MS changes IE and IIS TCP/IP rules
George Toft
plug-discuss@lists.plug.phoenix.az.us
Tue, 07 Jan 2003 01:28:18 -0500
Jeffrey Pyne wrote:
>
> On Monday, January 06, 2003 11:17 AM, Derek Neighbors wrote:
>
> > I can't comment on the issue, but I can comment on the tool
> > choice. (i.e. I'm not sure that Microsoft Networking Tools
> > can be trusted). For example Microsoft's ping tool doesnt
> > report 'duplicate' packets. If multiple packets are sent
> > it just ignores them and doesnt report that they are being
> > sent.
>
> I share your skepticism in Microsoft's networking tools. Unfortunately,
> that's all I had at my disposal at the moment. However, since NM does
> report HTTP Requests subsequent to the TCP/IP handshake, I would be
> surprised (well, not THAT surprised, I guess) if Network Monitor chose not
> to display that particular packet if it existed. If it were doing so, THAT
> would be even freakier than the original behavior being discussed. :)
>
> > Have you tried using more robust network monitors?
>
> I would normally use tcpdump on Linux or snoop on Solaris.... Duh, why
> didn't I run the capture on the server instead of on my workstation...?
> Need... more... coffee....
>
> Okay, I just used snoop on a Solaris box running iPlanet, and I still see no
> HTTP Request preceding the initial SYN from IE. So it appears that Network
> Monitor is trustworthy (at least in this instance).
>
> Is anyone else able to verify the behavior described in the article?
>
> ~Jeff
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
I used IE 5.5/Win98 against microsoft.com (assuming their web server is
IIS 5) and noticed teh normal TCP behavior using ethereal.
Maybe this is an XP thing?
George