[afnog] connection to www.cnn.com
Brian Candler
B.Candler at pobox.com
Tue Jun 6 13:05:53 EAT 2006
On Tue, Jun 06, 2006 at 07:54:32AM +0300, Mikisa Richard wrote:
> >Next try a tcpdump: in one window do
> >
> > tcpdump -i eth0 -n -s1500 -vX host 64.236.29.120
> >
> >and in another do
> >
> > telnet 64.236.29.120 80
> > asdfasdf
> >
> >Does the packet containing 'asdfasdf' get sent and acknowledged, or does it
> >get re-sent at increasing intervals?
> >
> >
> Gets re-sent
>
> >
> >
> >> 41.220.0.4 like I said in the previous post is filtered. Changed my
> >> test to 41.220.0.254 which is unfiltered
> >>
> >>
> >
> >Filtered on your own router, or elsewhere?
> >
> >
> My own router.
This is a Cisco router? You could try
conf t
access-list 199 permit ip any 64.236.29.120
access-list 199 permit ip 64.236.29.120 any
^Z
debug ip packet 199 detail
term mon
to look at traffic to/from that site. Then try the telnet again. It would
show if really nothing is coming back from cnn, or the packets coming back
are being dropped for some reason.
If you have any other access lists which perform packet filtering, it's a
good idea to ensure that all "deny" rules have a "log", and that there's a
"deny ip any any log" at the end of each one. However it's very strange that
only this one site is affected.
Regards,
Brian.
More information about the afnog
mailing list