On 04/10/2017 08:56 PM, Frédéric Bron wrote:
# tcpdump -nn port 443 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp62s0u1u4, link-type EN10MB (Ethernet), capture size 262144 bytes 05:38:34.536393 IP6 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038 > 2a04:4e42:9::223.443: Flags [S], seq 341004267, win 27920, options [mss 1396,sackOK,TS val 193352749 ecr 0,nop,wscale 7], length 0 05:38:34.588361 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [S.], seq 2353121035, ack 341004268, win 27360, options [mss 1380,sackOK,TS val 1661200257 ecr 193352749,nop,wscale 9], length 0
...
05:38:34.693359 IP6 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038 > 2a04:4e42:9::223.443: Flags [.], ack 3789, win 283, options [nop,nop,TS val 193352906 ecr 1661200282], length 0 05:38:34.694875 IP6 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038 > 2a04:4e42:9::223.443: Flags [P.], seq 202:328, ack 3789, win 283, options [nop,nop,TS val 193352908 ecr 1661200282], length 126 05:38:34.745931 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [R], seq 2353123732, win 0, length 0 05:38:34.748264 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [R], seq 2353124824, win 0, length 0 05:38:34.749457 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [R], seq 2353124824, win 0, length 0 05:38:34.938558 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [P.], seq 2697:3789, ack 202, win 56, options [nop,nop,TS val 1661200344 ecr 193352904], length 1092 05:38:34.938616 IP6 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038 > 2a04:4e42:9::223.443: Flags [R], seq 341004469, win 0, length 0 05:38:35.233371 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [.], seq 1349:2697, ack 202, win 56, options [nop,nop,TS val 1661200418 ecr 193352904], length 1348
It looks to me like early on in this connection, you're getting "reset" packets (the [R] flagged packets) from 2a04:4e42:9::223, followed by more data from the server. That seems all wrong. If the server is resetting the connection, it shouldn't be sending more packets.
Once the reset packets are received by your system, your system begins sending "reset" packets of its own in response to any packets the server sends, and the server continues to try to send "seq 1349:2697" every two seconds.
All of this looks like some system in the middle is interrupting the connection, sending reset packets to your system and dropping packets that your system is sending. I can't imagine that this has anything to do with Fedora. Who provides your Internet connection? Do they have any firewalls that might require a proxy server or perform intrusion detection? That sort of thing would explain what you're seeing.
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
