Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: renluop on May 18, 2012, 07:24:57 AM
-
From event log of my Thomson 585 v7 8.2.6.5
Had a momentary power drop last evening without sync loss, and later went into router found IDS fragment parser : fragment out-of-order (1 of 1) : 81.138.88.153 87.113.24.62 1020 TCP 80->53500 [..A...] seq 1573005127 ack 253368446 win 65096 frag 42702:1000@0+
TBH I do not think the event is related due to its timing, but would like to know what its significance is. The only other entries last evening are routine as SNTP syncs to server.
So! Please feed my fragmentary knowledge. :)
Oh BTW, I know that IDS does not mean Ian Duncan-Smith ;)
-
Irritable Donkey Syndrome? Sorry, I have no idea. Just guessing. :lol:
-
:lol:
Could be
idiotic, insane, inebriated, ignorant.....
And a syndrome, isn't that something to do with hankie-pankie at an airport? >:D :D
And now I wait for one of our sane friends to come up with the answer.
-
From event log of my Thomson 585 v7 8.2.6.5
Had a momentary power drop last evening without sync loss, and later went into router found IDS fragment parser : fragment out-of-order (1 of 1) : 81.138.88.153 87.113.24.62 1020 TCP 80->53500 [..A...] seq 1573005127 ack 253368446 win 65096 frag 42702:1000@0+
TBH I do not think the event is related due to its timing, but would like to know what its significance is. The only other entries last evening are routine as SNTP syncs to server.
So! Please feed my fragmentary knowledge. :)
Oh BTW, I know that IDS does not mean Ian Duncan-Smith ;)
IDS usually means intrusion detection system. One of the best known IDS is called snort.
As for the fragmentation warning error..
TCP uses what's called a sliding window protocol. A packet fragment arriving outside of that sliding time window is being flagged up by the IDS. It's normally nothing sinister. Just an issue with network congestion somewhere along the route. Some switch is overloading.
However, it is a poor show that the packet loss and delay is on port 80 (HTTP) traffic. Normally that type of network traffic is prioritised at the switches through different queue weights.
Port 80 traffic has a bursty flow nature, but it's generally low bandwidth. Although maybe not so much these days with all the multimedia guff (flash, mpegs, huge animated GIFs) that people reference from a web page.
Anyway, nothing to worry about, sfaik.
For the professional paranoid, tripwire is a useful addition to snort. It monitors all the system binaries and scripts for illicit modifications. It's a bit like a virus detector for BillyGatesWare.
cheers, a
-
Thanks for the assurance :) FWIW there was another incience tonight app 25 hours after the last
IDS fragment parser : fragment out-of-order (1 of 4) : 81.138.88.153 87.113.24.62 1020 TCP 80->57979 [..A...] seq 2371714534 ack 4045611186 win 64334 frag 23195:1000@0+
..............
However, it is a poor show that the packet loss and delay is on port 80 (HTTP) traffic. Normally that type of network traffic is prioritised at the switches through different queue weights.
.....
Could you elaborate on that comment, please? ISP is Plusnet with AdsL2+ Extra.
AAMOI elsewhere I have seen reference seemingly to fragments out of order being related to overfull caches. But I may have got the wrong end of the stick in my reading of the statement.