[geeks] Further info on Sol8 networking problem
Martijn Pronk
martijn at smartie.xs4all.nl
Thu Mar 21 17:55:42 CST 2002
Joshua D Boyd wrote:
> So, I broke out tcpdump tonight (don't know why I didn't think of it earlier).
>
> And when I type telnet cs.millersville.edu, tcp dump shows normal activity,
> plus the following sorts of messages over and over:
>
> 02:01:05.359189 192.168.0.55.32776 > cs.millersville.edu.telnet: S 23529836:23529836(0) win 24820 <nop,nop,sackOK,mss 1460> (DF)
> 02:01:18.858901 192.168.0.55.32776 > cs.millersville.edu.telnet: S 23529836:23529836(0) win 24820 <nop,nop,sackOK,mss 1460> (DF)
If I read this correctly, it's trying to send a tcp packet with 1460 bytes
and the Don't Fragment bit on. This looks like it is thying to do Path
MTU discovery. (Send a big TCP packet with DF set down the line and if
there is a link between the two hosts with a smaller MTU the router will
send a ICMP message Fragmentation Needed. The OS will try to send a
smaller packet and the proces is repeated until the tcp connection is
complete and the smaller MTU size is used until the tcp connection is
dropped.)
If you're somehow not able to recieve these ICMP messages, your OS is
going to be confused...
Since ping and DNS packets are generally small these packets are not
affected by this.
How to test for this? Try pinging the host with a bigger than normal
Ping packet. (Your ping program will be able to create bigger ping packets)
So you could try (Solaris 8 Ping syntax)
ping -s obelix.sillywalks.org (normal size, should work if not blocked
by network)
ping -s obelix.sillywalks.org 1472 (Should work if the mtu is at least
1500 bytes)
ping -s obelix.sillywalks.org 500 (Should work...)
Try to find the biggest packet that comes through and you have found the
mtu of the path between you and the other host.
>
> Which is pretty much what I'd expect (I can't ping cs.millersville.edu due
> to the campus filtering icmp packets).
Are you behind this filter? Then that might be your problem.
Try setting the MTU lower or turn of Path MTU discovery.
>
> Any idea why the servers aren't replying? The packets are obviously making it
Probably because they can't hear you.
> out over my network, so why are the outside servers responding to my linux
> and netbsd machines, but not the Solaris one? I don't know if this tcpdump
> is actually of any use, but it seemed worth trying.
Maybe these systems don't use path-mtu-discovery... (Not sure about
that, and all this is only a guess, but these DF bits make me scary.)
Hope this helps,
Martijn
More information about the geeks
mailing list