Gustin, Thanks for the response - I don't suspect a bad NIC or cable as most other sites work perfectly well, however, I will try a different NIC and cable just to make sure.
I'll also give one of my earlier kernels a try as well - you never know. The book looks like a great resource - I'll see if it can help decode the dump. Martin On Friday 29 September 2006 01:01, Gustin Johnson wrote: > Bad cable or a bad NIC are the first to come to mind. Unless you are > doing something funky with traffic shaping. Buggy NIC driver, duplex > problems (eg. mixing hubs and switches of varying capabilities, also > some drivers are flakey, mostly under Windows, but it happens to us > too). If the cable runs under a door make sure it is not mangled. > Check for staples and that there are no tight bends in the cable. > > The TCP/IP guide is awesome (yes Dave, a review _is_ coming... eventually) > > Fortunately it is also on line, you are likely interested in the > following page. This whole section is actually pretty good to know. > Actually, IMO, the whole book is pretty handy. > > http://www.tcpipguide.com/free/t_TCPWindowManagementIssues.htm > > Martin Glazer wrote: > > Normally I would agree with everyone regarding Shaw and their DNS, but In > > this case it is not a DNS issue - I did check that after all the > > suggestions, the domains are resolving to the same IP. > > > > I captured the request with tcpdump on the firewall, just using telnet > > and GET HTTP/1.1 (William thanks for pointing out the correct syntax - I > > still get different responses using just this syntax). > > > > Between the dumps (see below), the only difference I see is in the TCP > > window size. On the 'bad' pc, the window size appears as a constant 92 > > and on the 'good' pc is around 5840. > > > > I didn't make any changes to any parameters on the 'bad' pc, the only > > thing I can think of is the different kernel on each machine. > > > > Any network experts out there that can shed some more light on this? What > > sets the TCP window size? How could I change it? or am I barking up the > > wrong tree here? > > > > Martin > > > > > > TCPDUMP with 172.16.1.4 as not working and 172.16.1.20 as working > > > > Non Working > > 00:24:39.697544 IP 172.16.1.4.42768 > 216.17.211.37.http: S > > 1823424781:1823424781(0) win 5840 <mss 1460,sackOK,timestamp 54409718 > > 0,nop,wscale 6> > > 00:24:39.786926 IP 216.17.211.37.http > 172.16.1.4.42768: S > > 3583296001:3583296001(0) ack 1823424782 win 5792 <mss > > 1460,sackOK,timestamp 200609792 54409718,nop,wscale 0> > > 00:24:39.787159 IP 172.16.1.4.42768 > 216.17.211.37.http: . ack 1 win 92 > > <nop,nop,timestamp 54409808 200609792> > > 00:24:46.399388 IP 172.16.1.4.42768 > 216.17.211.37.http: P 1:15(14) ack > > 1 win 92 <nop,nop,timestamp 54416421 200609792> > > 00:24:46.498051 IP 216.17.211.37.http > 172.16.1.4.42768: . ack 15 win > > 5792 <nop,nop,timestamp 200610464 54416421> > > 00:24:48.776343 IP 172.16.1.4.42768 > 216.17.211.37.http: P 15:17(2) ack > > 1 win 92 <nop,nop,timestamp 54418798 200610464> > > 00:24:48.900887 IP 216.17.211.37.http > 172.16.1.4.42768: R > > 3583296002:3583296002(0) win 0 > > > > Working > > 00:25:05.255277 IP 172.16.1.20.35551 > 216.17.211.37.http: S > > 548855971:548855971(0) win 5840 <mss 1460,sackOK,timestamp 384881907 > > 0,nop,wscale 0> > > 00:25:05.343467 IP 216.17.211.37.http > 172.16.1.20.35551: S > > 3602424666:3602424666(0) ack 548855972 win 5792 <mss > > 1460,sackOK,timestamp 200612348 384881907,nop,wscale 0> > > 00:25:05.343660 IP 172.16.1.20.35551 > 216.17.211.37.http: . ack 1 win > > 5840 <nop,nop,timestamp 384881916 200612348> > > 00:25:12.291607 IP 172.16.1.20.35551 > 216.17.211.37.http: P 1:15(14) ack > > 1 win 5840 <nop,nop,timestamp 384882611 200612348> > > 00:25:12.376901 IP 216.17.211.37.http > 172.16.1.20.35551: . ack 15 win > > 5792 <nop,nop,timestamp 200613052 384882611> > > 00:25:12.379452 IP 216.17.211.37.http > 172.16.1.20.35551: P 1:255(254) > > ack 15 win 5792 <nop,nop,timestamp 200613052 384882611> > > 00:25:12.379691 IP 172.16.1.20.35551 > 216.17.211.37.http: . ack 255 win > > 6432 <nop,nop,timestamp 384882620 200613052> > > 00:25:12.379823 IP 216.17.211.37.http > 172.16.1.20.35551: F 255:255(0) > > ack 15 win 5792 <nop,nop,timestamp 200613052 384882611> > > 00:25:12.380156 IP 172.16.1.20.35551 > 216.17.211.37.http: F 15:15(0) ack > > 256 win 6432 <nop,nop,timestamp 384882620 200613052> > > 00:25:12.478286 IP 216.17.211.37.http > 172.16.1.20.35551: . ack 16 win > > 5792 <nop,nop,timestamp 200613062 384882620> > > > > On Thursday 28 September 2006 22:27, Shawn wrote: > >> I've run into this issue repeatedly in the past week. The problem (in > >> my cases at least) appear to be Shaw's DNS servers. For whatever > >> reason, they are not responding for some names, and not forwarding > >> requests to other servers. > >> > >> For me the solution has be change the DNS servers in use. For my > >> internal network, I've switched to point to my private instance of BIND > >> (used solely to resolve internal names), and things work well enough. > >> For boxes outside my network, I've switched them to use the OpenDNS > >> servers (www.opendns.com). In both cases, everything went back to > >> normal. > >> > >> In ALL cases, it has been a Shaw DNS server. I discovered this while > >> trying to fix the issue for some friends of mine. They were behind a > >> DLink box, and using DHCP from that box. I determined what DNS servers > >> the DLink was using, and tried to access them directly from the > >> workstation. I could ping them, but when using them as the workstations > >> DNS servers they failed as well. I next ran nslookup and tried to > >> resolve the host in question. The response - from Shaw's server > >> (identified by name) was that the name could not be resolved. Ergo, > >> trying a different server fixed the problem. I knew it was not due to a > >> change in the domain name, as we control that and hadn't done any > >> changes in more than a year. > >> > >> A little wordy for a response I know, but hopefully this helps out.... > >> > >> Shawn > >> > >> Martin Glazer wrote: > >>> I'm completely baffled by this.... > >>> > >>> >From my workstation (Gentoo/KDE), I cannot access some websites > >>> > >>> (www.contribs.org being the main one I need). The request goes out but > >>> then I don't receive anything in response and eventually the browser > >>> times out. > >>> > >>> I have tried with Konqueror, FireFox and even telnetted to port 80 - > >>> > >>> [EMAIL PROTECTED] ~ $ telnet contribs.org 80 > >>> Trying 216.17.211.37... > >>> Connected to contribs.org. > >>> Escape character is '^]'. > >>> GET HTTP/1.1 > >>> > >>> <<hit enter a few times>> > >>> > >>> Connection closed by foreign host. > >>> [EMAIL PROTECTED] ~ $ > >>> > >>> > >>> I've tried under a different used ID, under root and even changed > >>> machine IP. The machine is sitting on my internal network behind a > >>> Linux firewall. There is no firewall/iptables running on this > >>> workstation. > >>> > >>> Other machines on my internal network (Linux and Windows) have no > >>> problem accessing these sites, so it is not the firewall > >>> . > >>> I can access most other sites on the internet without a problem from > >>> this machine. > >>> > >>> I used to be able to access these sites before. > >>> > >>> Any suggestions? > >>> > >>> Baffled > > > > _______________________________________________ > > clug-talk mailing list > > [email protected] > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > **Please remove these lines when replying > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
