[plug] Need help deciphering tcpdump
Cameron Patrick
cameron at patrick.wattle.id.au
Fri Oct 17 17:20:17 WST 2003
On Fri, Oct 17, 2003 at 05:05:01PM +0800, James Devenish wrote:
| In message <20031017090032.GA4848 at mail.guild.uwa.edu.au>
| on Fri, Oct 17, 2003 at 05:00:32PM +0800, James Devenish wrote:
| > > 15:54:27.906573 130.95.39.9 > 134.243.85.3: icmp: 130.95.39.9 unreachable - need to frag (mtu 1400) [tos 0xc0]
| >
| > Your host has received this message from a remote router. It occurs for
| > the reason Craig said (i.e. mtu is 1400 rather than what your host sent
| > PLUS the packet has the dont'-fragment bit set).
|
| BTW I originally wrote "this is normal" but then deleted those words
| because I couldn't remember why it would be normal. However, after
| Googling, my memory is refreshed (path MTU discovery).
Okay. So if it's normal, why am I seeing it repeated over and over with
apparently no data getting through to the program trying to receive it?
And if it's from a remote router, why is the origin IP address (130.95.39.9)
mine?
It also looks as if it might be IP masquerading-related, as from the
gateway box everything seems to work, whereas from a machine behind it,
the connection seems to hang and the I see ICMP unreachable packets.
Craig: Which interface on which host should I try lowering the mtu on?
| In message <Pine.LNX.4.44.0310171657330.16738-100000 at ob.golden.wattle.id.au>
| on Fri, Oct 17, 2003 at 04:59:16PM +0800, Mike Holland wrote:
| > The "z3950" is a name from your /etc/services file:
| > z39.50 210/tcp z3950 wais # NISO Z39.50 database
|
| LOL classic.
*sniff* Okay, I'm stupid. You can stop laughing at me now... :-P
Cameron.
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list