[vox-tech] Apache2 problems

Chanoch (Ken) Bloom kbloom at gmail.com
Tue Aug 10 15:41:06 PDT 2010


On Tue, 2010-08-10 at 16:49 -0400, Peter Salzman wrote:
> Interesting -- I didn't know that the sites were read in alpha order.
> Also, I guess the wildcard for the NameVirtualHost is a better idea.
> 
> Unfortunately, didn't fix the problem, but more weirdness came up.   I
> can't telnet to dirac.org port 80, which would explain why the logs
> aren't being touched.   But then I'm at a loss as to how tcpdump
> apparently sees the connection:
> 
>  tcpdump -i eth0 tcp port 80
> 
> 16:40:32.104293 IP ny-131.foo.com.10096 > satan.www: Flags [S], seq
> 1653467397, win 64512, options [mss 1460,nop,nop,sackOK], length 0
> 
> 16:40:32.104314 IP satan.www > ny-131.foo.com.10096: Flags [S.], seq
> 329481650, ack 1653467398, win 5840, options [mss
> 1460,nop,nop,sackOK], length 0

You're running tcpdump on your server. The first packet is the SYN that
ny-131.foo.com sends to request the connection. The second packet is
satan.www's response. I'm not familiar with tcpdump output, but this
looks like satan.www's is a valid SYN -ACK packet agreeing to open the
connection, and acknowledging ny-131.foo.com's request. The next packet
is missing: that's supposed to be a packet from ny-131.foo.com ACKing
satan.www's response and starting to send data.

If you have those three packets, then a connection was never started,
and telnet would quite reasonably think it can't reach the port.

> It looks like the packets are getting forwarded correctly, but nobody
> is listening.  The port is set correctly in /etc/apache2/ports.conf
> and I verified that apache2 is indeed running.   It's such a
> mystery!  :-(

Why not take a look at it with Wireshark and see if that sheds any light
on the matter -- the Wireshark GUI can show much more information abut
these packets including their data, and it can dissect individual
packets for you, or show you the text content of a TCP connection.

--Ken


More information about the vox-tech mailing list