[CentOS] Able to open TCP session, but unable to receive html content

Garron Kramer garron.gmail at epidemic.co.za
Sun Sep 30 16:24:41 UTC 2007


On 28/09/2007, Alain Spineux <aspineux at gmail.com> wrote:
>
> Here are my own tcpdump, this is only the connection part.
> 192.168.23.11 is a centos4, .14 is a centos5 (2.6.18-8.el5xen)
> Lines are grouped 2 by 2
> I see two strenge things :
> - the windows is only 46bytes large !
> - the centos4 send a packed with a bad checksum!
>
>
> 21:10:26.841544 IP (tos 0x10, ttl  64, id 31172, offset 0, flags [DF],
> proto: TCP (6), length: 60) 192.168.23.14.36608 > 87.86.7.52.http: S,
> cksum 0x53a4 (correct), 1955586986:1955586986(0) win 5840 <mss
> 1460,sackOK,timestamp  626170478 0,nop,wscale 7>
> 21:07:46.854517 IP (tos 0x10, ttl  64, id 16300, offset 0, flags [DF],
> proto       6 , length: 60) 192.168.23.11.33258 > 87.86.7.52.http: S
> [tcp sum ok]               830506483:830506483(0) win 5840 <mss
> 1460,sackOK,timestamp 2948184671 0,nop,wscale 2>
>
> 21:10:26.884069 IP (tos 0x0, ttl  53, id 0, offset 0, flags [DF],
> proto: TCP (6), length: 52) 87.86.7.52.http > 192.168.23.14.36608: S,
> cksum 0xe891 (correct), 1450179434:1450179434(0) ack 1955586987 win
> 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
> 21:07:46.881494 IP (tos 0x0, ttl  53, id 0, offset 0, flags [DF],
> proto       6 , length: 52) 87.86.7.52.http > 192.168.23.11.33258: S
> [tcp sum ok]             2040411689:2040411689(0) ack  830506484 win
> 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
>
> 21:10:26.884120 IP (tos 0x10, ttl  64, id 31173, offset 0, flags [DF],
> proto: TCP (6), length: 40) 192.168.23.14.36608 > 87.86.7.52.http: .,
> cksum 0x3fff (correct), ack 1 win 46
> 21:07:46.881575 IP (tos 0x10, ttl  64, id 16302, offset 0, flags [DF],
> proto       6 , length: 40) 192.168.23.11.33258 > 87.86.7.52.http: .
> [tcp sum ok]             ack 1 win 1460
>
> 21:10:30.317344 IP (tos 0x10, ttl  64, id 31174, offset 0, flags [DF],
> proto: TCP (6), length: 47) 192.168.23.14.36608 > 87.86.7.52.http: P,
> cksum 0x6b7d (correct), 1:8(7) ack 1 win 46
> 21:07:55.031547 IP (tos 0x10, ttl  64, id 16304, offset 0, flags [DF],
> proto       6 , length: 47) 192.168.23.11.33258 > 87.86.7.52.http: P
> [bad tcp cksum 365f (->b5e9)!] 1:8(7) ack 1 win 1460
>
> 21:10:30.363124 IP (tos 0x0, ttl  53, id 4389, offset 0, flags [DF],
> proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36608: .,
> cksum 0x2956 (correct), ack 8 win 5840
> 21:07:55.054752 IP (tos 0x0, ttl  53, id 10784, offset 0, flags [DF],
> proto      6 , length: 40) 87.86.7.52.http > 192.168.23.11.33258: .
> [tcp sum ok] ack 8 win 5840
>
> 21:11:15.504130 IP (tos 0x0, ttl  20, id 1, offset 0, flags [none],
> proto: TCP (6), length:   40) 87.86.7.52.http > 192.168.23.14.36570:
> R, cksum 0xa6df (correct), 235172837:235172837(0) ack 1829917834 win 0
> 21:07:55.114216 IP (tos 0x0, ttl  53, id 10785, offset 0, flags [DF],
> proto     6,  length: 1500) 87.86.7.52.http > 192.168.23.11.33258: .
> 1:1461(1460) ack 8 win 5840
>
>
>
>
> On 9/28/07, Alain Spineux <aspineux at gmail.com> wrote:
> > Ops
> > I have the same at home :-)
> > My Centos5 is not working too but my 4.x is working well !!!
> >
> > I look like www.debtbusterloans.com return packet with bad checksum.
> > Centos4 accept it, but Centos5 ignore it
> >
> >
> > On 9/28/07, Alain Spineux <aspineux at gmail.com> wrote:
> > > Hi
> > >
> > > Are eagle and Mailscanner on the same network, on the same switch/hub
> ?
> > > Can you post  your tcpdump for both connection.
> > > What is the NIC ?
> > >
> > > On 9/27/07, Garron Kramer <garron.gmail at epidemic.co.za> wrote:
> > > > I seem to be having a problem with all of my CentOS5 machines, which
> do not
> > > > seem to be a problem with CentOS4.4:
> > > >
> > > > [garron at MailScanner ~]$ telnet www.debtbusterloans.com 80
> > > > Trying 87.86.7.52...
> > > > Connected to www.debtbusterloans.com (87.86.7.52).
> > > > Escape character is '^]'.
> > > > GET /
> > > > HTTP/1.1 200 OK
> > > > Date: Thu, 27 Sep 2007 10:34:24 GMT
> > > > Server: Microsoft-IIS/6.0
> > > > X-Powered-By: ASP.NET
> > > > X-AspNet-Version: 2.0.50727
> > > > Pragma: no-cache
> > > > ...
> > > >
> > > > Yet:
> > > >
> > > > [root at eagle ~]# telnet www.debtbusterloans.com 80
> > > > Trying 87.86.7.52...
> > > > Connected to www.debtbusterloans.com (87.86.7.52).
> > > > Escape character is '^]'.
> > > > GET /
> > > >
> > > > Connection closed by foreign host.
> > > > [root at eagle ~]#
> > > >
> > > > ---
> > > >
> > > > I've done a tcpdump, and it would appear as if I receive a TCP RST
> when
> > > > attempting to request pages - yet this appears to work for other
> websites.
> > > >
> > > > So far, I've been able to narrow down that this is only happening on
> my
> > > > CentOS5 machines and not CentOS4.4Server installations.
> > > >
> > > > Could anyone please advise? Its the strangest problem - especially
> as it
> > > > only affects certain websites.
> > > >
> > > > Regards,
> > > > Garron Kramer
> > > > _______________________________________________
> > > > CentOS mailing list
> > > > CentOS at centos.org
> > > > http://lists.centos.org/mailman/listinfo/centos
> > > >
> > > >
> > >
> > >
> > > --
> > > Alain Spineux
> > > aspineux gmail com
> > > May the sources be with you
> > >
> >
> >
> > --
> > Alain Spineux
> > aspineux gmail com
> > May the sources be with you
> >
>
>
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
Alain,

I'm seeing exactly the same issues as yourself.

I've got multiple CentOS5 machines and CentOS4.4 machines in my office
network - as well as CentOS4.4 and CentOS5 at home - I'm seeing exactly the
same issues behind iptables and BSD PF NAT.

I'm hoping someone will be able to suggest an answer - as my primary proxy
server at the office is built on a CentOS5 machine.

Re your TCPdump... I see exactly the same thing as yourself. TCP session
opens successfully, but as soon as you request a page, the session is
closed.

Any ideas?

Regards,
Garron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20070930/094c1694/attachment.htm


More information about the CentOS mailing list