Post ADzX4ItXZJmx3sdoye by quad@weeaboo.space
(DIR) More posts by quad@weeaboo.space
(DIR) Post #ADzQHuJt2GUpDbVJoW by angristan@mstdn.io
2021-12-02T09:51:59Z
0 likes, 3 repeats
I have been having a weird issue on my mac for a few days: I can't load HTTP websites
(DIR) Post #ADzQKo5Eg7jIkI29y4 by angristan@mstdn.io
2021-12-02T09:52:31Z
0 likes, 0 repeats
- No issues with HTTPS- Not a home network issue- Tried with curl
(DIR) Post #ADzQQ4IdoY9kUGoT7g by angristan@mstdn.io
2021-12-02T09:53:28Z
0 likes, 0 repeats
- not DNS
(DIR) Post #ADzQXo55zwWqVGAQeO by quad@weeaboo.space
2021-12-02T09:54:51.811022Z
0 likes, 0 repeats
@angristan You say you tried with curl, but didn't specify whether that was successful or not.Also what's the error you get, a timeout? something else?
(DIR) Post #ADzQXxNVQrbRKxql60 by angristan@mstdn.io
2021-12-02T09:54:53Z
0 likes, 0 repeats
:thinking_hard:
(DIR) Post #ADzQiToJhiSKovPNPE by angristan@mstdn.io
2021-12-02T09:56:47Z
0 likes, 0 repeats
@quad not successful with curl eitherI get a timeout
(DIR) Post #ADzQkRPjaLHZy0qT1k by aeris@social.imirhil.fr
2021-12-02T09:57:04Z
0 likes, 0 repeats
@angristan Telnet d’abord Et vire le filtre http pour voir si le ACK/SYN passe.
(DIR) Post #ADzQm0oZS5mk38DAhs by quad@weeaboo.space
2021-12-02T09:57:27.050491Z
0 likes, 0 repeats
@angristan To all http sites? For example if you try: "curl -v http://quad.moe" that also just leads to a timeout?
(DIR) Post #ADzQr6VLiyAh91eHcO by angristan@mstdn.io
2021-12-02T09:58:17Z
0 likes, 0 repeats
@quad affirmative
(DIR) Post #ADzQrCtfxRCAyD4nMu by selea@social.linux.pizza
2021-12-02T09:58:07Z
0 likes, 0 repeats
@quad curl gives timeouts,But I assume that the issue persist on all kinds of networks and not just yours at home?But it sounds like you have some kind of application installed that blocks it or something@angristan
(DIR) Post #ADzQvgMeLBxbWHlLUG by angristan@mstdn.io
2021-12-02T09:59:10Z
0 likes, 0 repeats
@selea @quad yes, it happens on other networks as well. It's probably something I installed, yeah...
(DIR) Post #ADzQyPDyWURFEK0Ivg by quad@weeaboo.space
2021-12-02T09:59:41.073072Z
0 likes, 0 repeats
@angristan Can you try the command "lsof -i" while making http requests?It lists all current connections and I think it works on macOS. You might have to filter a bit with grep but it should show all open connections, and to where.Verify that your http connections are going where you expect them to and are not being intercepted/redirected somewhere strange
(DIR) Post #ADzR1JM0nzottN9GRk by quad@weeaboo.space
2021-12-02T10:00:13.854320Z
0 likes, 0 repeats
@angristan @selea Yes, hijacking http is typical behavior for various sketchy things. Most likely something like a VPN client, an adblocker or firewall thingy
(DIR) Post #ADzRAA7SVdNvrDYtU0 by quad@weeaboo.space
2021-12-02T10:01:48.514558Z
0 likes, 0 repeats
@angristan for example quad.moe is 185.141.156.58 or 58.185-141-156.enivest.netLeave curl in a loop and verify that it is in fact sending http requests to one of those. If not, try to figure out where it ends up, maybe it's redirected to something like 127.0.0.1 and some port, in which case "lsof -i" should also show what is listening on that ip/port
(DIR) Post #ADzRJlkhxZJrBFV8lc by quad@weeaboo.space
2021-12-02T10:03:32.954911Z
0 likes, 0 repeats
@angristan Last suggestion I can think of on the fly is running "sudo ipfw list". Which should list current firewall rules on macOS. If some application is redirecting/hijacking http requests, it's probably been done using ipfw
(DIR) Post #ADzRLpBMB964OfwiR6 by angristan@mstdn.io
2021-12-02T10:03:54Z
0 likes, 0 repeats
@aeris effectivement, rien ne passe
(DIR) Post #ADzRQjQmzM4a0ZVKhE by aeris@social.imirhil.fr
2021-12-02T10:04:45Z
0 likes, 0 repeats
@angristan Firewall faciste ?
(DIR) Post #ADzRSZggBcWKMrodI8 by jarm@qdon.space
2021-12-02T10:05:06Z
0 likes, 0 repeats
@angristan check out iptables or something like else?
(DIR) Post #ADzTdXh28ovHHCL4c4 by quad@weeaboo.space
2021-12-02T10:29:33.195312Z
0 likes, 0 repeats
@angristan Actually my bad. I forgot that macOS uses pf now. If you want to check firewall rules/forwardings it's probably "pfctl -s rules "
(DIR) Post #ADzWgAx1S5g1TSlThw by angristan@mstdn.io
2021-12-02T11:03:36Z
0 likes, 0 repeats
@aeris pas le firewall macOS en tout cas
(DIR) Post #ADzWoBaAzJi7kWtkbA by angristan@mstdn.io
2021-12-02T11:05:02Z
0 likes, 0 repeats
@quad nothing of interest with this commandI also disabled the macOS firewall entirely, but no change
(DIR) Post #ADzX4ItXZJmx3sdoye by quad@weeaboo.space
2021-12-02T11:07:58.360710Z
0 likes, 0 repeats
@angristan Did you try to use wireguard and filter by TCP and port 80?Unfortunately if your http stuff is being redirected, it might not show up if you use ip.dst to filter. You might also have to monitor your loopback interface (or all interfaces) rather than your ethernet interface
(DIR) Post #ADzX5uLdnu5fVhYA1Q by quad@weeaboo.space
2021-12-02T11:08:17.640113Z
0 likes, 0 repeats
@angristan wireshark*
(DIR) Post #ADzY5OTaP1TAcEaKe0 by angristan@mstdn.io
2021-12-02T11:19:20Z
0 likes, 0 repeats
also checked kernel extensions and launchd services, nothing fishy
(DIR) Post #ADzYlAJXRmMgr5nsZ6 by angristan@mstdn.io
2021-12-02T11:26:54Z
0 likes, 0 repeats
@jarm nothing
(DIR) Post #ADzhZ3DktQqUy6Oeum by doenietzomoeilijk@mastodon.nl
2021-12-02T13:04:48Z
0 likes, 0 repeats
@angristan what if you completely disable IPv6 on the interface?
(DIR) Post #AE6Ht70wHDPcfYcXya by benjiprod@mstdn.io
2021-12-05T17:20:50Z
0 likes, 0 repeats
@angristan 3 days later. How's going ?
(DIR) Post #AE6Ifv59QcmHqtrdei by angristan@mstdn.io
2021-12-05T17:29:39Z
0 likes, 0 repeats
@benjiprod still broken
(DIR) Post #AEHE8vfl7gJaaGTUlE by taoeffect@mstdn.io
2021-12-11T00:00:43Z
0 likes, 0 repeats
@angristan Does it work if you use a VPN? If so then it might be your ISP
(DIR) Post #AEHEMHrPwJcjACIUt6 by angristan@mstdn.io
2021-12-11T00:03:07Z
0 likes, 0 repeats
@taoeffect It's not
(DIR) Post #AEHLpF63zf9wfWtzBw by taoeffect@mstdn.io
2021-12-11T01:26:45Z
0 likes, 0 repeats
@angristan OK, if you have Little Snitch installed, or something similar, check that. Am guessing you already tried that though.Then another troubleshooting step is to create another user account and see if the problem occurs there too. If not, it at least narrows things down a bit.
(DIR) Post #AGEKrPkygSi96Pxpvk by benoit@toots.benpro.fr
2022-02-07T10:15:37Z
0 likes, 0 repeats
@angristan la route par défaut parait logique ? Genre ça pourrait être une appli qui ajoute un réseau virtuel de routage. Peu probable mais bon.
(DIR) Post #AGEL3aBzi4KqwYP3iq by angristan@mstdn.io
2022-02-07T10:18:13Z
0 likes, 0 repeats
@benoit oui:
(DIR) Post #AGEL854ArarBr5tFlg by benoit@toots.benpro.fr
2022-02-07T10:16:56Z
0 likes, 0 repeats
@angristan Est-ce qu'un service HTTP sur le LAN est joignable ?
(DIR) Post #AGEL85hWVIKfp8Ig6K by angristan@mstdn.io
2022-02-07T10:18:59Z
0 likes, 0 repeats
@benoit oui, localhost ça marche, LAN ça marche, et même tailscale ça marche
(DIR) Post #AGELNwr59z3n1RKgyW by angristan@mstdn.io
2022-02-07T10:21:55Z
0 likes, 0 repeats
this is driving me crazy
(DIR) Post #AGELTlavwHdtptYOQK by benoit@toots.benpro.fr
2022-02-07T10:22:56Z
0 likes, 0 repeats
@angristan Donc en gros c'est que quand ça traverse un routeur.Si tu monte un serveur http sur un autre réseau genre 10.10.10.0/24, que tu ajoute le nécessaire sur ton routeur pour router 192.168.1.0/24 <--> 10.10.10.0/24, ça marche ?
(DIR) Post #AGELf5wUcw0K832WUS by angristan@mstdn.io
2022-02-07T10:24:32Z
0 likes, 0 repeats
@benoit pour info quand même, si je me co à un VPN genre wireguard qui donc censé rediriger tout mon traffic, le problème est là par contre
(DIR) Post #AGELlp2brdffjm6nQ0 by benoit@toots.benpro.fr
2022-02-07T10:26:12Z
0 likes, 0 repeats
@angristan "le problème est là par contre". Le problème disparaît ?
(DIR) Post #AGELtvwI6KUTRq1Lu4 by angristan@mstdn.io
2022-02-07T10:27:38Z
0 likes, 0 repeats
@benoit non, il est toujours là:
(DIR) Post #AGEM1x1nw7D38rQGzw by dadosch@social.tchncs.de
2022-02-07T10:29:08Z
0 likes, 0 repeats
@angristan maybe a wrong MTU? For me, this has been the cause for not loading HTTP*S* pages, while HTTP worked fine. I can't really explain why it should be the other way around, but ¯\_(ツ)_/¯
(DIR) Post #AGEMHmcwNIo9W7LHZw by benoit@toots.benpro.fr
2022-02-07T10:31:55Z
0 likes, 0 repeats
@angristan Ça affecte aussi les VMs ? VirtualBox, Multipass, lima, etc?
(DIR) Post #AGEMyszKbGNFhKMtRg by angristan@mstdn.io
2022-02-07T10:39:46Z
0 likes, 0 repeats
@benoit ça semble fonctionner depuis multipass
(DIR) Post #AGENCwCDTDDJhW5yxE by benoit@toots.benpro.fr
2022-02-07T10:42:17Z
0 likes, 0 repeats
@angristan !! Tu peux comparer les paquets qui sortent de l'interface virtuelle et de en7 ?
(DIR) Post #AGEOQ9zjZuUqDQ7s1Y by angristan@mstdn.io
2022-02-07T10:55:56Z
0 likes, 0 repeats
@benoit dans les deux cas, tu parles des paquets qui partent de la VM ?
(DIR) Post #AGEOheXDHhN1rA7uhk by angristan@mstdn.io
2022-02-07T10:59:06Z
0 likes, 0 repeats
@benoit (je demande car dans les cas où rien ne passe (ma pane de droite), je ne vois absolument aucun paquet https://mstdn.io/@angristan/107376766761258508)
(DIR) Post #AGEOlH9a9n9uV1nibo by benoit@toots.benpro.fr
2022-02-07T10:59:42Z
0 likes, 0 repeats
@angristan Hmm non.Un curl dans la VM, follow tcp trace dans Wireshark.Puis un curl sur le mac, follow tcp trace.Et essaye de voir si y'a un truc différent, genre un flag TCP ou que sais-je.
(DIR) Post #AGEOoQHoeqbvh29Y12 by benoit@toots.benpro.fr
2022-02-07T11:00:12Z
0 likes, 0 repeats
@angristan Bah si on voit la partie TCP. C'est celle que j'aimerais comparer justement. (Click droit follow tcp trace)
(DIR) Post #AGEOxYLc3VxHIiHZVw by benoit@toots.benpro.fr
2022-02-07T11:01:56Z
0 likes, 0 repeats
@angristan Ah oui mais y'a meme pas un SYN...? Vire les filtres, ou fait des filtres inverse.Peut être que le paquet par pas sur ip.dst Oo?C'est pas mal chelou ton histoire, ça m'intéresse aha.
(DIR) Post #AGEPLsaIT1jD0wkalU by angristan@mstdn.io
2022-02-07T11:06:22Z
0 likes, 0 repeats
@benoit y'a rien de rien
(DIR) Post #AGEPQM0n00VZRKHA12 by benoit@toots.benpro.fr
2022-02-07T11:07:08Z
0 likes, 0 repeats
@angristan Et si tu scanne toutes les interfaces, on sait jamais si ça passe ailleurs, très peu probable mais bon...
(DIR) Post #AGEPgDk9VZsMQg3lhI by angristan@mstdn.io
2022-02-07T11:10:03Z
0 likes, 0 repeats
@benoit pareil !
(DIR) Post #AGEPpmU1iQKKmO4lOK by angristan@mstdn.io
2022-02-07T11:11:45Z
0 likes, 0 repeats
@benoit autre truc étrange: si je reboot mon mac, le port 80 fonctionne. Si je met met à faire passer des choses via ce port (même plusieurs heures après le boot, alors ça va bloquer, mais seulement au bout de quelques secondes / ou au bout d'une certaine quantité de paquet, je sais pas. Et ensuite, c'est mort jusqu'au prochain reboot
(DIR) Post #AGEPtCCeXwOdPtZskC by benoit@toots.benpro.fr
2022-02-07T11:12:21Z
0 likes, 0 repeats
@angristan Reste à dtruss curl pour voir les appels aux librairies, mais c'est galère à faire fonctionner dtruss sous Mac.
(DIR) Post #AGEQV5y2BB2154oODg by angristan@mstdn.io
2022-02-07T11:19:12Z
0 likes, 0 repeats
@benoit avec multipass on voit bien le paquet sortir par vmenet0 puis en7
(DIR) Post #AGEQW5JQ6HNpL4HpWS by benoit@toots.benpro.fr
2022-02-07T11:18:23Z
0 likes, 0 repeats
@angristan Y'a plus qu'à tout faire router par une VM multipass 🙃 Je n'ai plus d'idées, vue que aucun paquets sort, j'ai l'impression que ça serait aux niveau des libs du Mac.
(DIR) Post #AGEQW5sA17Al4oXZfk by angristan@mstdn.io
2022-02-07T11:19:21Z
0 likes, 0 repeats
@benoit :blobcatcomfsob:
(DIR) Post #AGEQgfao474gkxSyhM by benoit@toots.benpro.fr
2022-02-07T11:18:40Z
0 likes, 0 repeats
@angristan https://www.linuxjournal.com/content/more-using-bashs-built-devtcp-file-tcpip est-ce que ça marche en parlant direct à /dev/tcp ?
(DIR) Post #AGEQggCjn5PqebDGoy by angristan@mstdn.io
2022-02-07T11:21:18Z
0 likes, 0 repeats
@benoit nope
(DIR) Post #AGEQliC9oiKwH9LDEW by angristan@mstdn.io
2022-02-07T11:22:14Z
0 likes, 0 repeats
@benoit ça me rend fou je vais finir par juste tout wipe lol
(DIR) Post #AGERLiUQCPA5c93Ja4 by benoit@toots.benpro.fr
2022-02-07T11:28:40Z
0 likes, 0 repeats
@angristan Si t'est motivé faudrait dtrace/dtruss curl pour voir où ça bloque. (Jamais fait sous mac, ça devrait être comme strace).
(DIR) Post #AGERz4ywVVNgfO68uW by benoit@toots.benpro.fr
2022-02-07T11:35:05Z
0 likes, 0 repeats
@angristan T'as pas Cisco Anyconnect d'installé ? Ce truc fou pas mal la merde.Sur mon Mac, il fout la merde avec la partie DNS.
(DIR) Post #AGERz5WySybSMw1JxI by angristan@mstdn.io
2022-02-07T11:35:49Z
0 likes, 0 repeats
@benoit nope :p
(DIR) Post #AGETDChQi5uibuCnui by benoit@toots.benpro.fr
2022-02-07T11:49:28Z
0 likes, 0 repeats
@angristan :thinking_hard: T'est sûr que pf est bien coupé ? sudo pfctl -F all
(DIR) Post #AGETLI5Aa3aZccAKyO by angristan@mstdn.io
2022-02-07T11:51:06Z
0 likes, 0 repeats
@benoit je teste https://poweruser.blog/using-dtrace-with-sip-enabled-3826a352e64b
(DIR) Post #AGETOb8oB3J5bGRdbc by angristan@mstdn.io
2022-02-07T11:51:40Z
0 likes, 0 repeats
@benoit
(DIR) Post #AGEUMvKUFKtJaWfm3E by benoit@toots.benpro.fr
2022-02-07T12:02:32Z
0 likes, 0 repeats
@angristan Apparemment y'a deux pare feu sous Mac.pf pour la partie pure réseauJe viens de trouver ça :sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate offet socketfilterfw pour le firewalling des applis.
(DIR) Post #AGEWEmU5RraDkNPMlU by angristan@mstdn.io
2022-02-07T12:23:31Z
0 likes, 0 repeats
@benoit déja disabled !
(DIR) Post #AGEWHnmJ5uGmd2N3cu by angristan@mstdn.io
2022-02-07T12:24:03Z
0 likes, 0 repeats
@benoit y'a ça sinon
(DIR) Post #AGEWq244U3Komd0CvI by angristan@mstdn.io
2022-02-07T12:30:15Z
0 likes, 0 repeats
@benoit tu vois là j'ai reboot et j'ai réussi à DL 3 Mo avant que ça bloque
(DIR) Post #AGEcXtHR0MnI3EzA9I by flutergork@mstdn.io
2022-02-07T13:34:11Z
0 likes, 0 repeats
@angristan Which browser are you using?
(DIR) Post #AGEcjeZjVFadv69ZNg by angristan@mstdn.io
2022-02-07T13:36:20Z
0 likes, 0 repeats
@benoit autre chose: sur un autre compte, pas de problème
(DIR) Post #AGEcmZENpV3kDIYZjU by angristan@mstdn.io
2022-02-07T13:36:03Z
0 likes, 0 repeats
@flutergork this is not a browser issue
(DIR) Post #AGEeo2dACw1jaoyhqy by flutergork@mstdn.io
2022-02-07T13:59:32Z
0 likes, 0 repeats
@angristan How are you trying to load HTTP websites?
(DIR) Post #AGFVGk3bXPBC0DLtxo by benoit@toots.benpro.fr
2022-02-07T23:47:20Z
0 likes, 0 repeats
@angristan :thinking_hard: Idée débile mais why not :Tu lances pleins de curl en boucle, tu regardes si tu vois pas un process consommer du CPU, le potentiel coupable.
(DIR) Post #AGFbC80fed7cZFABlo by angristan@mstdn.io
2022-02-08T00:53:46Z
0 likes, 0 repeats
@benoit rien de spécial, par contre truc encore + wtf, un while true curl fonctionne sans problème avec une URL HTTP, ça n'est pas bloqué
(DIR) Post #AGFbEYCZFDlWNZso8e by angristan@mstdn.io
2022-02-08T00:54:13Z
0 likes, 0 repeats
@benoit HTTP est bloqué dès que j'ai du débit qui passe, comme mon wget d'un fichier
(DIR) Post #AGFbFZuMNzEFxdrAe0 by angristan@mstdn.io
2022-02-08T00:54:25Z
0 likes, 0 repeats
@benoit du délire
(DIR) Post #AGFbIB9Uss063DB25g by angristan@mstdn.io
2022-02-08T00:54:53Z
0 likes, 0 repeats
@benoit (je parle d'après un reboot)
(DIR) Post #AGGGPWBLBsMpQAepYO by benoit@toots.benpro.fr
2022-02-08T08:35:32Z
0 likes, 0 repeats
@angristan :thinking_hard: 😩 T'a joué avec druss ?
(DIR) Post #AGGQqiRihRdUomvUy8 by angristan@mstdn.io
2022-02-08T10:32:33Z
0 likes, 0 repeats
@benoit j'aurais bien aimé mais macOS quoi, c'est chaud