I've got a problem with an internet connection that is causing corrupt downloads from selected locations notably the Norton antivirus update site.
I'm getting the following output from tcpdump when downloading: eg. wget
formatting link
]# tcpdump port 80 tcpdump: listening on eth0
00:15:02.467793 srv-001.34278 > 203.147.56.230.http: S
893928169:893928169(0) win 5840 (DF)
00:15:02.505943 203.147.56.230.http > srv-001.34278: S
2745254075:2745254075(0) ack 893928170 win 5792 (DF)
00:15:02.506041 srv-001.34278 > 203.147.56.230.http: . ack 1 win 5840 (DF)
00:15:02.506901 srv-001.34278 > 203.147.56.230.http: P 1:139(138) ack 1 win 5840 (DF)
00:15:02.559360 203.147.56.230.http > srv-001.34278: . ack 139 win 5792 (DF)
00:15:02.608380 203.147.56.230.http > srv-001.34278: . 1:1401(1400) ack
139 win 5792 (frag
48159:1432@0+)
00:15:02.609319 srv-001.34278 > 203.147.56.230.http: . ack 1441 win
8640 (DF)
00:15:02.637621 203.147.56.230.http > srv-001.34278: . 1441:2841(1400) ack 139 win 5792 (frag
48160:1432@0+)
00:15:02.638452 srv-001.34278 > 203.147.56.230.http: . ack 2881 win
11520 (DF)
00:15:02.666490 203.147.56.230.http > srv-001.34278: P 2881:4281(1400) ack 139 win 5792 (frag
48161:1432@0+)
00:15:02.667565 srv-001.34278 > 203.147.56.230.http: . ack 4321 win
14400 (DF)
00:15:02.754391 203.147.56.230.http > srv-001.34278: . 4321:5721(1400) ack 139 win 5792 (frag
48162:1432@0+)
00:15:02.755739 srv-001.34278 > 203.147.56.230.http: . ack 5761 win
17280 (DF)
00:15:02.783075 203.147.56.230.http > srv-001.34278: . 5761:7161(1400) ack 139 win 5792 (frag
48163:1432@0+)
00:15:02.784486 srv-001.34278 > 203.147.56.230.http: . ack 7201 win
20160 (DF)
00:15:02.812262 203.147.56.230.http > srv-001.34278: P 7201:8601(1400) ack 139 win 5792 (frag
48164:1432@0+)
00:15:02.813098 srv-001.34278 > 203.147.56.230.http: . ack 8641 win
23040 (DF)
00:15:02.841202 203.147.56.230.http > srv-001.34278: . 8641:10041(1400) ack 139 win 5792 (frag
48165:1432@0+)
and so on until:
00:15:25.127738 203.147.56.230.http > srv-001.34278: P 1023841:1025241(1400) ack 139 win 5792 (frag 48870:1432@0+) 00:15:25.156780 203.147.56.230.http > srv-001.34278: P 1025281:1026681(1400) ack 139 win 5792 (frag 48871:1432@0+) 00:15:25.156854 srv-001.34278 > 203.147.56.230.http: . ack 1026714 win 34560 (DF) 00:15:25.159200 srv-001.34278 > 203.147.56.230.http: F 139:139(0) ack 1026714 win 34560 (DF) 00:15:25.210642 203.147.56.230.http > srv-001.34278: F 1026714:1026714(0) ack 140 win 5792 (DF) 00:15:25.210696 srv-001.34278 > 203.147.56.230.http: . ack 1026715 win 34560 (DF)There appears to be some strange fragmentation problem here, but I'm at a loss as to how to troubleshoot it further - any suggestions on decyphering this output, or where to go from here?