[ale] Using tcpdump to diagnose website connecting

[Mike Millson]

James,

The html headers mrslim is apparently running on Apache on Unix:
Apache/1.3.9 (Unix). Unless the header is forged, mrslim isn't on an IIS
server.

Mike 

On Thu, 2003-04-24 at 20:14, James P. Kinney III wrote:
> M$ has  a broken tcp stack (still). It will ignore the the initial state
> connection flags. This is especially  problem with unpatched IIS servers
> servers that ignore the initiating SYN/ACK on an http connection. 
> 
> On Thu, 2003-04-24 at 19:41, Mike Millson wrote:
> > I have a RH 7.1 box that I am using as a router and does NAT to share my
> > ADSL connection with a Windoze 2K machine.
> > 
> > I cannot connect to www.mrslim.com from the Linux box; however, I can
> > from the Windoze box.
> > 
> > Using tcpdump, I see the difference in the connections is that the
> > Windoze SYN is ACK'd, but the Linux SYN is not.
> > 
> > Here are the relevant tcpdump lines:
> > 
> > Router/Server:
> > 16:56:08.050143 68.157.175.145.53263 > 216.237.21.5.http: SWE
> > 1875630922:1875630922(0) win 5808 <mss 1452,sackOK,timestamp 852565069
> > 0,nop,wscale 0> (DF)
> > 
> > Windoze machine:
> > 17:05:05.346259 68.157.175.145.3490 > 216.237.21.5.http: S
> > 3816606182:3816606182(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
> > 
> > I'm running iptables, and any packets I reject are logged. I don't see
> > any rejected packets logged when the SYN is not answered - just the
> > connection times out after multiple SYN requests are not answered.
> > 
> > Can anyone shed any light what is going on here why the Linux SYN is not
> > being answered and how I can fix this? How come the linux box issues an
> > SWE request instead of just S? What is SWE?
> > 
> > Thank you,
> > Mike
> > 
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale