[ale] Using tcpdump to diagnose website connecting
James P. Kinney III
jkinney at localnetsolutions.com
Thu Apr 24 21:59:41 EDT 2003
Mike,
That is quite strange. My only surmise is that the route to mrslim and
friends has a problem and is dropping the SYN request. Try a traceroute.
Also doublecheck your iptables rules. You may have a "drop half open
connections" line in there.
Let us know what you find. I like puzzles. I like solutions, too. :)
On Thu, 2003-04-24 at 21:49, Mike Millson wrote:
> Thanks James,
>
> I have no trouble browsing other sites, there's just something about
> that mrslim site. It also happens when I try to view mci.com. I can view
> it fine on my windoze machine, but the mci.com server does not respond
> to my SYN request on my linux box/firewall/gateway. MCI's server is
> Netscape-Enterprise/4.1.
>
> Mike
>
> On Thu, 2003-04-24 at 21:25, James P. Kinney III wrote:
> > Sorry Mike. I should have also suggested to turn off the iptables for a
> > second and retry. That is the most likely culprit.
> >
> > Unless, of course you can browse to any other site already from the
> > Linux box BUT the mrslim.com site. In which case, I'm stumped.
> >
> > It's not a site issue as I can get it here on a RedHat 8 box with galeon
> > running through a Linux NAT/firewall/gateway.
> >
> > On Thu, 2003-04-24 at 20:56, Mike Millson wrote:
> > > James,
> > >
> > > The html headers mrslim is apparently running on Apache on Unix:
> > > Apache/1.3.9 (Unix). Unless the header is forged, mrslim isn't on an IIS
> > > server.
> > >
> > > Mike
> > >
> > > On Thu, 2003-04-24 at 20:14, James P. Kinney III wrote:
> > > > M$ has a broken tcp stack (still). It will ignore the the initial state
> > > > connection flags. This is especially problem with unpatched IIS servers
> > > > servers that ignore the initiating SYN/ACK on an http connection.
> > > >
> > > > On Thu, 2003-04-24 at 19:41, Mike Millson wrote:
> > > > > I have a RH 7.1 box that I am using as a router and does NAT to share my
> > > > > ADSL connection with a Windoze 2K machine.
> > > > >
> > > > > I cannot connect to www.mrslim.com from the Linux box; however, I can
> > > > > from the Windoze box.
> > > > >
> > > > > Using tcpdump, I see the difference in the connections is that the
> > > > > Windoze SYN is ACK'd, but the Linux SYN is not.
> > > > >
> > > > > Here are the relevant tcpdump lines:
> > > > >
> > > > > Router/Server:
> > > > > 16:56:08.050143 68.157.175.145.53263 > 216.237.21.5.http: SWE
> > > > > 1875630922:1875630922(0) win 5808 <mss 1452,sackOK,timestamp 852565069
> > > > > 0,nop,wscale 0> (DF)
> > > > >
> > > > > Windoze machine:
> > > > > 17:05:05.346259 68.157.175.145.3490 > 216.237.21.5.http: S
> > > > > 3816606182:3816606182(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
> > > > >
> > > > > I'm running iptables, and any packets I reject are logged. I don't see
> > > > > any rejected packets logged when the SYN is not answered - just the
> > > > > connection times out after multiple SYN requests are not answered.
> > > > >
> > > > > Can anyone shed any light what is going on here why the Linux SYN is not
> > > > > being answered and how I can fix this? How come the linux box issues an
> > > > > SWE request instead of just S? What is SWE?
> > > > >
> > > > > Thank you,
> > > > > Mike
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Ale mailing list
> > > > > Ale at ale.org
> > > > > http://www.ale.org/mailman/listinfo/ale
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) <jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
This is a digitally signed message part
More information about the Ale
mailing list