From: TheOldFellow <theoldfellow@gmail.com>
To: netfilter@vger.kernel.org
Subject: Re: www.adobe.com
Date: Thu, 13 Nov 2008 10:52:05 +0000 [thread overview]
Message-ID: <20081113105205.7496faf5@gmail.com> (raw)
In-Reply-To: 491BFB25.3000800@plouf.fr.eu.org
On Thu, 13 Nov 2008 11:02:13 +0100
Pascal Hambourg <pascal.mail@plouf.fr.eu.org> wrote:
> Hello,
>
> TheOldFellow a écrit :
> >
> > # wget http://www.adobe.com/index.html
> > --07:45:04-- http://www.adobe.com/index.html
> > => `index.html'
> > Resolving www.adobe.com... 192.150.18.101
> > Connecting to www.adobe.com|192.150.18.101|:80...
> >
> > it just times out - browsers are the same.
<snip>
>
> Wget hanging after printing "Connecting to..." but before printing
> "connected" seems to indicate that it didn't receive a SYN/ACK packet
> from the server in response to its SYN packet. However the logged and
> dropped packets do not look like SYN/ACK packets, as they do not have
> the SYN and ACK flags set.
>
> Can you provide a capture of the resulting traffic from and to
> 192.150.18.101 on interface 'net' with tcpdump, tshark or wireshark when
> running wget ? E.g.
>
> # tcpdump -nvi net host 192.150.18.101
>
> Does the problem happen if you temporarily allow all input traffic (at
> least from 192.150.18.101) ? E.g.
>
> # iptables -I INPUT -s 192.150.18.101 -j ACCEPT
Thanks, and to everyone else who tried to help.
I didn't know about tcpdump, so I had to build and install it first.
The output when executing the wget above is:
$ sudo /usr/sbin/tcpdump -nvi net host 192.150.18.101
tcpdump: listening on net, link-type EN10MB (Ethernet), capture size 68 bytes 10:45:28.743810 IP (tos 0x0, ttl 64, id 55527, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.2.2901 > 192.150.18.101.80: Flags [S], seq 3678776487, win 5840, options [mss 1460,sackOK,TS[|tcp]>
10:45:28.932756 IP (tos 0x0, ttl 53, id 25304, offset 0, flags [none], proto TCP (6), length 44)
192.150.18.101.80 > 192.168.1.2.2901: tcp 24 [bad hdr length 0 - too short, < 20]
10:45:31.741831 IP (tos 0x0, ttl 64, id 55528, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.2.2901 > 192.150.18.101.80: Flags [S], seq 3678776487, win 5840, options [mss 1460,sackOK,TS[|tcp]>
10:45:31.930558 IP (tos 0x0, ttl 53, id 46986, offset 0, flags [none], proto TCP (6), length 44)
192.150.18.101.80 > 192.168.1.2.2901: tcp 24 [bad hdr length 0 - too short, < 20]
10:45:37.741754 IP (tos 0x0, ttl 64, id 55529, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.2.2901 > 192.150.18.101.80: Flags [S], seq 3678776487, win 5840, options [mss 1460,sackOK,TS[|tcp]>
<snip>
18 packets captured
18 packets received by filter
0 packets dropped by kernel
Allowing all input doesn't change a thing. Did I capture enough?
Regards,
R.
next prev parent reply other threads:[~2008-11-13 10:52 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-13 7:52 www.adobe.com TheOldFellow
2008-11-13 8:33 ` www.adobe.com Покотиленко Костик
2008-11-13 8:42 ` www.adobe.com Wessel
2008-11-13 8:44 ` www.adobe.com Amos Jeffries
2008-11-13 8:59 ` www.adobe.com Покотиленко Костик
2008-11-13 9:15 ` www.adobe.com Gilad Benjamini
2008-11-13 10:02 ` www.adobe.com Pascal Hambourg
2008-11-13 10:52 ` TheOldFellow [this message]
2008-11-13 11:22 ` www.adobe.com Pascal Hambourg
2008-11-13 12:00 ` www.adobe.com TheOldFellow
2008-11-14 9:30 ` www.adobe.com John Haxby
2008-11-15 3:39 ` www.adobe.com Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081113105205.7496faf5@gmail.com \
--to=theoldfellow@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.