Can't access certain web sites - reset router, any ideas?

EDIT: This problem was resolved by my ISP - had to do with damaged fiber in one of their locations. Thanks to everyone that helped.

Not sure if this is the right site (I'm a StackOverflow user) so I thought I'd give it a shot.

I'm having trouble connecting to certain sites on any of the 3 machines that are on my LAN. The following sites are returning "Problem Loading Page - The connection has timed out"

Sourceforge.net
CNet.com
Microsoft.com
OpenDNS.com
even my company's webiste

I was worried about possible malware/virus, but I don't think that is the case (given the inability to access my company's site and the fact that all 3 machines are having the same issues.)

I've tried with IE8, FF, and Chrome

I have reset my router (WRT54G) and my machine(s) multiple times.

EDIT: It is also worth noting that this page spins constantly and no avatars show up (I'm assuming it is trying to access gravatar.com with no success.)

EDIT: I have the same issues directly connected to the modem. So, any router config is probably not the issue

I'm a programmer, not a network guy - any ideas?

IniTech

Posted 2010-03-06T17:34:10.367

Reputation: 183

A downvote - really? – IniTech – 2010-03-06T18:53:58.173

Answers

Sites I'm unable to reach include:

What does unable to reach mean? You get an error? it times out? what exactly happens?

When did this problem start? Were you ever able to load any of those sites?

Sourceforge is probably the simplest of the sites you listed, so lets use that for testing..

from a cmd window run nslookup sourceforge.net You should get something like

Name:   Sourceforge.net
Address: 216.34.181.60

if that works, you probably don't have a DNS issue.

Next, try sending a basic request to the site by connecting to port 80 and sending GET /

justin@media:~$ telnet Sourceforge.net 80
Trying 216.34.181.60...
Connected to Sourceforge.net.
Escape character is '^]'.
GET /
HTTP/1.0 302 Found
Location: http://sourceforge.net/
Server: BigIP
Connection: close
Content-Length: 0

Connection closed by foreign host.

This is a good test because it ensures that you can connect to the web server, and the response is small so it will not trigger an issue with large packet sizes.

next, try sending a valid request for the home page by connecting to port 80 and sending

GET / HTTP/1.0
Host: sourceforge.net

followed by enter twice.

At this point one of 3 things will happen:

You'll get nothing back. This usually points to an MTU problem, but MTU issues are pretty rare these days, and you wouldn't be able to load much of anything if this was your problem. Do you even have a PPPoE based connection? Those are generally the only types of connection that have a strange MTU these days.
You'll get a few packets back and then it stops mid-html stream. This usually points to a problem with ECN or tcp window scaling.
You get the whole page back ending with </body> </html> If this happens then you don't really have a problem, at least not with sourceforge.net

You didn't say which operating system you were using, other than that it is probably windows since you have IE... If it is Vista or 7 tcp window scaling might be your problem.

They key point is to first figure out what the problem might be, then make changes, not the other way around.

It might be worthwhile to run the Netalyzer: http://netalyzr.icsi.berkeley.edu/index.html

It runs a lot of basic connectivity tests including dns and http.

Ok, so you can't even connect to port 80, this is very interesting. If the dns lookup worked, and got the right IP, but you are unable to connect to port 80, that rules out all of MTU,ECN,tcp window scaling. just to confirm this, can you repeat that test with some more sites, both working and non-working.. telnet google.com 80, telnet superuser.com 80. etc.

I forget if windows prints the 'Trying 216.34.181.60' line? if it doesn't, it might be a good idea to run the nslookup first, then telnet directly to the IP to make sure you are connecting to the right host.

Do all of your machines run windows 7? Are they all running the same software, like maybe an AV program that includes a firewall? It might be a good idea to try a live linux cd/usb image.. even one of the tiny ones like damn small linux would suffice. If you have the same problem running off a clean linux system connected directly to the modem, there isn't much you can do and I would call your ISP.

Also, if you could answer the

'When did this problem start? Were you ever able to load any of those sites?'

questions, they would help narrow down what the root cause of this could be.

And run the netalyzer thing, it might shed some light on the problem.

user23307

Posted 2010-03-06T17:34:10.367

Reputation: 5 915

Win7. nslookup came back as expected. Response to telnet Sourceforge.net 80: 'Could not open connection to the host, on port 80: Connect failed.' – IniTech – 2010-03-06T18:52:00.310

"The server at n1.netalyzr.icsi.berkeley.edu is taking too long to respond." As for your first question, that is what all of the pages are returning. "Problem Loading Page - The connection has timed out" – IniTech – 2010-03-06T19:03:34.527

The problem started today - yes, I've been able to access all of the sites on the list in the past. I recently downloaded MongoDB and a C# driver for it, but nothing out of the ordinary. – IniTech – 2010-03-06T19:08:39.257

ah, I just updated my answer with more things to try next.. this is looking more and more like a problem with your ISP, maybe they are having a major peering issue with some networks... The important thing to note is that the INITIAL connection is failing, not the downloading of content. it appears your machines are unable to even complete the tcp 3 way handshake, which is a problem at a much lower level. When you tried to telnet to sourceforce.net on port 80, did you get the error message right away, or after about 10 seconds? – user23307 – 2010-03-06T19:20:41.007

I'll try your additional steps, but the telnet failed after 10s or so. – IniTech – 2010-03-06T19:21:55.577

telnet to google.com 80 works, GET request returns html as expected. Can't run netalyzer (see comment above) - 1 Win7 machines, other 2 are Vista - on the phone with ISP right now, elevated to Tier 3 - they're stumped too. +1 for all of your help. – IniTech – 2010-03-06T19:26:20.820

+1 if I could, not enough rep :/ – IniTech – 2010-03-06T19:26:48.200

1If you didn't have 3 computers that all started doing this, I might blame it on broken firewall software. If the problem is on your ISPs end the next steps I would do would be to run a traceroute (tracert in windows) to each of the sites, save the output from each, then compare the ones that work to the ones that don't work. If your ISP is having a peering issue, you might spot a pattern. Traceroute can be kind of flaky with firewalls these days, so it isn't as good of a troubleshooting tool as it once was. – user23307 – 2010-03-06T19:39:17.567

Could be your ISPs DNS servers playing about - mine on O2 in the UK do that quite a lot :/

Try using OpenDNS instead as this will eliminate that particular issue (and is better in any case for many reasons)

Either update the router so that all 3 machines automatically use OpenDNS or update the TCP/IP settings individually on each machine - there are instructions for both options on the OpenDNS site.

You DON'T need to sign up with them either.

Shevek

Posted 2010-03-06T17:34:10.367

Reputation: 15 408

Would this be a good reason to finally go with DD-WRT on this router - or can that be done within the existing OS? – IniTech – 2010-03-06T17:43:09.767

1Well, you can add OpenDNS.com to the list of sites I can't visit... – IniTech – 2010-03-06T17:44:37.533

Blimey, that's not good... OK, try changing the TCP/IP settings on your machine to use the OpenDNS servers: 208.67.222.222 and 208.67.220.220, see if that helps – Shevek – 2010-03-06T17:47:26.840

When I use those servers, I get a "DNS servers are not responding" error – IniTech – 2010-03-06T17:51:59.870

are you able to PING them? – Shevek – 2010-03-06T17:55:26.617

No Ping - time out. Notice the edit on the original post - I am going to try another restart. – IniTech – 2010-03-06T17:56:28.987

It could be a DNS problem, but the way you determine that is by testing DNS, not by randomly changing to another DNS provider. – user23307 – 2010-03-06T18:16:17.253

Justin - if you'd like, another answer with how to test DNS other than "randomly changing to another DNS provider" would be helpful. – IniTech – 2010-03-06T18:19:37.370

It sounds like the MTU setting is too high on your router.

Log onto the interface and simply lower it.

I would guess that the MTU is currently set to 1500 so try 1458 instead.

alt text

EDIT - To change the MTU on each computer, use a tool called DrTCP.

Kez

Posted 2010-03-06T17:34:10.367

Reputation: 15 359

It was indeed Auto (1500) - changed to 1458 - did not resolve the issue. – IniTech – 2010-03-06T17:47:34.640

Restart both the router and the computers following the change. If still not working, try 1430 instead? You may also need to adjust the MTU on each computer. I updated my answer with a link to DrTCP which will help you do this. – Kez – 2010-03-06T17:50:56.287

Yeah - I changed it in the router interface. I am about to try a power cycle on the modem and router and restart my machine. Back in a few. – IniTech – 2010-03-06T17:53:17.793

Restart did not resolve – IniTech – 2010-03-06T18:01:45.277

Do you have another router/ADSL microfilter you can test with? If it's not MTU and you've already tried resetting it, I think it could be heading for the router graveyard in the sky. – Kez – 2010-03-06T18:08:37.817

I can try directly connecting to the modem – IniTech – 2010-03-06T18:09:23.527

I don't think it's the router. Direct connect to modem has same issues. – IniTech – 2010-03-06T18:11:56.423

Riiight my mistake, I thought the WRT54G had a built-in modem but it blatantly doesn't. Back to MTU then... can you log onto the modem and change it there? I'd still put money it being MTU - see first link in my question :-) – Kez – 2010-03-06T18:24:24.567

I have already changed the MTU in the linksys interface followed by a power cycle of the modem and router and a restart of my machine. – IniTech – 2010-03-06T18:26:18.930

I had this issue using a Dlink 600 router. Websites like Google and YouTube did not when I first configured the router. The solution that worked for me was to change the MTU 1500 setting. Google and YouTube are working, but EBay is not working. I changed MTU to 1000. That seems to have fixed the issue for most sites.

user269136

Posted 2010-03-06T17:34:10.367

Reputation: 1