- not DNS

also checked kernel extensions and launchd services, nothing fishy

@angristan Telnet d’abord
Et vire le filtre http pour voir si le ACK/SYN passe.

@aeris effectivement, rien ne passe

@angristan Firewall faciste ?

@aeris pas le firewall macOS en tout cas

@angristan what if you completely disable IPv6 on the interface?

@angristan 3 days later. How's going ?

@benjiprod still broken

@angristan Does it work if you use a VPN? If so then it might be your ISP

@taoeffect It's not

@angristan OK, if you have Little Snitch installed, or something similar, check that. Am guessing you already tried that though.

Then another troubleshooting step is to create another user account and see if the problem occurs there too. If not, it at least narrows things down a bit.

@angristan You say you tried with curl, but didn't specify whether that was successful or not.

Also what's the error you get, a timeout? something else?

@quad not successful with curl either

I get a timeout

@angristan To all http sites? For example if you try: "curl -v http://quad.moe" that also just leads to a timeout?

@quad affirmative

@angristan Can you try the command "lsof -i" while making http requests?

It lists all current connections and I think it works on macOS. You might have to filter a bit with grep but it should show all open connections, and to where.

Verify that your http connections are going where you expect them to and are not being intercepted/redirected somewhere strange

@angristan for example quad.moe is 185.141.156.58 or 58.185-141-156.enivest.net

Leave curl in a loop and verify that it is in fact sending http requests to one of those. If not, try to figure out where it ends up, maybe it's redirected to something like 127.0.0.1 and some port, in which case "lsof -i" should also show what is listening on that ip/port

@angristan Last suggestion I can think of on the fly is running "sudo ipfw list". Which should list current firewall rules on macOS. If some application is redirecting/hijacking http requests, it's probably been done using ipfw

@angristan Actually my bad. I forgot that macOS uses pf now. If you want to check firewall rules/forwardings it's probably "pfctl -s rules "

@quad nothing of interest with this command

I also disabled the macOS firewall entirely, but no change

@angristan Did you try to use wireguard and filter by TCP and port 80?

Unfortunately if your http stuff is being redirected, it might not show up if you use ip.dst to filter. You might also have to monitor your loopback interface (or all interfaces) rather than your ethernet interface

@angristan wireshark*

@quad

curl gives timeouts,
But I assume that the issue persist on all kinds of networks and not just yours at home?

But it sounds like you have some kind of application installed that blocks it or something

@angristan

@selea @quad yes, it happens on other networks as well. It's probably something I installed, yeah...

@angristan @selea Yes, hijacking http is typical behavior for various sketchy things. Most likely something like a VPN client, an adblocker or firewall thingy