[plug] Need help deciphering tcpdump
Craig Ringer
craig at postnewspapers.com.au
Fri Oct 17 17:35:28 WST 2003
> Okay. So if it's normal, why am I seeing it repeated over and over with
> apparently no data getting through to the program trying to receive it?
> And if it's from a remote router, why is the origin IP address (130.95.39.9)
> mine?
That would've been useful info in the original post...
> It also looks as if it might be IP masquerading-related, as from the
> gateway box everything seems to work, whereas from a machine behind it,
> the connection seems to hang and the I see ICMP unreachable packets.
Does the gateway box talk to the wider internet via PPPoE? Any chance of
an 'ifconfig -a' on the gateway, and on the target host? If you're
connecting via PPPoE, the appropriate connect script from /etc/ppp would
be useful too, though with username etc blanked out of course.
> Craig: Which interface on which host should I try lowering the mtu on?
It appears that James has more of a clue here than I do... but I'll make
a stab anyway.
Given the information above (your IP) it appears that the REMOTE host is
sending packets that are larger than your MRU, and your host is
rejecting them. Since the sending host has flagged the packet as not to
be fragmented (thanks, james - didn't know that was the flag), your
machine will be rejecting it. As it should.
A test could be raising your MRU and seeing if that works. I don't
really understand why it should be below 1400 anyway, but then my tcp/ip
knowledge is at the "happy on a LAN, but not so hot on internetworks" level.
Craig Ringer
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list