While troubleshooting an isuue on a CentOS server, which functions as a web server, I used the tcpdump utility to monitor network traffic to and from the web server. I used the tcpdump command tcpdump -i enp1s4 -vvv port 80 to observe traffic on network interface enp1s4, which was the Local Area Network (LAN) interface, and only on port 80, the well-known port for HTTP traffic. Amidst the expected traffic I also saw HTTP connectivity from the server on which I was performing the troublehshooting to another web server, which seemed odd, since it wasn't immediately apparent to me why the server I was troubleshooting was connecting to that other web server at IP address 18.104.22.168.
15:12:46.491073 IP (tos 0x0, ttl 64, id 21907, offset 0, flags [DF], proto TCP ( 6), length 52) moonpoint.com.33309 > 22.214.171.124.http: Flags [F.], cksum 0x26b7 (incorrect -> 0x2738), seq 3599572683, ack 3802137359, win 115, options [nop,nop,TS val 28 33407685 ecr 423340583], length 0 15:12:46.515987 IP (tos 0x0, ttl 54, id 31318, offset 0, flags [none], proto TCP (6), length 52) 126.96.36.199.http > moonpoint.com.33309: Flags [F.], cksum 0x13c6 (correct), seq 1, ack 1, win 114, options [nop,nop,TS val 423345561 ecr 2833407685], lengt h 0 15:12:46.516052 IP (tos 0x0, ttl 64, id 21908, offset 0, flags [DF], proto TCP ( 6), length 52) moonpoint.com.33309 > 188.8.131.52.http: Flags [.], cksum 0x26b7 (incorre ct -> 0x13ac), seq 1, ack 2, win 115, options [nop,nop,TS val 2833407710 ecr 423 345561], length 0
[ More Info ]