xendrome Posted June 7, 2015 Author Share Posted June 7, 2015 Haggis, what error do you get when you try to access that URL? Link to comment Share on other sites More sharing options...
Haggis Veteran Posted June 7, 2015 Veteran Share Posted June 7, 2015 Not available when i try to ping i also get $ ping http://www.swdirectconnect.com ping: unknown host http://www.swdirectconnect.com Link to comment Share on other sites More sharing options...
xendrome Posted June 7, 2015 Author Share Posted June 7, 2015 Try http://secure.swdirectconnect.com Link to comment Share on other sites More sharing options...
Haggis Veteran Posted June 7, 2015 Veteran Share Posted June 7, 2015 still nothing and all is well in my network haggis@haggis-laptop ~ $ ping http://secure.swdirectconnect.com ping: unknown host http://secure.swdirectconnect.com haggis@haggis-laptop ~ $ ping google.com PING google.com (216.58.210.14) 56(84) bytes of data. 64 bytes from lhr08s06-in-f14.1e100.net (216.58.210.14): icmp_seq=1 ttl=58 time=23.1 ms Link to comment Share on other sites More sharing options...
DaveLegg Developer Posted June 7, 2015 Developer Share Posted June 7, 2015 still nothing and all is well in my network haggis@haggis-laptop ~ $ ping http://secure.swdirectconnect.com ping: unknown host http://secure.swdirectconnect.com haggis@haggis-laptop ~ $ ping google.com PING google.com (216.58.210.14) 56(84) bytes of data. 64 bytes from lhr08s06-in-f14.1e100.net (216.58.210.14): icmp_seq=1 ttl=58 time=23.1 ms You need to take the http bit off to ping, just use the hostname xendrome 1 Share Link to comment Share on other sites More sharing options...
Haggis Veteran Posted June 7, 2015 Veteran Share Posted June 7, 2015 You need to take the http bit off to ping, just use the hostname good shout haggis@haggis-laptop ~ $ ping secure.swdirectconnect.com PING secure.swdirectconnect.com (68.68.208.40) 56(84) bytes of data. just sits there for ages doing nothing same without the secure. Link to comment Share on other sites More sharing options...
xendrome Posted June 7, 2015 Author Share Posted June 7, 2015 Ok gotcha, the site may be Geo-IP filtering Scotland. So not surprised. The admin at the other end is using a Sonicwall also and I know he told me he had Geo-IP filtering enabled. Link to comment Share on other sites More sharing options...
Haggis Veteran Posted June 7, 2015 Veteran Share Posted June 7, 2015 Yeah your right can access it through a proxy xendrome 1 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 7, 2015 MVC Share Posted June 7, 2015 Dude if x1 is your interface on the outside -- your seeing RST there.. So they sent it *Packet number: 9* Header Values: Bytes captured: 54, Actual Bytes on the wire: 54 Packet Info(Time:06/07/2015 11:44:55.800): in:X1*(interface), out:X0, Forwarded, 2:2) Ethernet Header Ether Type: IP(0x800), Src=[ac:b3:13:0f:86:77], Dst=[18:03:73:49:24:2f] IP Packet Header IP Type: TCP(0x6), Src=[68.68.208.40], Dst=[172.16.50.210] TCP Packet Header TCP Flags = [ACK,RST,], Src=[443], Dst=[57612], Checksum=0x6d9 Link to comment Share on other sites More sharing options...
xendrome Posted June 7, 2015 Author Share Posted June 7, 2015 X1 is the WAN interface, X0 is LAN, think the remote site is blocking our IP then? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 8, 2015 MVC Share Posted June 8, 2015 They are clearly sending you RST it would seem. Which means I don't want to talk to you close this session.. Not a fin, hey I am done talking you done -- but RST I would contact them, tell them to for starters fix their horrific HTTPS setup.. It is just pathetic.. And while your at it ask them why they are sending you RST when you connect from IP X, but not a problem from IP Y, etc.. Link to comment Share on other sites More sharing options...
xendrome Posted June 9, 2015 Author Share Posted June 9, 2015 Budman, sent you a PM with additional info on this, more detail then before on Packet Captures data. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 13, 2015 MVC Share Posted June 13, 2015 yeah that data just shows the same thing - they are sending you RST.. The duplicates are because your sniffing on both interfaces and seeing packets twice is what it looks like to me. You seeing same packets from 18:b1:69:07:89:14, and :1e And even the one that works looks horrific with retrans and why so many duplicate packets.. Now sure if it is how you sniffed on the out of order and duplicates, but there are retrans in there as well. Link to comment Share on other sites More sharing options...
Recommended Posts