[ale] Using tcpdump to diagnose website connecting
James P. Kinney III
jkinney at localnetsolutions.com
Thu Apr 24 20:14:29 EDT 2003
M$ has a broken tcp stack (still). It will ignore the the initial state
connection flags. This is especially problem with unpatched IIS servers
servers that ignore the initiating SYN/ACK on an http connection.
On Thu, 2003-04-24 at 19:41, Mike Millson wrote:
> I have a RH 7.1 box that I am using as a router and does NAT to share my
> ADSL connection with a Windoze 2K machine.
>
> I cannot connect to www.mrslim.com from the Linux box; however, I can
> from the Windoze box.
>
> Using tcpdump, I see the difference in the connections is that the
> Windoze SYN is ACK'd, but the Linux SYN is not.
>
> Here are the relevant tcpdump lines:
>
> Router/Server:
> 16:56:08.050143 68.157.175.145.53263 > 216.237.21.5.http: SWE
> 1875630922:1875630922(0) win 5808 <mss 1452,sackOK,timestamp 852565069
> 0,nop,wscale 0> (DF)
>
> Windoze machine:
> 17:05:05.346259 68.157.175.145.3490 > 216.237.21.5.http: S
> 3816606182:3816606182(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
>
> I'm running iptables, and any packets I reject are logged. I don't see
> any rejected packets logged when the SYN is not answered - just the
> connection times out after multiple SYN requests are not answered.
>
> Can anyone shed any light what is going on here why the Linux SYN is not
> being answered and how I can fix this? How come the linux box issues an
> SWE request instead of just S? What is SWE?
>
> Thank you,
> Mike
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) <jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
This is a digitally signed message part
More information about the Ale
mailing list