Re: Can't browse to some sites.
Dotan Shavit wrote: On Tuesday 15 January 2008, David Harel wrote: Tried to use pastebin.com but the file is binary. Any suggestion? Open the file with ethereal (AKA wireshark) and look for the following packets: 1. DNS query 2. DNS reply 3. SYN 4. SYN ACK (probably missing) Which packets are missing? After initiating the request (DNS OK, Some lines are in red on black and have some red lines in the description): 203.636778192.168.1.5213.8.106.67TCP60098 http [SYN] Seq=0 Win=5648 Len=0 MSS=1412 TSV=3347876 TSER=0 WS=2 213.654125213.8.106.67192.168.1.5TCPhttp 60098 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1360 WS=0 TSV=0 TSER=023 3.656709192.168.1.5213.8.106.67HTTPGET / HTTP/1.0 223.654141192.168.1.5213.8.106.67TCP60098 http [ACK] Seq=1 Ack=1 Win=5648 Len=0 TSV=3347877 TSER=0 233.656709192.168.1.5213.8.106.67HTTPGET / HTTP/1.0 243.709561213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #25] 253.710717213.8.106.67192.168.1.5HTTPHTTP/1.1 200 OK (text/html) 263.716829213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #27] 273.717623213.8.106.67192.168.1.5HTTPContinuation or non-HTTP traffic 283.724516213.8.106.67192.168.1.5TCP[TCP Dup ACK 27#1] http 60098 [ACK] Seq=2721 Ack=223 Win=65535 Len=0 TSV=5734292 TSER=3347878 314.710162213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #32] 324.710727213.8.106.67192.168.1.5HTTP[TCP Retransmission] HTTP/1.1 200 OK (text/html) 366.709628213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #37] 376.710197213.8.106.67192.168.1.5HTTP[TCP Retransmission] HTTP/1.1 200 OK (text/html) Last retransmit and ip fragmented lines reappear many times. # Let's try to debug this. Shachar -- Regards. David Harel, == Home office +972 77 7657645 Fax:+972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED]
Re: Can't browse to some sites.
Some lines are missing (e.g. 29, 30) so we can't tell if your machine is ACKing the received packets. Is it? Does ethereal give more info about the red lines? # On Wednesday 16 January 2008, David Harel wrote: Dotan Shavit wrote: On Tuesday 15 January 2008, David Harel wrote: Tried to use pastebin.com but the file is binary. Any suggestion? Open the file with ethereal (AKA wireshark) and look for the following packets: 1. DNS query 2. DNS reply 3. SYN 4. SYN ACK (probably missing) Which packets are missing? After initiating the request (DNS OK, Some lines are in red on black and have some red lines in the description): 203.636778192.168.1.5213.8.106.67TCP60098 http [SYN] Seq=0 Win=5648 Len=0 MSS=1412 TSV=3347876 TSER=0 WS=2 213.654125213.8.106.67192.168.1.5TCPhttp 60098 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1360 WS=0 TSV=0 TSER=023 3.656709192.168.1.5213.8.106.67HTTPGET / HTTP/1.0 223.654141192.168.1.5213.8.106.67TCP60098 http [ACK] Seq=1 Ack=1 Win=5648 Len=0 TSV=3347877 TSER=0 233.656709192.168.1.5213.8.106.67HTTPGET / HTTP/1.0 243.709561213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #25] 253.710717213.8.106.67192.168.1.5HTTPHTTP/1.1 200 OK (text/html) 263.716829213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #27] 273.717623213.8.106.67192.168.1.5HTTPContinuation or non-HTTP traffic 283.724516213.8.106.67192.168.1.5TCP[TCP Dup ACK 27#1] http 60098 [ACK] Seq=2721 Ack=223 Win=65535 Len=0 TSV=5734292 TSER=3347878 314.710162213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #32] 324.710727213.8.106.67192.168.1.5HTTP[TCP Retransmission] HTTP/1.1 200 OK (text/html) 366.709628213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #37] 376.710197213.8.106.67192.168.1.5HTTP[TCP Retransmission] HTTP/1.1 200 OK (text/html) Last retransmit and ip fragmented lines reappear many times. # Let's try to debug this. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Can't browse to some sites.
Dotan Shavit wrote: Some lines are missing (e.g. 29, 30) so we can't tell if your machine is ACKing the received packets. Is it? Missing packages are of different IP. Does ethereal give more info about the red lines? All red lines have bad checksum errors. (took me a while to figure out how to get details). Hare is an example: Transmission Control Protocol, Src Port: http (80), Dst Port: 60098 (60098), Seq: 1, Ack: 223, Len: 1360 Source port: http (80) Destination port: 60098 (60098) Sequence number: 1(relative sequence number) Next sequence number: 1361(relative sequence number) Acknowledgement number: 223(relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... = Congestion Window Reduced (CWR): Not set .0.. = ECN-Echo: Not set ..0. = Urgent: Not set ...1 = Acknowledgment: Set 0... = Push: Not set .0.. = Reset: Not set ..0. = Syn: Not set ...0 = Fin: Not set Window size: 65535 Checksum: 0xbb79 [incorrect, should be 0x62dd (maybe caused by TCP checksum offload?)] Good Checksum: False Bad Checksum: True Options: (12 bytes) NOP NOP Timestamps: TSval 5740292, TSecr 3347878 SEQ/ACK analysis TCP Analysis Flags The RTO for this segment was: 2.992574000 seconds RTO based on delta from frame: 27 # On Wednesday 16 January 2008, David Harel wrote: Dotan Shavit wrote: On Tuesday 15 January 2008, David Harel wrote: Tried to use pastebin.com but the file is binary. Any suggestion? Open the file with ethereal (AKA wireshark) and look for the following packets: 1. DNS query 2. DNS reply 3. SYN 4. SYN ACK (probably missing) Which packets are missing? After initiating the request (DNS OK, Some lines are in red on black and have some red lines in the description): 203.636778192.168.1.5213.8.106.67TCP60098 http [SYN] Seq=0 Win=5648 Len=0 MSS=1412 TSV=3347876 TSER=0 WS=2 213.654125213.8.106.67192.168.1.5TCPhttp 60098 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1360 WS=0 TSV=0 TSER=023 3.656709192.168.1.5213.8.106.67HTTPGET / HTTP/1.0 223.654141192.168.1.5213.8.106.67TCP60098 http [ACK] Seq=1 Ack=1 Win=5648 Len=0 TSV=3347877 TSER=0 233.656709192.168.1.5213.8.106.67HTTPGET / HTTP/1.0 243.709561213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #25] 253.710717213.8.106.67192.168.1.5HTTPHTTP/1.1 200 OK (text/html) 263.716829213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #27] 273.717623213.8.106.67192.168.1.5HTTPContinuation or non-HTTP traffic 283.724516213.8.106.67192.168.1.5TCP[TCP Dup ACK 27#1] http 60098 [ACK] Seq=2721 Ack=223 Win=65535 Len=0 TSV=5734292 TSER=3347878 314.710162213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #32] 324.710727213.8.106.67192.168.1.5HTTP[TCP Retransmission] HTTP/1.1 200 OK (text/html) 366.709628213.8.106.67192.168.1.5IPFragmented IP protocol (proto=TCP 0x06, off=0) [Reassembled in #37] 376.710197213.8.106.67192.168.1.5HTTP[TCP Retransmission] HTTP/1.1 200 OK (text/html) Last retransmit and ip fragmented lines reappear many times. # Let's try to debug this. Shachar -- Regards. David Harel, == Home office +972 77 7657645 Fax:+972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED]
Re: Can't browse to some sites.
Hi, I would guess MTU issues, use (temporarily): ifconfig eth0 mtu 1400 eth0 should be the network/ppp interface you use, if you are connected through a router, and he is the PPP connector use ethN otherwise use pppN On Tuesday 15 January 2008 10:19:37 you wrote: Hi there, At first this sounds real stupid so I apologize. I fail to connect to zap.co.il. other computers (MS) on my network go there with out any problems but another Gentoo (k2.4 and not updated at all) also fails to connect. Didn't notice any other site with similar problems. I tried everything I could. 1. removed all protection definition on the firewall. 2. removed all port forwarding on the firewall. 3. removed all services on my client. 4. changed my IP 5. switched to wireless connection. 6. tried different browsers such as FF, LYNX, IEs for Linux (IE6 on wine), Opera (lynx says: HTTP request sent; waiting for response). 7. tried via different user. 8. telnet zap.co.il 80 9. use older kernel 2.6.20-gentoo-r8. 10. check if I have iptables filtering things. My current configuration: Gentoo updated almost to the last bit. (had trouble with openssh openssl...) Kernel 2.6.23-gentoo-r3 HW: Fujitsu Siemens S7020 laptop (intel dual...w 2G) -- Noam Rathaus CTO [EMAIL PROTECTED] http://www.beyondsecurity.com Know that you are safe. Beyond Security Finalist for the Red Herring 100 Global Awards 2007 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Can't browse to some sites.
Thanks Noam Rathaus wrote: Hi, I would guess MTU issues, use (temporarily): ifconfig eth0 mtu 1400 Didn't help. eth0 should be the network/ppp interface you use, if you are connected through a router, and he is the PPP connector use ethN otherwise use pppN On Tuesday 15 January 2008 10:19:37 you wrote: Hi there, At first this sounds real stupid so I apologize. I fail to connect to zap.co.il. other computers (MS) on my network go there with out any problems but another Gentoo (k2.4 and not updated at all) also fails to connect. Didn't notice any other site with similar problems. I tried everything I could. 1. removed all protection definition on the firewall. 2. removed all port forwarding on the firewall. 3. removed all services on my client. 4. changed my IP 5. switched to wireless connection. 6. tried different browsers such as FF, LYNX, IEs for Linux (IE6 on wine), Opera (lynx says: HTTP request sent; waiting for response). 7. tried via different user. 8. telnet zap.co.il 80 9. use older kernel 2.6.20-gentoo-r8. 10. check if I have iptables filtering things. My current configuration: Gentoo updated almost to the last bit. (had trouble with openssh openssl...) Kernel 2.6.23-gentoo-r3 HW: Fujitsu Siemens S7020 laptop (intel dual...w 2G) -- Regards. David Harel, == Home office +972 77 7657645 Fax:+972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED]
Re: Can't browse to some sites.
I had that issue before with another router (EDIMAX) and then I switched to Linksys. I would suggest to set the MTU to 1452 and see if that works. Thanks, Hetz On Jan 15, 2008 10:40 AM, David Harel [EMAIL PROTECTED] wrote: Thanks Noam Rathaus wrote: Hi, I would guess MTU issues, use (temporarily): ifconfig eth0 mtu 1400 Didn't help. eth0 should be the network/ppp interface you use, if you are connected through a router, and he is the PPP connector use ethN otherwise use pppN On Tuesday 15 January 2008 10:19:37 you wrote: Hi there, At first this sounds real stupid so I apologize. I fail to connect to zap.co.il. other computers (MS) on my network go there with out any problems but another Gentoo (k2.4 and not updated at all) also fails to connect. Didn't notice any other site with similar problems. I tried everything I could. 1. removed all protection definition on the firewall. 2. removed all port forwarding on the firewall. 3. removed all services on my client. 4. changed my IP 5. switched to wireless connection. 6. tried different browsers such as FF, LYNX, IEs for Linux (IE6 on wine), Opera (lynx says: HTTP request sent; waiting for response). 7. tried via different user. 8. telnet zap.co.il 80 9. use older kernel 2.6.20-gentoo-r8. 10. check if I have iptables filtering things. My current configuration: Gentoo updated almost to the last bit. (had trouble with openssh openssl...) Kernel 2.6.23-gentoo-r3 HW: Fujitsu Siemens S7020 laptop (intel dual...w 2G) -- Regards. David Harel, == Home office +972 77 7657645 Fax: +972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED] -- Skepticism is the lazy person's default position. my blog (hebrew): http://benhamo.org = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Can't browse to some sites.
Thanks for your help. Hetz Ben Hamo wrote: I had that issue before with another router (EDIMAX) and then I switched to Linksys. If it was the router, wouldn't other machines on my network have the same problem? I would suggest to set the MTU to 1452 and see if that works. Tried both 1400 and 1452. No good. Thanks, Hetz On Jan 15, 2008 10:40 AM, David Harel [EMAIL PROTECTED] wrote: Thanks Noam Rathaus wrote: Hi, I would guess MTU issues, use (temporarily): ifconfig eth0 mtu 1400 Didn't help. eth0 should be the network/ppp interface you use, if you are connected through a router, and he is the PPP connector use ethN otherwise use pppN On Tuesday 15 January 2008 10:19:37 you wrote: Hi there, At first this sounds real stupid so I apologize. I fail to connect to zap.co.il. other computers (MS) on my network go there with out any problems but another Gentoo (k2.4 and not updated at all) also fails to connect. Didn't notice any other site with similar problems. I tried everything I could. 1. removed all protection definition on the firewall. 2. removed all port forwarding on the firewall. 3. removed all services on my client. 4. changed my IP 5. switched to wireless connection. 6. tried different browsers such as FF, LYNX, IEs for Linux (IE6 on wine), Opera (lynx says: HTTP request sent; waiting for response). 7. tried via different user. 8. telnet zap.co.il 80 9. use older kernel 2.6.20-gentoo-r8. 10. check if I have iptables filtering things. My current configuration: Gentoo updated almost to the last bit. (had trouble with openssh openssl...) Kernel 2.6.23-gentoo-r3 HW: Fujitsu Siemens S7020 laptop (intel dual...w 2G) -- Regards. David Harel, == Home office +972 77 7657645 Fax: +972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED] -- Regards. David Harel, == Home office +972 77 7657645 Fax:+972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED]
Re: Can't browse to some sites.
On Tuesday 15 January 2008 David Harel wrote: Noam Rathaus wrote: Hi, I would guess MTU issues, use (temporarily): ifconfig eth0 mtu 1400 Didn't help. Try: echo 409616384 131072 /proc/sys/net/ipv4/tcp_wmem echo 409687380 174760 /proc/sys/net/ipv4/tcp_rmem (I used to have the same problem and the above fixed it for me). - Aviram = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Can't browse to some sites.
David Harel wrote: Same (didn't help). Seems to me as something basic in Linux kernel. Use tcpdump with the -w option and also -s 65535 to capture the traffic and post it somewhere. Let's try to debug this. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Can't browse to some sites.
Aviram Jenik wrote: ifconfig eth0 mtu 1400 Didn't help. Try: echo 409616384 131072 /proc/sys/net/ipv4/tcp_wmem echo 409687380 174760 /proc/sys/net/ipv4/tcp_rmem Same (didn't help). Seems to me as something basic in Linux kernel. (I used to have the same problem and the above fixed it for me). - Aviram -- Regards. David Harel, == Home office +972 77 7657645 Fax:+972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED]
Re: Can't browse to some sites.
I had a similar problem. What I did was to set manually the DNS to use and that solved the problem. -- Ori idan David Harel wrote: Hi there, At first this sounds real stupid so I apologize. I fail to connect to zap.co.il. other computers (MS) on my network go there with out any problems but another Gentoo (k2.4 and not updated at all) also fails to connect. Didn't notice any other site with similar problems. I tried everything I could. 1. removed all protection definition on the firewall. 2. removed all port forwarding on the firewall. 3. removed all services on my client. 4. changed my IP 5. switched to wireless connection. 6. tried different browsers such as FF, LYNX, IEs for Linux (IE6 on wine), Opera (lynx says: HTTP request sent; waiting for response). 7. tried via different user. 8. telnet zap.co.il 80 9. use older kernel 2.6.20-gentoo-r8. 10. check if I have iptables filtering things. My current configuration: Gentoo updated almost to the last bit. (had trouble with openssh openssl...) Kernel 2.6.23-gentoo-r3 HW: Fujitsu Siemens S7020 laptop (intel dual...w 2G) -- Regards. David Harel, == Home office +972 77 7657645 Fax:+972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Can't browse to some sites.
Shachar Shemesh wrote: David Harel wrote: Same (didn't help). Seems to me as something basic in Linux kernel. Use tcpdump with the -w option and also -s 65535 to capture the traffic and post it somewhere. Tried to use pastebin.com but the file is binary. Any suggestion? Let's try to debug this. Shachar -- Regards. David Harel, == Home office +972 77 7657645 Fax:+972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Can't browse to some sites.
On Tuesday 15 January 2008, David Harel wrote: Shachar Shemesh wrote: David Harel wrote: Same (didn't help). Seems to me as something basic in Linux kernel. Use tcpdump with the -w option and also -s 65535 to capture the traffic and post it somewhere. Tried to use pastebin.com but the file is binary. Any suggestion? Open the file with ethereal (AKA wireshark) and look for the following packets: 1. DNS query 2. DNS reply 3. SYN 4. SYN ACK (probably missing) Which packets are missing? # Let's try to debug this. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
