[ale] Using tcpdump to diagnose website connecting

James P. Kinney III jkinney at localnetsolutions.com
Thu Apr 24 21:25:07 EDT 2003


Sorry Mike. I should have also suggested to turn off the iptables for a
second and retry. That is the most likely culprit. 

Unless, of course you can browse to any other site already from the
Linux box BUT the mrslim.com site. In which case, I'm stumped.

It's not a site issue as I can get it here on a RedHat 8 box with galeon
running through a Linux NAT/firewall/gateway.

On Thu, 2003-04-24 at 20:56, Mike Millson wrote:
> James,
> 
> The html headers mrslim is apparently running on Apache on Unix:
> Apache/1.3.9 (Unix). Unless the header is forged, mrslim isn't on an IIS
> server.
> 
> Mike 
> 
> On Thu, 2003-04-24 at 20:14, James P. Kinney III wrote:
> > M$ has  a broken tcp stack (still). It will ignore the the initial state
> > connection flags. This is especially  problem with unpatched IIS servers
> > servers that ignore the initiating SYN/ACK on an http connection. 
> > 
> > On Thu, 2003-04-24 at 19:41, Mike Millson wrote:
> > > I have a RH 7.1 box that I am using as a router and does NAT to share my
> > > ADSL connection with a Windoze 2K machine.
> > > 
> > > I cannot connect to www.mrslim.com from the Linux box; however, I can
> > > from the Windoze box.
> > > 
> > > Using tcpdump, I see the difference in the connections is that the
> > > Windoze SYN is ACK'd, but the Linux SYN is not.
> > > 
> > > Here are the relevant tcpdump lines:
> > > 
> > > Router/Server:
> > > 16:56:08.050143 68.157.175.145.53263 > 216.237.21.5.http: SWE
> > > 1875630922:1875630922(0) win 5808 <mss 1452,sackOK,timestamp 852565069
> > > 0,nop,wscale 0> (DF)
> > > 
> > > Windoze machine:
> > > 17:05:05.346259 68.157.175.145.3490 > 216.237.21.5.http: S
> > > 3816606182:3816606182(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
> > > 
> > > I'm running iptables, and any packets I reject are logged. I don't see
> > > any rejected packets logged when the SYN is not answered - just the
> > > connection times out after multiple SYN requests are not answered.
> > > 
> > > Can anyone shed any light what is going on here why the Linux SYN is not
> > > being answered and how I can fix this? How come the linux box issues an
> > > SWE request instead of just S? What is SWE?
> > > 
> > > Thank you,
> > > Mike
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) <jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 

 This is a digitally signed message part




More information about the Ale mailing list