While troubleshooting an isuue on a CentOS server, which functions as a web server, I used the tcpdump utility to monitor network traffic to and from the web server. I used the tcpdump command tcpdump -i enp1s4 -vvv port 80 to observe traffic on network interface enp1s4, which was the Local Area Network (LAN) interface, and only on port 80, the well-known port for HTTP traffic. Amidst the expected traffic I also saw HTTP connectivity from the server on which I was performing the troublehshooting to another web server, which seemed odd, since it wasn't immediately apparent to me why the server I was troubleshooting was connecting to that other web server at IP address 8.247.90.236.
15:12:46.491073 IP (tos 0x0, ttl 64, id 21907, offset 0, flags [DF], proto TCP (
6), length 52)
moonpoint.com.33309 > 8.247.90.236.http: Flags [F.], cksum 0x26b7 (incorrect
-> 0x2738), seq 3599572683, ack 3802137359, win 115, options [nop,nop,TS val 28
33407685 ecr 423340583], length 0
15:12:46.515987 IP (tos 0x0, ttl 54, id 31318, offset 0, flags [none], proto TCP
(6), length 52)
8.247.90.236.http > moonpoint.com.33309: Flags [F.], cksum 0x13c6 (correct),
seq 1, ack 1, win 114, options [nop,nop,TS val 423345561 ecr 2833407685], lengt
h 0
15:12:46.516052 IP (tos 0x0, ttl 64, id 21908, offset 0, flags [DF], proto TCP (
6), length 52)
moonpoint.com.33309 > 8.247.90.236.http: Flags [.], cksum 0x26b7 (incorre
ct -> 0x13ac), seq 1, ack 2, win 115, options [nop,nop,TS val 2833407710 ecr 423
345561], length 0[ More Info ]
