Weird HTTP connection issue

Derick Anderson danderson at vikus.com
Mon Nov 14 19:21:50 CET 2005


I've got a weird HTTP connection issue with a particular site and I'm
wondering if anyone here can lend some help. It appears to be a
fragmentation issue, and I suspected our firewall (which I did not
write, and am in the process of completely re-doing), since the site
loads much faster from my home connection (Charter cable). However, our
test machine at work (completely outside the firewall, stock Linksys
WRT54G for a router) has the same issue.
 
A summary of what happens is this:
 
1. Client (me) requests the index page from Server 1.
2. Server 1 (not related to Servers 2 and 3) acknowledges the request
and sends a frameset containing a single HTML frame, the source of which
is Server 2.
3. Client acknowledges the transfer.
4. Server 1 closes the connection.
5. Client requests frame source from Server 2 (one of the problem
servers).
6. Server 2 acknowledges the request but sends no data. All of this
happens within half a second.
7. 75 seconds later, Server 2 and Server 3 (the other problem server)
start sending data for 4 more seconds - Client acknowledges all data.
8. Data transfer is interrupted again for about 16 seconds, after which
one of data connections is closed.
9. 31 seconds later Server 2 resets the connection that was closed in
#8.
10. 24 seconds later Client resets a connection from Server 3, which was
never closed properly. Client waited 75 seconds before resetting the
hung connection.
11. 20 seconds later Client resets a connection from Server 2. Client
waited 75 seconds for data which it finally received from Server 2, and
another 15 seconds before Server 2 closed the connection.

I've Googled the 75 second delay and it seems that TCP times out 75
seconds after a SYN if no response is received.

I've attached a summary of an Ethereal capture of the whole bit. If
needed I'll post the iptables-save of the firewall script (which the
list told me was too big to include with the rest of this).

Thanks in advance for any help,

Derick Anderson
-------------- next part --------------
"No.", "Time", "Source", "Destination", "Protocol", "Info"
"1", "0.000000", "$CLIENT", "$SERVER1", "TCP", "2528 > http [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460"
"2", "0.026500", "$SERVER1", "$CLIENT", "TCP", "http > 2528 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0"
"3", "0.026527", "$CLIENT", "$SERVER1", "TCP", "2528 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0"
"4", "0.026731", "$CLIENT", "$SERVER1", "HTTP", "GET / HTTP/1.1"
"5", "0.059920", "$SERVER1", "$CLIENT", "HTTP", "HTTP/1.1 200 OK (text/html)"
"6", "0.059944", "$SERVER1", "$CLIENT", "TCP", "http > 2528 [FIN, ACK] Seq=771 Ack=386 Win=17135 Len=0"
"7", "0.059966", "$CLIENT", "$SERVER1", "TCP", "2528 > http [ACK] Seq=386 Ack=772 Win=65535 Len=0"
"8", "0.061655", "$CLIENT", "$SERVER1", "TCP", "2528 > http [FIN, ACK] Seq=386 Ack=772 Win=65535 Len=0"
"9", "0.072897", "$CLIENT", "$SERVER2", "TCP", "2529 > http [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460"
"10", "0.092607", "$SERVER1", "$CLIENT", "TCP", "http > 2528 [ACK] Seq=772 Ack=387 Win=17135 Len=0"
"11", "0.131989", "$SERVER2", "$CLIENT", "TCP", "http > 2529 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460"
"12", "0.132023", "$CLIENT", "$SERVER2", "TCP", "2529 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0"
"13", "0.132232", "$CLIENT", "$SERVER2", "HTTP", "GET /career.html HTTP/1.1"
"14", "0.500592", "$SERVER2", "$CLIENT", "TCP", "http > 2529 [ACK] Seq=1 Ack=432 Win=65535 Len=0"
"15", "75.264719", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 200 OK[Unreassembled Packet]"
"16", "75.456533", "$CLIENT", "$SERVER2", "TCP", "2529 > http [ACK] Seq=432 Ack=1461 Win=65535 Len=0"
"17", "75.536174", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"18", "75.542045", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"19", "75.542106", "$CLIENT", "$SERVER2", "TCP", "2529 > http [ACK] Seq=432 Ack=4381 Win=65535 Len=0"
"20", "75.619316", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"21", "75.649086", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"22", "75.649130", "$CLIENT", "$SERVER2", "TCP", "2529 > http [ACK] Seq=432 Ack=7301 Win=65535 Len=0"
"23", "75.650304", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"24", "75.768743", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"25", "75.768797", "$CLIENT", "$SERVER2", "TCP", "2529 > http [ACK] Seq=432 Ack=10221 Win=65535 Len=0"
"26", "75.774518", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"27", "75.781763", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"28", "75.781813", "$CLIENT", "$SERVER2", "TCP", "2529 > http [ACK] Seq=432 Ack=13141 Win=65535 Len=0"
"29", "75.860465", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"30", "75.860505", "$SERVER2", "$CLIENT", "HTTP", "Continuation or non-HTTP traffic"
"31", "75.860531", "$CLIENT", "$SERVER2", "TCP", "2529 > http [ACK] Seq=432 Ack=14740 Win=63936 Len=0"
"32", "75.947541", "$CLIENT", "$SERVER2", "TCP", "2545 > http [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460"
"33", "75.948074", "$CLIENT", "$SERVER2", "TCP", "[TCP Window Update] 2529 > http [ACK] Seq=432 Ack=14740 Win=65535 Len=0"
"34", "76.023714", "$SERVER2", "$CLIENT", "TCP", "http > 2545 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460"
"35", "76.023760", "$CLIENT", "$SERVER2", "TCP", "2545 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0"
"36", "76.023990", "$CLIENT", "$SERVER2", "HTTP", "GET /pgformat.css HTTP/1.1"
"37", "76.107126", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"38", "76.116437", "$CLIENT", "$SERVER2", "HTTP", "GET /images/inside/header1.jpg HTTP/1.1"
"39", "76.129076", "$CLIENT", "$SERVER2", "HTTP", "GET /images/inside/header_bk.jpg HTTP/1.1"
"40", "76.176956", "$CLIENT", "$SERVER3", "TCP", "2546 > http [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460"
"41", "76.222303", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"42", "76.223850", "$CLIENT", "$SERVER2", "HTTP", "GET /flash/slogon.swf HTTP/1.1"
"43", "76.250954", "$SERVER3", "$CLIENT", "TCP", "http > 2546 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460"
"44", "76.251007", "$CLIENT", "$SERVER3", "TCP", "2546 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0"
"45", "76.251245", "$CLIENT", "$SERVER3", "HTTP", "GET /cdg_logos/copyright_ff9900.gif HTTP/1.1"
"46", "76.293403", "$SERVER2", "$CLIENT", "TCP", "http > 2545 [ACK] Seq=213 Ack=759 Win=65314 Len=0"
"47", "76.303854", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"48", "76.304177", "$CLIENT", "$SERVER2", "HTTP", "GET /images/pg_bottom.gif HTTP/1.1"
"49", "76.353338", "$SERVER3", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"50", "76.393313", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"51", "76.413685", "$CLIENT", "$SERVER2", "HTTP", "GET /images/inside/header2.jpg HTTP/1.1"
"52", "76.498965", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"53", "76.499959", "$CLIENT", "$SERVER3", "TCP", "2546 > http [ACK] Seq=385 Ack=212 Win=65324 Len=0"
"54", "76.507137", "$CLIENT", "$SERVER2", "HTTP", "GET /images/inside/email.gif HTTP/1.1"
"55", "76.599168", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"56", "76.600969", "$CLIENT", "$SERVER2", "HTTP", "GET /images/inside/right1.gif HTTP/1.1"
"57", "76.684247", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"58", "76.686245", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_home.gif HTTP/1.1"
"59", "76.774443", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"60", "76.776175", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_about.gif HTTP/1.1"
"61", "76.856635", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"62", "76.858353", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_vending.gif HTTP/1.1"
"63", "76.933925", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"64", "76.995914", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_market.gif HTTP/1.1"
"65", "77.184927", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"66", "77.185953", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_foodprogram.gif HTTP/1.1"
"67", "77.261122", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"68", "77.262928", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_fp_restraurant.gif HTTP/1.1"
"69", "77.337958", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"70", "77.339832", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_coffee.gif HTTP/1.1"
"71", "77.416408", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"72", "77.418323", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_fp_catering.gif HTTP/1.1"
"73", "77.509342", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"74", "77.510428", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_fp_fresh.gif HTTP/1.1"
"75", "77.597910", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"76", "77.599973", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_water.gif HTTP/1.1"
"77", "77.705225", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"78", "77.716742", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_commisary.gif HTTP/1.1"
"79", "77.788906", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"80", "77.791394", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_whats_new.gif HTTP/1.1"
"81", "77.866489", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"82", "77.867918", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_coverage.gif HTTP/1.1"
"83", "77.944560", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"84", "77.946413", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_career_f2.gif HTTP/1.1"
"85", "78.030763", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"86", "78.032679", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_newsletter.gif HTTP/1.1"
"87", "78.115318", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"88", "78.117103", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_contactus.gif HTTP/1.1"
"89", "78.196407", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"90", "78.197446", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_disclaimer.gif HTTP/1.1"
"91", "78.273103", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"92", "78.274977", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_privacy.gif HTTP/1.1"
"93", "78.326198", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"94", "78.327992", "$CLIENT", "$SERVER2", "HTTP", "GET /images/inside/right2.gif HTTP/1.1"
"95", "78.389657", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"96", "78.446504", "$CLIENT", "$SERVER2", "HTTP", "GET /images/nav_bottom.gif HTTP/1.1"
"97", "78.501211", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"98", "78.503722", "$CLIENT", "$SERVER2", "HTTP", "GET /images/spacer.gif HTTP/1.1"
"99", "78.556536", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"100", "78.567395", "$CLIENT", "$SERVER2", "HTTP", "GET /images/footer.gif HTTP/1.1"
"101", "78.623008", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"102", "78.624759", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_home_f2.gif HTTP/1.1"
"103", "78.683142", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"104", "78.684156", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_coffee_f2.gif HTTP/1.1"
"105", "78.749428", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"106", "78.750144", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_vending_f2.gif HTTP/1.1"
"107", "78.805877", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"108", "78.806892", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_water_f2.gif HTTP/1.1"
"109", "78.863364", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"110", "78.864445", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_commisary_f2.gif HTTP/1.1"
"111", "78.917696", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"112", "78.920160", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_coverage_f2.gif HTTP/1.1"
"113", "78.978912", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"114", "78.979976", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_newsletter_f2.gif HTTP/1.1"
"115", "79.055981", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"116", "79.057225", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_contactus_f2.gif HTTP/1.1"
"117", "79.134726", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"118", "79.185304", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_disclaimer_f2.gif HTTP/1.1"
"119", "79.264596", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"120", "79.265661", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_privacy_f2.gif HTTP/1.1"
"121", "79.342586", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"122", "79.343278", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_about_f2.gif HTTP/1.1"
"123", "79.427990", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"124", "79.429068", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_fp_fresh_f2.gif HTTP/1.1"
"125", "79.501320", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"126", "79.502413", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_fp_restraurant_f2.gif HTTP/1.1"
"127", "79.572636", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"128", "79.573721", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_fp_catering_f2.gif HTTP/1.1"
"129", "79.646210", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"130", "79.646921", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_market_f2.gif HTTP/1.1"
"131", "79.717796", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"132", "79.718906", "$CLIENT", "$SERVER2", "HTTP", "GET /images/button_whats_new_f2.gif HTTP/1.1"
"133", "79.787876", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"134", "79.919764", "$CLIENT", "$SERVER2", "TCP", "2529 > http [ACK] Seq=17305 Ack=23980 Win=65115 Len=0"
"135", "96.110082", "$SERVER2", "$CLIENT", "TCP", "http > 2529 [FIN, ACK] Seq=23980 Ack=17305 Win=65535 Len=0"
"136", "96.110132", "$CLIENT", "$SERVER2", "TCP", "2529 > http [ACK] Seq=17305 Ack=23981 Win=65115 Len=0"
"137", "127.802900", "$SERVER2", "$CLIENT", "TCP", "http > 2529 [RST] Seq=23981 Ack=4103994242 Win=0 Len=3"
"138", "151.148601", "$SERVER2", "$CLIENT", "HTTP", "HTTP/1.1 304 Not Modified"
"139", "151.148813", "$CLIENT", "$SERVER3", "TCP", "2546 > http [RST, ACK] Seq=385 Ack=212 Win=0 Len=0"
"140", "151.333419", "$CLIENT", "$SERVER2", "TCP", "2545 > http [ACK] Seq=759 Ack=423 Win=65113 Len=0"
"141", "167.825445", "$SERVER2", "$CLIENT", "TCP", "http > 2545 [FIN, ACK] Seq=423 Ack=759 Win=65535 Len=0"
"142", "167.825483", "$CLIENT", "$SERVER2", "TCP", "2545 > http [ACK] Seq=759 Ack=424 Win=65113 Len=0"
"143", "171.148273", "$CLIENT", "$SERVER2", "TCP", "2545 > http [RST, ACK] Seq=759 Ack=424 Win=0 Len=0"


More information about the netfilter mailing list