> Some internet sites are not accessible on our server. For example, we are
> unable to connect to www.dogpile.com in any way. The site is pingable but we
> can't view their web pages or we can't telnet them even though this site works
> fine when we try from other locations.
>
> Tcpdump displays the following when we try to telnet www.dogpile.com port 80:
>
> tcpdump -vvv host www.dogpile.com
> tcpdump: listening on eth0
> 12:15:57.390000 x5.net.28105 > n60.go2net.com.http: SWE [tcp sum ok]
> 3284366252:3284366252(0) win 5840 <mss 1460,sackOK,timestamp 257394571
> 0,nop,wscale 0> (DF) (ttl 64, id 62503, len 60)
> 12:15:57.470000 n60.go2net.com.http > x5.net.28105: R [tcp sum ok] 0:0(0) ack
> 3284366253 win 5840 <mss 1460,sackOK,timestamp 257394571 0,nop,wscale 0> (ttl
> 42, id 62503, len 60)
Your host is attempting to use ECN (that's the W and E flags in the first
SYN). n60.go2net.co is probably behind a firewall that drops packets with
those flags. There's been quite a bit of discussion about this behavior -
see for instance
http://www.aciri.org/floyd/papers/draft-floyd-tcp-reset-00.txt
and discussions about this on www.securityfocus.org (search for ECN).
Your options would seem to be: Convince the n60.go2net.com to modify
their firewall, or turn off ECN on your side.
Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
