nanog mailing list archives

RE: Router / Protocol Problem

From: "Jeff Jirsa" <jjirsa () 2advanced com>
Date: Thu, 7 Sep 2006 09:22:33 -0700


On Sep 6, 2006, at 9:04 AM, Mike Walter wrote:

Recently with no changes to my network, I have been having problems  
connecting to certain websites and mail servers.  I am always able  
to ping the sites and trace route without error.  If I telnet to  
port 80 or port 25 it does not connect.  If I login to my router  
and telnet sourcing my each of Internet Providers ports, I am able  
to get to the sites.  I have talked with all the providers and none


Check a packet dump and see if your affected boxes are sending SWE (SYN
with ECN enabled) instead of plain SYN packets. Some firewalls (at least
default m0n0wall and older PIX) reject and dump ECN syn packets while
allowing pure syns through. If your affected peer has you running
through some weird filter that's dropping SWE packets, this would cause
symptoms exactly as you're seeing - ping is fine, traceroute is fine,
but TCP sessions never complete the handshake (as the receiving side
never got the first SYN).

- J

Current thread:

Re: Router / Protocol Problem, (continued)
- - - Re: Router / Protocol Problem Christopher L. Morrow (Sep 06)
    - Re: Router / Protocol Problem Rodney Dunn (Sep 06)
- RE: Router / Protocol Problem Mike Walter (Sep 07)
  - Re: Router / Protocol Problem John Kristoff (Sep 07)
    - Re: Router / Protocol Problem Sam Stickland (Sep 07)
    - Re: Router / Protocol Problem Travis Hassloch (Sep 07)
- RE: Router / Protocol Problem Hank Nussbacher (Sep 07)
  - RE: Router / Protocol Problem Michael . Dillon (Sep 07)
    - Re: Router / Protocol Problem Robert E . Seastrom (Sep 07)
  - Re: Router / Protocol Problem Laurence F. Sheldon, Jr. (Sep 07)
- RE: Router / Protocol Problem Jeff Jirsa (Sep 07)