On 28/09/2007, Alain Spineux <aspineux@xxxxxxxxx> wrote:
Here are my own tcpdump, this is only the connection part.
192.168.23.11 is a centos4, .14 is a centos5 (2.6.18-8.el5xen)
Lines are grouped 2 by 2
I see two strenge things :
- the windows is only 46bytes large !
- the centos4 send a packed with a bad checksum!
21:10: 26.841544 IP (tos 0x10, ttl 64, id 31172, offset 0, flags [DF],
proto: TCP (6), length: 60) 192.168.23.14.36608 > 87.86.7.52.http: S,
cksum 0x53a4 (correct), 1955586986:1955586986(0) win 5840 <mss
1460,sackOK,timestamp 626170478 0,nop,wscale 7>
21:07:46.854517 IP (tos 0x10, ttl 64, id 16300, offset 0, flags [DF],
proto 6 , length: 60) 192.168.23.11.33258 > 87.86.7.52.http: S
[tcp sum ok] 830506483:830506483(0) win 5840 <mss
1460,sackOK,timestamp 2948184671 0,nop,wscale 2>
21:10:26.884069 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF],
proto: TCP (6), length: 52) 87.86.7.52.http > 192.168.23.14.36608: S,
cksum 0xe891 (correct), 1450179434:1450179434(0) ack 1955586987 win
5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
21:07:46.881494 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF],
proto 6 , length: 52) 87.86.7.52.http > 192.168.23.11.33258: S
[tcp sum ok] 2040411689:2040411689(0) ack 830506484 win
5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
21:10:26.884120 IP (tos 0x10, ttl 64, id 31173, offset 0, flags [DF],
proto: TCP (6), length: 40) 192.168.23.14.36608 > 87.86.7.52.http: .,
cksum 0x3fff (correct), ack 1 win 46
21:07:46.881575 IP (tos 0x10, ttl 64, id 16302, offset 0, flags [DF],
proto 6 , length: 40) 192.168.23.11.33258 > 87.86.7.52.http: .
[tcp sum ok] ack 1 win 1460
21:10:30.317344 IP (tos 0x10, ttl 64, id 31174, offset 0, flags [DF],
proto: TCP (6), length: 47) 192.168.23.14.36608 > 87.86.7.52.http: P,
cksum 0x6b7d (correct), 1:8(7) ack 1 win 46
21:07:55.031547 IP (tos 0x10, ttl 64, id 16304, offset 0, flags [DF],
proto 6 , length: 47) 192.168.23.11.33258 > 87.86.7.52.http: P
[bad tcp cksum 365f (->b5e9)!] 1:8(7) ack 1 win 1460
21:10:30.363124 IP (tos 0x0, ttl 53, id 4389, offset 0, flags [DF],
proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36608: .,
cksum 0x2956 (correct), ack 8 win 5840
21:07:55.054752 IP (tos 0x0, ttl 53, id 10784, offset 0, flags [DF],
proto 6 , length: 40) 87.86.7.52.http > 192.168.23.11.33258: .
[tcp sum ok] ack 8 win 5840
21:11:15.504130 IP (tos 0x0, ttl 20, id 1, offset 0, flags [none],
proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36570:
R, cksum 0xa6df (correct), 235172837:235172837(0) ack 1829917834 win 0
21:07:55.114216 IP (tos 0x0, ttl 53, id 10785, offset 0, flags [DF],
proto 6, length: 1500) 87.86.7.52.http > 192.168.23.11.33258: .
1:1461(1460) ack 8 win 5840
On 9/28/07, Alain Spineux < aspineux@xxxxxxxxx> wrote:
> Ops
> I have the same at home :-)
> My Centos5 is not working too but my 4.x is working well !!!
>
> I look like www.debtbusterloans.com return packet with bad checksum.
> Centos4 accept it, but Centos5 ignore it
>
>
> On 9/28/07, Alain Spineux <aspineux@xxxxxxxxx > wrote:
> > Hi
> >
> > Are eagle and Mailscanner on the same network, on the same switch/hub ?
> > Can you post your tcpdump for both connection.
> > What is the NIC ?
> >
> > On 9/27/07, Garron Kramer <garron.gmail@xxxxxxxxxxxxxx> wrote:
> > > I seem to be having a problem with all of my CentOS5 machines, which do not
> > > seem to be a problem with CentOS4.4:
> > >
> > > [garron@MailScanner ~]$ telnet www.debtbusterloans.com 80
> > > Trying 87.86.7.52.. .
> > > Connected to www.debtbusterloans.com (87.86.7.52).
> > > Escape character is '^]'.
> > > GET /
> > > HTTP/1.1 200 OK
> > > Date: Thu, 27 Sep 2007 10:34:24 GMT
> > > Server: Microsoft-IIS/6.0
> > > X-Powered-By: ASP.NET
> > > X-AspNet-Version: 2.0.50727
> > > Pragma: no-cache
> > > ...
> > >
> > > Yet:
> > >
> > > [root@eagle ~]# telnet www.debtbusterloans.com 80
> > > Trying 87.86.7.52...
> > > Connected to www.debtbusterloans.com (87.86.7.52).
> > > Escape character is '^]'.
> > > GET /
> > >
> > > Connection closed by foreign host.
> > > [root@eagle ~]#
> > >
> > > ---
> > >
> > > I've done a tcpdump, and it would appear as if I receive a TCP RST when
> > > attempting to request pages - yet this appears to work for other websites.
> > >
> > > So far, I've been able to narrow down that this is only happening on my
> > > CentOS5 machines and not CentOS4.4Server installations.
> > >
> > > Could anyone please advise? Its the strangest problem - especially as it
> > > only affects certain websites.
> > >
> > > Regards,
> > > Garron Kramer
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS@xxxxxxxxxx
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> > >
> >
> >
> > --
> > Alain Spineux
> > aspineux gmail com
> > May the sources be with you
> >
>
>
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you
>
--
Alain Spineux
aspineux gmail com
May the sources be with you
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Alain,
I'm seeing exactly the same issues as yourself.
I've got multiple CentOS5 machines and CentOS4.4 machines in my office network - as well as CentOS4.4 and CentOS5 at home - I'm seeing exactly the same issues behind iptables and BSD PF NAT.
I'm hoping someone will be able to suggest an answer - as my primary proxy server at the office is built on a CentOS5 machine.
Re your TCPdump... I see exactly the same thing as yourself. TCP session opens successfully, but as soon as you request a page, the session is closed.
Any ideas?
Regards,
Garron
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos