Here are my own tcpdump, this is only the connection part. 192.168.23.11 is a centos4, .14 is a centos5 (2.6.18-8.el5xen) Lines are grouped 2 by 2 I see two strenge things : - the windows is only 46bytes large ! - the centos4 send a packed with a bad checksum!
21:10:26.841544 IP (tos 0x10, ttl 64, id 31172, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.23.14.36608 > 87.86.7.52.http: S, cksum 0x53a4 (correct), 1955586986:1955586986(0) win 5840 <mss 1460,sackOK,timestamp 626170478 0,nop,wscale 7> 21:07:46.854517 IP (tos 0x10, ttl 64, id 16300, offset 0, flags [DF], proto 6 , length: 60) 192.168.23.11.33258 > 87.86.7.52.http: S [tcp sum ok] 830506483:830506483(0) win 5840 <mss 1460,sackOK,timestamp 2948184671 0,nop,wscale 2>
21:10:26.884069 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto: TCP (6), length: 52) 87.86.7.52.http > 192.168.23.14.36608: S, cksum 0xe891 (correct), 1450179434:1450179434(0) ack 1955586987 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0> 21:07:46.881494 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto 6 , length: 52) 87.86.7.52.http > 192.168.23.11.33258: S [tcp sum ok] 2040411689:2040411689(0) ack 830506484 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
21:10:26.884120 IP (tos 0x10, ttl 64, id 31173, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.23.14.36608 > 87.86.7.52.http: ., cksum 0x3fff (correct), ack 1 win 46 21:07:46.881575 IP (tos 0x10, ttl 64, id 16302, offset 0, flags [DF], proto 6 , length: 40) 192.168.23.11.33258 > 87.86.7.52.http: . [tcp sum ok] ack 1 win 1460
21:10:30.317344 IP (tos 0x10, ttl 64, id 31174, offset 0, flags [DF], proto: TCP (6), length: 47) 192.168.23.14.36608 > 87.86.7.52.http: P, cksum 0x6b7d (correct), 1:8(7) ack 1 win 46 21:07:55.031547 IP (tos 0x10, ttl 64, id 16304, offset 0, flags [DF], proto 6 , length: 47) 192.168.23.11.33258 > 87.86.7.52.http: P [bad tcp cksum 365f (->b5e9)!] 1:8(7) ack 1 win 1460
21:10:30.363124 IP (tos 0x0, ttl 53, id 4389, offset 0, flags [DF], proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36608: ., cksum 0x2956 (correct), ack 8 win 5840 21:07:55.054752 IP (tos 0x0, ttl 53, id 10784, offset 0, flags [DF], proto 6 , length: 40) 87.86.7.52.http > 192.168.23.11.33258: . [tcp sum ok] ack 8 win 5840
21:11:15.504130 IP (tos 0x0, ttl 20, id 1, offset 0, flags [none], proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36570: R, cksum 0xa6df (correct), 235172837:235172837(0) ack 1829917834 win 0 21:07:55.114216 IP (tos 0x0, ttl 53, id 10785, offset 0, flags [DF], proto 6, length: 1500) 87.86.7.52.http > 192.168.23.11.33258: . 1:1461(1460) ack 8 win 5840
On 9/28/07, Alain Spineux aspineux@gmail.com wrote:
Ops I have the same at home :-) My Centos5 is not working too but my 4.x is working well !!!
I look like www.debtbusterloans.com return packet with bad checksum. Centos4 accept it, but Centos5 ignore it
On 9/28/07, Alain Spineux aspineux@gmail.com wrote:
Hi
Are eagle and Mailscanner on the same network, on the same switch/hub ? Can you post your tcpdump for both connection. What is the NIC ?
On 9/27/07, Garron Kramer garron.gmail@epidemic.co.za wrote:
I seem to be having a problem with all of my CentOS5 machines, which do not seem to be a problem with CentOS4.4:
[garron@MailScanner ~]$ telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET / HTTP/1.1 200 OK Date: Thu, 27 Sep 2007 10:34:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache ...
Yet:
[root@eagle ~]# telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET /
Connection closed by foreign host. [root@eagle ~]#
I've done a tcpdump, and it would appear as if I receive a TCP RST when attempting to request pages - yet this appears to work for other websites.
So far, I've been able to narrow down that this is only happening on my CentOS5 machines and not CentOS4.4Server installations.
Could anyone please advise? Its the strangest problem - especially as it only affects certain websites.
Regards, Garron Kramer _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Alain Spineux aspineux gmail com May the sources be with you
-- Alain Spineux aspineux gmail com May the sources be with you