On Wed, Jan 12, 2011 at 12:12 PM, John BORIS <jbo...@adphila.org> wrote:
> Adam, > Thanks that does help. The one thing I don't see when I do iptraf is > the TCP handshaking taking place. So somewhere that process is broke. I > want to make sure I dot all of my i's and cross my t's before I go to > the next level. > If you don't see a TCP handshake starting up, the conclusion I would draw is that there's nothing listening on that port. >From the original question: Now on the network side. These machines are on the same switch. same > network but are routed to the main router for the network. That router > hijacks all port 80 traffic and directs it to our web filter, well I > assume that but not sure if you can hijack http traffic. I changed the > listening port of the Web process to 8081 and then retested and got the > same results. > My gut tells me that the problem is with the "hijacks port 80" part of the process. How does that work? What kind of hardware is the router that's implementing it? (Are you sure it's happening where you think it is?) Depending on the mechanism of this hijacking, you might get various kinds of unhelpful information from TCP-level analysis. Here's a test you can try: attempt to connect with telnet to the web filter's listening port and see if it's still listening. If it is listening, then I would investigate the "I'm hijacking port 80 traffic" part of the equation to make sure it's still working properly. If it is not listening, figure that out and then attempt a normal connection again. Do note, it's very possible that both parts are broken, so don't get discouraged. :-) - Adam Compton
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
