Normally I would agree with everyone regarding Shaw and their DNS, but In this case it is not a DNS issue - I did check that after all the suggestions, the domains are resolving to the same IP.
I captured the request with tcpdump on the firewall, just using telnet and GET HTTP/1.1 (William thanks for pointing out the correct syntax - I still get different responses using just this syntax). Between the dumps (see below), the only difference I see is in the TCP window size. On the 'bad' pc, the window size appears as a constant 92 and on the 'good' pc is around 5840. I didn't make any changes to any parameters on the 'bad' pc, the only thing I can think of is the different kernel on each machine. Any network experts out there that can shed some more light on this? What sets the TCP window size? How could I change it? or am I barking up the wrong tree here? Martin TCPDUMP with 172.16.1.4 as not working and 172.16.1.20 as working Non Working 00:24:39.697544 IP 172.16.1.4.42768 > 216.17.211.37.http: S 1823424781:1823424781(0) win 5840 <mss 1460,sackOK,timestamp 54409718 0,nop,wscale 6> 00:24:39.786926 IP 216.17.211.37.http > 172.16.1.4.42768: S 3583296001:3583296001(0) ack 1823424782 win 5792 <mss 1460,sackOK,timestamp 200609792 54409718,nop,wscale 0> 00:24:39.787159 IP 172.16.1.4.42768 > 216.17.211.37.http: . ack 1 win 92 <nop,nop,timestamp 54409808 200609792> 00:24:46.399388 IP 172.16.1.4.42768 > 216.17.211.37.http: P 1:15(14) ack 1 win 92 <nop,nop,timestamp 54416421 200609792> 00:24:46.498051 IP 216.17.211.37.http > 172.16.1.4.42768: . ack 15 win 5792 <nop,nop,timestamp 200610464 54416421> 00:24:48.776343 IP 172.16.1.4.42768 > 216.17.211.37.http: P 15:17(2) ack 1 win 92 <nop,nop,timestamp 54418798 200610464> 00:24:48.900887 IP 216.17.211.37.http > 172.16.1.4.42768: R 3583296002:3583296002(0) win 0 Working 00:25:05.255277 IP 172.16.1.20.35551 > 216.17.211.37.http: S 548855971:548855971(0) win 5840 <mss 1460,sackOK,timestamp 384881907 0,nop,wscale 0> 00:25:05.343467 IP 216.17.211.37.http > 172.16.1.20.35551: S 3602424666:3602424666(0) ack 548855972 win 5792 <mss 1460,sackOK,timestamp 200612348 384881907,nop,wscale 0> 00:25:05.343660 IP 172.16.1.20.35551 > 216.17.211.37.http: . ack 1 win 5840 <nop,nop,timestamp 384881916 200612348> 00:25:12.291607 IP 172.16.1.20.35551 > 216.17.211.37.http: P 1:15(14) ack 1 win 5840 <nop,nop,timestamp 384882611 200612348> 00:25:12.376901 IP 216.17.211.37.http > 172.16.1.20.35551: . ack 15 win 5792 <nop,nop,timestamp 200613052 384882611> 00:25:12.379452 IP 216.17.211.37.http > 172.16.1.20.35551: P 1:255(254) ack 15 win 5792 <nop,nop,timestamp 200613052 384882611> 00:25:12.379691 IP 172.16.1.20.35551 > 216.17.211.37.http: . ack 255 win 6432 <nop,nop,timestamp 384882620 200613052> 00:25:12.379823 IP 216.17.211.37.http > 172.16.1.20.35551: F 255:255(0) ack 15 win 5792 <nop,nop,timestamp 200613052 384882611> 00:25:12.380156 IP 172.16.1.20.35551 > 216.17.211.37.http: F 15:15(0) ack 256 win 6432 <nop,nop,timestamp 384882620 200613052> 00:25:12.478286 IP 216.17.211.37.http > 172.16.1.20.35551: . ack 16 win 5792 <nop,nop,timestamp 200613062 384882620> On Thursday 28 September 2006 22:27, Shawn wrote: > I've run into this issue repeatedly in the past week. The problem (in > my cases at least) appear to be Shaw's DNS servers. For whatever > reason, they are not responding for some names, and not forwarding > requests to other servers. > > For me the solution has be change the DNS servers in use. For my > internal network, I've switched to point to my private instance of BIND > (used solely to resolve internal names), and things work well enough. > For boxes outside my network, I've switched them to use the OpenDNS > servers (www.opendns.com). In both cases, everything went back to normal. > > In ALL cases, it has been a Shaw DNS server. I discovered this while > trying to fix the issue for some friends of mine. They were behind a > DLink box, and using DHCP from that box. I determined what DNS servers > the DLink was using, and tried to access them directly from the > workstation. I could ping them, but when using them as the workstations > DNS servers they failed as well. I next ran nslookup and tried to > resolve the host in question. The response - from Shaw's server > (identified by name) was that the name could not be resolved. Ergo, > trying a different server fixed the problem. I knew it was not due to a > change in the domain name, as we control that and hadn't done any > changes in more than a year. > > A little wordy for a response I know, but hopefully this helps out.... > > Shawn > > Martin Glazer wrote: > > I'm completely baffled by this.... > > > >>From my workstation (Gentoo/KDE), I cannot access some websites > > > > (www.contribs.org being the main one I need). The request goes out but > > then I don't receive anything in response and eventually the browser > > times out. > > > > I have tried with Konqueror, FireFox and even telnetted to port 80 - > > > > [EMAIL PROTECTED] ~ $ telnet contribs.org 80 > > Trying 216.17.211.37... > > Connected to contribs.org. > > Escape character is '^]'. > > GET HTTP/1.1 > > > > <<hit enter a few times>> > > > > Connection closed by foreign host. > > [EMAIL PROTECTED] ~ $ > > > > > > I've tried under a different used ID, under root and even changed machine > > IP. The machine is sitting on my internal network behind a Linux > > firewall. There is no firewall/iptables running on this workstation. > > > > Other machines on my internal network (Linux and Windows) have no problem > > accessing these sites, so it is not the firewall > > . > > I can access most other sites on the internet without a problem from this > > machine. > > > > I used to be able to access these sites before. > > > > Any suggestions? > > > > Baffled _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
