[afnog] connection to www.cnn.com

Brian Candler B.Candler at pobox.com
Wed Jun 7 11:08:06 EAT 2006 

On Wed, Jun 07, 2006 at 09:47:06AM +0300, Mikisa Richard wrote:
> # tcpdump -i eth0 -n -s1500 -vX host www.cnn.com
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 
> 1500 bytes
> 09:29:45.164908 IP (tos 0x10, ttl  64, id 4331, offset 0, flags [DF], 
> length: 60) 41.220.0.254.51611 > 64.236.16.20.80: S [tcp sum ok] 
> 2289377149:2289377149(0) win 5840 <mss 1460,sackOK,timestamp 2822038 
> 0,nop,wscale 2>
>         0x0000:  4510 003c 10eb 4000 4006 ade7 29dc 00fe  E..<.. at .@...)...
>         0x0010:  40ec 1014 c99b 0050 8875 1f7d 0000 0000  @......P.u.}....
>         0x0020:  a002 16d0 33bc 0000 0204 05b4 0402 080a  ....3...........
>         0x0030:  002b 0f96 0000 0000 0103 0302            .+..........
> 09:29:48.164363 IP (tos 0x10, ttl  64, id 4333, offset 0, flags [DF], 
> length: 60) 41.220.0.254.51611 > 64.236.16.20.80: S [tcp sum ok] 
> 2289377149:2289377149(0) win 5840 <mss 1460,sackOK,timestamp 2825038 
> 0,nop,wscale 2>
>         0x0000:  4510 003c 10ed 4000 4006 ade5 29dc 00fe  E..<.. at .@...)...
>         0x0010:  40ec 1014 c99b 0050 8875 1f7d 0000 0000  @......P.u.}....
>         0x0020:  a002 16d0 2804 0000 0204 05b4 0402 080a  ....(...........
>         0x0030:  002b 1b4e 0000 0000 0103 0302            .+.N........
> 09:29:54.163132 IP (tos 0x10, ttl  64, id 4335, offset 0, flags [DF], 
> length: 60) 41.220.0.254.51611 > 64.236.16.20.80: S [tcp sum ok] 
> 2289377149:2289377149(0) win 5840 <mss 1460,sackOK,timestamp 2831038 
> 0,nop,wscale 2>
>         0x0000:  4510 003c 10ef 4000 4006 ade3 29dc 00fe  E..<.. at .@...)...
>         0x0010:  40ec 1014 c99b 0050 8875 1f7d 0000 0000  @......P.u.}....
>         0x0020:  a002 16d0 1094 0000 0204 05b4 0402 080a  ................
>         0x0030:  002b 32be 0000 0000 0103 0302            .+2.........

So you're just sending out SYNs and not getting any responses.

If this was all you saw, I'd say it might be something simple like an old
bogon filter at their side (given that 41/8 was only allocated fairly
recently). What this doesn't explain was what you saw previously, which was
being able to establish a TCP connection but not sending any data
afterwards. It's possible that some firewall in front of their servers was
answering, I guess.

What you really want now is someone on those servers to traceroute *to*
you... quite hard to arrange :-(

Regards,

Brian.

More information about the afnog mailing list