[ale] Using tcpdump to diagnose website connecting

James P. Kinney III jkinney at localnetsolutions.com
Thu Apr 24 21:59:41 EDT 2003


Mike,

That is quite strange. My only surmise is that the route to mrslim and
friends has a problem and is dropping the SYN request. Try a traceroute.

Also doublecheck your iptables rules. You may have a "drop half open
connections" line in there. 

Let us know what you find. I like puzzles. I like solutions, too. :)

On Thu, 2003-04-24 at 21:49, Mike Millson wrote:
> Thanks James,
> 
> I have no trouble browsing other sites, there's just something about
> that mrslim site. It also happens when I try to view mci.com. I can view
> it fine on my windoze machine, but the mci.com server does not respond
> to my SYN request on my linux box/firewall/gateway. MCI's server is
> Netscape-Enterprise/4.1.
> 
> Mike
> 
> On Thu, 2003-04-24 at 21:25, James P. Kinney III wrote: 
> > Sorry Mike. I should have also suggested to turn off the iptables for a
> > second and retry. That is the most likely culprit. 
> > 
> > Unless, of course you can browse to any other site already from the
> > Linux box BUT the mrslim.com site. In which case, I'm stumped.
> > 
> > It's not a site issue as I can get it here on a RedHat 8 box with galeon
> > running through a Linux NAT/firewall/gateway.
> > 
> > On Thu, 2003-04-24 at 20:56, Mike Millson wrote:
> > > James,
> > > 
> > > The html headers mrslim is apparently running on Apache on Unix:
> > > Apache/1.3.9 (Unix). Unless the header is forged, mrslim isn't on an IIS
> > > server.
> > > 
> > > Mike 
> > > 
> > > On Thu, 2003-04-24 at 20:14, James P. Kinney III wrote:
> > > > M$ has  a broken tcp stack (still). It will ignore the the initial state
> > > > connection flags. This is especially  problem with unpatched IIS servers
> > > > servers that ignore the initiating SYN/ACK on an http connection. 
> > > > 
> > > > On Thu, 2003-04-24 at 19:41, Mike Millson wrote:
> > > > > I have a RH 7.1 box that I am using as a router and does NAT to share my
> > > > > ADSL connection with a Windoze 2K machine.
> > > > > 
> > > > > I cannot connect to www.mrslim.com from the Linux box; however, I can
> > > > > from the Windoze box.
> > > > > 
> > > > > Using tcpdump, I see the difference in the connections is that the
> > > > > Windoze SYN is ACK'd, but the Linux SYN is not.
> > > > > 
> > > > > Here are the relevant tcpdump lines:
> > > > > 
> > > > > Router/Server:
> > > > > 16:56:08.050143 68.157.175.145.53263 > 216.237.21.5.http: SWE
> > > > > 1875630922:1875630922(0) win 5808 <mss 1452,sackOK,timestamp 852565069
> > > > > 0,nop,wscale 0> (DF)
> > > > > 
> > > > > Windoze machine:
> > > > > 17:05:05.346259 68.157.175.145.3490 > 216.237.21.5.http: S
> > > > > 3816606182:3816606182(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
> > > > > 
> > > > > I'm running iptables, and any packets I reject are logged. I don't see
> > > > > any rejected packets logged when the SYN is not answered - just the
> > > > > connection times out after multiple SYN requests are not answered.
> > > > > 
> > > > > Can anyone shed any light what is going on here why the Linux SYN is not
> > > > > being answered and how I can fix this? How come the linux box issues an
> > > > > SWE request instead of just S? What is SWE?
> > > > > 
> > > > > Thank you,
> > > > > Mike
> > > > > 
> > > > > 
> > > > > 
> > > > > _______________________________________________
> > > > > Ale mailing list
> > > > > Ale at ale.org
> > > > > http://www.ale.org/mailman/listinfo/ale
> > > 
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) <jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 

 This is a digitally signed message part




More information about the Ale mailing list