[plug] Need help deciphering tcpdump
James Devenish
devenish at guild.uwa.edu.au
Fri Oct 17 17:49:47 WST 2003
In message <20031017092017.GE10160 at erdos.home>
on Fri, Oct 17, 2003 at 05:20:17PM +0800, Cameron Patrick wrote:
> Okay. So if it's normal, why am I seeing it repeated over and over with
> apparently no data getting through to the program trying to receive it?
In my understanding, the remote 'device' is trying to elicit a response
from your host (I jumped to conclusions and said 'remote router' because
I can't elicit a response from the address 134.243.85.3 itself). So,
your host is receiving these not-to-be-fragmented packets and responding
to them. So...ask the admin of that host to stop sending traffic to you
;-)
> Craig: Which interface on which host should I try lowering the mtu on?
Whoops, yeah, I got muddled up somewhere. So...your host is *sending*
those "mtu 1400" messages? Then is it one of your interfaces that's got the
lower MTU? I'm confused.
> It also looks as if it might be IP masquerading-related, as from the
> gateway box everything seems to work, whereas from a machine behind it,
> the connection seems to hang and the I see ICMP unreachable packets.
Ah...are you blocking outbound ICMP? So the remote host has to
repeatedly resent its queries? (The only reason I would mention this is
that people like to break the Internet with simple rules like 'block
all', etc.)
Here's some output from `traceroute-nonog -M` from elsewhere on campus
to your dialup/laptop -- don't tell me you're using SNAP. I don't know
what the output of traceroute-nanog means, or if it is useful :-) Also,
sometime on the number 2 line I chose to press control-C ;-)
traceroute to vpatrick.general.dialup.uwa.edu.au (130.95.39.9), 30 hops
max, 32000 byte packets
1 MTU=17914 MTU=8166 MTU=4352 MTU=2002 MTU=1492 * * *
2 * * *
3 *
4
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list