I'm having problems making TCP connections using fedora core 2. Basically the connection fails the first time, but succeeds on the second try. Here's a typical tcpdump output: 21:03:55.440626 IP 192.168.2.5.32770 > 158.152.1.58.domain: 24038+% [1au] AAAA? www.slashdot.org. (45) 21:03:55.634467 IP 158.152.1.58.domain > 192.168.2.5.32770: 24038 0/1/1 (104) 21:03:55.638763 IP 192.168.2.5.32770 > 158.152.1.58.domain: 55126+% [1au] A? www.slashdot.org. (45) 21:03:55.663188 IP 158.152.1.58.domain > 192.168.2.5.32770: 55126 1/0/1 A 66.35.250.151 (61) 21:03:55.667139 IP 192.168.2.5.32770 > 158.152.1.58.domain: 27563+% [1au] PTR? 151.250.35.66.in-addr.arpa. (55) 21:03:55.693671 IP 158.152.1.58.domain > 192.168.2.5.32770: 27563 2/0/1 CNAME 151.0/24.250.35.66.in-addr.arpa., PTR star.slashdot.org. (109) 21:03:55.695857 IP 192.168.2.5.32770 > 158.152.1.58.domain: 12851+% [1au] PTR? 151.0/24.250.35.66.in-addr.arpa. (60) 21:03:55.722429 IP 158.152.1.58.domain > 192.168.2.5.32770: 12851 1/0/1 PTR star.slashdot.org. (91) 21:04:00.439395 arp who-has 192.168.2.2 tell 192.168.2.5 21:04:00.439866 arp reply 192.168.2.2 is-at 02:60:8c:a9:c5:2b 21:04:38.863595 arp who-has 192.168.2.5 tell 192.168.2.2 21:04:38.863629 arp reply 192.168.2.5 is-at 00:a0:c9:44:70:f9 21:04:39.395528 IP 192.168.2.5.33034 > 66.35.250.151.http: S 3814521770:3814521770(0) win 5840 <mss 1460,sackOK,timestamp 11851250 0,nop,wscale 0> 21:04:39.569715 IP 66.35.250.151.http > 192.168.2.5.33034: S 3763613294:3763613294(0) ack 3814521771 win 5792 <mss 1460,sackOK,timestamp 47247504 11851250,nop,wscale 0> 21:04:39.569818 IP 192.168.2.5.33034 > 66.35.250.151.http: . ack 1 win 5840 <nop,nop,timestamp 11851424 47247504> 21:04:39.570133 IP 192.168.2.5.33034 > 66.35.250.151.http: P 1:426(425) ack 1 win 5840 <nop,nop,timestamp 11851425 47247504> 21:04:39.760805 IP 66.35.250.151.http > 192.168.2.5.33034: . ack 426 win 6432 <nop,nop,timestamp 47247523 11851425> In the above: 192.168.2.5 is the Fedora Core 2 box where the problem lies, 158.152.1.58 is one of my ISP's nameservers 192.168.2.2 is the default router (a RH9 box) 66.35.250.151 is a machine at slashdot. So ... first attempt at 21:03:55 does a DNS lookup for the site, but does not attempt to connect. Then there is an exchange of arp packets (huh? how did the dns request work if we didn't have the router's MAC address?). Then the second attempt at 21:04:39 works, with no DNS lookup. Attempting this with telnet produces an error message: telnet: connect to address xxx.xxx.xxx.xxx: Resource temporarily unavailable telnet: Unable to connect to remote host: Resource temporarily unavailable This is with BIND running locally (and providing DNS service for a couple of windows boxes on the internal LAN, which connect out with no problems). The effect is similar if I bypass the local BIND by pointing resolv.conf directly at 158.152.1.58. I've tried enabling/disabling IPV6 and messed around with MTUs to no avail. Questions: 1. Has anyone else seen this or is it just me? (someone told me it had been seen before, but I haven't found anything in the archives of this list or comp.os.linux.*) 2. Where should I look next? Peter -- Peter Greenwood peterg@xxxxxxxxxxxxxxxx 01253 827304 07802 666591 http://www.reel.demon.co.uk
