Ok, I got 'em. Here's me trying to do a simple wget from my server at work, and what I see on a packet sniffer on both ends. On my work machine, I see 4 requests, then a reset, then my requests start retrying.
On my server, I only see the requests. I'm sending responses that never get to my work computer.. Here are the packets going back and forth...to port 80, mind you. Now, I'm using Wireshark at work (gui) and snort at home (console), so that is why the formatting is different. But you can see not only the ID's, but the ports & sizes match when they hook up.
You can also see...the request gets through, my server sends a response which never arrives. Then, after a few more tries and a pause, a mysterious reset packet shows up. For completeness, a packet is shown after.
work:
388
2007-12-06 15:30:50.050948
YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX
TCP 33028 > http [SYN] Seq=0 Len=0 MSS=1460 TSV=97922341 TSER=0 WS=6
server:
12/06-15:30:50.062572 0:D:72:1E:10:F9 -> 0:1:3:69:44:AF type:0x800 len:0x4A
YYY.YYY.YYY.YYY:33028 -> XXX.XXX.XXX.XXX:80 TCP TTL:53 TOS:0x0 ID:23969 IpLen:20 DgmLen:60 DF
******S* Seq: 0xF7467084 Ack: 0x0 Win: 0x16D0 TcpLen: 40
TCP Options (5) => MSS: 1452 SackOK TS: 97922341 0 NOP WS: 6
12/06-15:30:50.062600 0:1:3:69:44:AF -> 0:D:72:1E:10:F9 type:0x800 len:0x4A
XXX.XXX.XXX.XXX:80 -> YYY.YYY.YYY.YYY:33028 TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0xE32982FD Ack: 0xF7467085 Win: 0x16A0 TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 4071114589 97922341 NOP
TCP Options => WS: 7
work:
no such packet
------------
work:
900
2007-12-06 15:31:20.044749
XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
TCP http > 33028 [RST] Seq=0 Len=0
home server:
no such packet
------------
work:
1131
2007-12-06 15:31:35.050804
YYY.YYY.YYY.YYY XXX.XXX.XXX.XXX
TCP 33028 > http [SYN] Seq=0 Len=0 MSS=1460 TSV=97967341 TSER=0 WS=6
home server:
12/06-15:31:35.060509 0:D:72:1E:10:F9 -> 0:1:3:69:44:AF type:0x800 len:0x4A
YYY.YYY.YYY.YYY:33028 -> XXX.XXX.XXX.XXX:80 TCP TTL:53 TOS:0x0 ID:23973 IpLen:20 DgmLen:60 DF
******S* Seq: 0xF7467084 Ack: 0x0 Win: 0x16D0 TcpLen: 40
TCP Options (5) => MSS: 1452 SackOK TS: 97967341 0 NOP WS: 6
12/06-15:31:35.060540 0:1:3:69:44:AF -> 0:D:72:1E:10:F9 type:0x800 len:0x4A
XXX.XXX.XXX.XXX:80 -> YYY.YYY.YYY.YYY:33028 TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x5D3FB13D Ack: 0xF7467085 Win: 0x16A0 TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 4071159587 97967341 NOP
TCP Options => WS: 7
work:
no such packet
Now, up to this point, allegations have been that Comcast is sending resets on p2p traffic. However, I'm seeing this on ALL requests to my server now...web, mail, you name it. It's like they've blocked me for no good reason.