), and of course use IVs (to prevent statistical analysis for packets). However I am concerned about few things: Each packet contains small amount of data (like a couple of integer values per packet) which will make the encrypted packets vulnerable to known-plaintext attacks (which will result in making it easier to crack the key). Also, since the encryption key is derived from a passphrase, this will make the key space way less (I know the salt will help, but I have to send the salt through the network once and anyone can get it). Given these two things, anyone can sniff and store the sent data, and try to crack the key. Although this process might take some time, once the key is cracked all the stored data will be decrypted, which will be a real problem for my application. So my question is, what is the best practices for sending/encrypting continuous small data using a connectionless protocol (UDP)? Is my way the best way to do it? ...flowed? ...Overkill? ... Please note that I am not asking for a 100% secure solution, as there is no such thing. Cheers

  Read the article

• Is this the right way to write a ProtocolDecoder in MINA?

  - by phpscriptcoder

  public class CustomProtocolDecoder extends CumulativeProtocolDecoder{ byte currentCmd = -1; int currentSize = -1; boolean isFirst = false; @Override protected boolean doDecode(IoSession is, ByteBuffer bb, ProtocolDecoderOutput pdo) throws Exception { if(currentCmd == -1) { currentCmd = bb.get(); currentSize = Packet.getSize(currentCmd); isFirst = true; } while(bb.remaining() > 0) { if(!isFirst) { currentCmd = bb.get(); currentSize = Packet.getSize(currentCmd); } else isFirst = false; //System.err.println(currentCmd + " " + bb.remaining() + " " + currentSize); if(bb.remaining() >= currentSize - 1) { Packet p = PacketDecoder.decodePacket(bb, currentCmd); pdo.write(p); } else { bb.flip(); return false; } } if(bb.remaining() == 0) return true; else return false; } } Anyone see anything wrong with this code? When a lot of packets are received at once, even when only one client is connected, one of them might get cut off at the end (12 bytes instead of 15 bytes, for example) which is obviously bad.

  Read the article

• Best practices for encrytping continuous/small UDP data

  - by temp

  Hello everyone, I am having an application where I have to send several small data per second through the network using UDP. The application need to send the data in real-time (on waiting). I want to encrypt these data and insure that what I am doing is as secure as possible. Since I am using UDP, there is no way to use SSL/TLS, so I have to encrypt each packet alone since the protocol is connectionless/unreliable/unregulated. Right now, I am using a 128-bit key derived from a passphrase from the user, and AES in CBC mode (PBE using AES-CBC). I decided to use a random salt with the passphrase to derive the 128-bit key (prevent dictionary attack on the passphrase), and of course use IVs (to prevent statistical analysis for packets). However I am concerned about few things: Each packet contains small amount of data (like a couple of integer values per packet) which will make the encrypted packets vulnerable to known-plaintext attacks (which will result in making it easier to crack the key). Also, since the encryption key is derived from a passphrase, this will make the key space way less (I know the salt will help, but I have to send the salt through the network once and anyone can get it). Given these two things, anyone can sniff and store the sent data, and try to crack the key. Although this process might take some time, once the key is cracked all the stored data will be decrypted, which will be a real problem for my application. So my question is, what is the best practices for sending/encrypting continuous small data using a connectionless protocol (UDP)? Is my way the best way to do it? ...flowed? ...Overkill? ... Please note that I am not asking for a 100% secure solution, as there is no such thing. Cheers

  Read the article

• UDP packets are dropped when its size is less than 12 byte in a certain PC. how do i figure it out the reason?

  - by waan

  Hi. i've stuck in a problem that is never heard about before. i'm making an online game which uses UDP packets in a certain character action. after i developed the udp module, it seems to work fine. though most of our team members have no problem, but a man, who is my boss, told me something is wrong for that module. i have investigated the problem, and finally i found the fact that... on his PC, if udp packet size is less than 12, the packet is never have been delivered to the other host. the following is some additional information: 1~11 bytes udp packets are dropped, 12 bytes and over 12 bytes packets are OK. O/S: Microsoft Windows Vista Business NIC: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller WSASendTo returns TRUE. loopback udp packet works fine. how do you think of this problem? and what do you think... what causes this problem? what should i do for the next step for the cause? PS. i don't want to padding which makes length of all the packets up to 12 bytes.

  Read the article

• [java] tcp socket communication [send and recieve help]

  - by raven

  hello, I am creating a Chat in java. I have a method (onMouseRelease) inside an object that creates a tcp server and waits for a socket ServerSocket server = new ServerSocket(port); Socket channel = server.accept(); now I want to make a thread that will loop and read data from the socket, so that once the user on the other side sent me a string, I will extract the data from the socket [or is it called packet? sry I am new to this], and update a textbox to add the additional string from the socket [or packet?]. I have no idea how to READ (extract) the information from the scoket [/packet] and then update it into a JTextArea which is called userOutput. And how to Send a string to the other client, so that it will also could read the new data and update its JTextArea. (from what I know, for a 2 sided tcp communication you need one computer to host a server and the other to connect [as a client] and once the connection is set the client can also recieve new information from the socket. Is that true? and please tell me how ) Any help appreciated !! I know this is abit long but I have searched allot and didn't understand [I saw something like printwriter but failed to understand].

  Read the article

• Java if/else behaving strangely

  - by Alex

  I'm a real newbie to java, so please excuse me if this is a hopelessly straightforward problem. I have the following from my java game server: // Get input from the client DataInputStream in = new DataInputStream (server.getInputStream()); PrintStream out = new PrintStream(server.getOutputStream()); disconnect=false; while((line = in.readLine().trim()) != null && !line.equals(".") && !line.equals("") && !disconnect) { System.out.println("Received "+line); if(line.equals("h")){ out.println("h"+EOF); // Client handshake System.out.println("Matched 1"); }else if (line.equals("<policy-file-request/>")) { out.println("..."+EOF); // Policy file System.out.println(server.getInetAddress()+": Policy Request"); disconnect=true; System.out.println("Matched 2"); }else if(line.substring(0,3).equals("GET")||line.substring(0,4).equals("POST")){ out.println("HTTP/1.0 200 OK\nServer: VirtuaRoom v0.9\nContent-Type: text/html\n\n..."); // HTML status page disconnect=true; System.out.println("Matched 3"); } else { System.out.println(server.getInetAddress()+": Unknown command, client disconnected."); disconnect=true; System.out.println("Matched else"); } } server.close(); First of all, the client sends an "h" packet, and expects the same back (handshake). However, I want it to disconnect the client when an unrecognised packet is received. For some reason, it responds fine to the handshake and HTML status request, but the else clause is never executed when there's an unknown packet. Thanks

  Read the article

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >