FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-01-2008, 04:02 PM
"st.john.johnson@gmail.com"
 
Default No SYNACK to port 80?

Hi there. I'm having a strange problem. Sometimes, for short periods
of time, when connecting to my web server from an external IP address,
the connection doesn't complete. But at the same time, I can connect
from a local ip address.

I ran tshark on the machine to monitor traffic when these "short
periods" happen and I noticed that for external connections, my
machine is not replying to the ACK in the three-way handshake.

0.000000 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
Len=0 MSS=1460 WS=2
3.006786 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
Len=0 MSS=1460 WS=2
8.973167 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
Len=0 MSS=1460

I don't have iptables installed, and SELinux is not enabled.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-08-2008, 02:34 AM
"st.john.johnson@gmail.com"
 
Default No SYNACK to port 80?

On Feb 1, 12:20 pm, "st.john.john...@gmail.com"
<st.john.john...@gmail.com> wrote:
> Hi there. I'm having a strange problem. Sometimes, for short periods
> of time, when connecting to my web server from an external IP address,
> the connection doesn't complete. But at the same time, I can connect
> from a local ip address.
>
> I ran tshark on the machine to monitor traffic when these "short
> periods" happen and I noticed that for external connections, my
> machine is not replying to the ACK in the three-way handshake.
>
> 0.000000 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
> Len=0 MSS=1460 WS=2
> 3.006786 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
> Len=0 MSS=1460 WS=2
> 8.973167 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
> Len=0 MSS=1460
>
> I don't have iptables installed, and SELinux is not enabled.

It happened again, and I captured the raw packets. There is NO
difference between two packets coming in except one is from an
external IP and one is from an internal one.
The internal one is replied to with SYNACK and the external one is
ignored. I'm not sure how to continue debugging this. I can post my
raw capture.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 07:45 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org