[lug] can ping the host, but can't ssh for a few seconds

Michael Hirsch mdhirsch at gmail.com
Tue Jul 10 16:07:08 MDT 2012


On Tue, Jul 10, 2012 at 9:42 AM, Ebben Aries <earies at dscp.org> wrote:

> so now that we know they are on the same segment - i would check a few
> things
>
> - 1st, rule out any potential for protocol preference v6/v4 within ssh -
> and replace 'warsaw' w/ its actual IP address and force v4 'ssh -4
> software at 192.168.1.21'
> - insert an arp check in your string
>
> # date; ping -c 1 192.168.1.21; /sbin/route; arp -na 192.168.1.21; ssh -4
> software at 192.168.1.21
>

Ho ho! Progress.  My new command is to check arp, ping, arp again, ssh with
IPv4, then arp again:.  (I took out route because it wasn't interesting.)

    date;  arp -na 192.168.1.21; ping -c 1 192.168.1.21; arp -na
192.168.1.21; ssh -4 software at 192.168.1.21;  arp -na 192.168.1.21

The results of the arps look okay, but a few seconds later I get a
different answer!:

[root at saratoga ~]# date;  arp -na 192.168.1.21; ping -c 1 192.168.1.21; arp
-na 192.168.1.21; ssh -4 software at 192.168.1.21;  arp -na 192.168.1.21
Tue Jul 10 12:06:42 MDT 2012
arp: in 10 entries no match found.
PING 192.168.1.21 (192.168.1.21) 56(84) bytes of data.
64 bytes from 192.168.1.21: icmp_seq=0 ttl=64 time=3.73 ms

--- 192.168.1.21 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.730/3.730/3.730/0.000 ms, pipe 2
? (192.168.1.21) at 00:0C:29:97:58:99 [ether] on eth0
ssh: connect to host 192.168.1.21 port 22: No route to host
? (192.168.1.21) at 00:0C:29:97:58:99 [ether] on eth0

So arp says that the MAC for warsaw is 00:0C:29:97:58:99, but a few seconds
later:

[root at saratoga ~]#  arp -na 192.168.1.21;
? (192.168.1.21) at 00:0C:29:97:58:8F [ether] on eth0

So arp has changed.  I think I have a clue, now.

Warsaw (the 192.168.1.21 system) has two NICs, one on this subnet and one
on another network.  It looks to me like both nics are responding to the
arp lookup.  I wouldn't think they should do that.

I should probably verify this with tcpdump of wireshark, but I think I'm
making progress.

Michael


>
> - while you have this script running, have a look at arp activity
>
> # tcpdump -nn -e -i eth0 host 192.168.1.21 or arp
>
> your ip routing table has little relevance here from the errno you're
> receiving - your initial ping coming back as a success indicates to me that
> you
> should have the appropriate arp entry which is why ruling out any
> potential for a v6 connection to this node causing this delay seems like a
> logical step
>
> 'no route to host' just means an errno of EHOSTUNREACH was returned during
> the socket connection attempt
>
> On 07/10/2012 09:19 AM, Michael Hirsch wrote:
> > On Mon, Jul 9, 2012 at 1:29 PM, Ebben Aries <earies at dscp.org <mailto:
> earies at dscp.org>> wrote:
> >
> >     You are sending an echo req -> saratoga (localhost eth0 by the looks
> of it), yet following that w/ a connection attempt to warsaw - have a look
> at
> >     your arp cache for warsaw's address if it is on the same segment or
> your gw (192.168.1.1) if not.  Alter your ping statement to target warsaw
> rather
> >     to trigger an arp request prior to connection attempt. (which looks
> like what you were attempting to do in the first place)
> >
> >
> > OMG, duh!  Don't know how I did that.  Obviously I should be pinging
> warsaw.  Thanks for pointing it out.
> >
> > Unfortunately, it still behaves like that.  Here is the output of
> pinging warsaw, then trying to ssh there.  Then I wait a short time and try
> again.
> > The second time it connects.  The route hasn't changed.
> >
> > [software at saratoga build-jaws-svn]$ date; ping -c 1 warsaw;
> /sbin/route; ssh software at warsaw
> > Tue Jul 10 09:15:12 MDT 2012
> > PING warsaw.stirlingsystems.net <http://warsaw.stirlingsystems.net>
> (192.168.1.21) 56(84) bytes of data.
> > 64 bytes from warsaw.stirlingsystems.net <
> http://warsaw.stirlingsystems.net> (192.168.1.21): icmp_seq=0 ttl=64
> time=4.54 ms
> >
> > --- warsaw.stirlingsystems.net <http://warsaw.stirlingsystems.net> ping
> statistics ---
> > 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> > rtt min/avg/max/mdev = 4.546/4.546/4.546/0.000 ms, pipe 2
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> > 172.16.30.0     *               255.255.255.0   U     0      0        0
> vmnet8
> > 192.168.137.0   *               255.255.255.0   U     0      0        0
> vmnet1
> > 192.168.8.0     192.168.1.51    255.255.255.0   UG    0      0        0
> eth0
> > 192.168.0.0     *               255.255.252.0   U     0      0        0
> eth0
> > 169.254.0.0     *               255.255.0.0     U     0      0        0
> eth0
> > default         192.168.1.1     0.0.0.0         UG    0      0        0
> eth0
> > ssh: connect to host warsaw port 22: No route to host
> > [software at saratoga build-jaws-svn]$ date; ping -c 1 warsaw;
> /sbin/route; ssh software at warsaw
> > Tue Jul 10 09:15:17 MDT 2012
> > PING warsaw.stirlingsystems.net <http://warsaw.stirlingsystems.net>
> (192.168.1.21) 56(84) bytes of data.
> > 64 bytes from warsaw.stirlingsystems.net <
> http://warsaw.stirlingsystems.net> (192.168.1.21): icmp_seq=0 ttl=64
> time=0.196 ms
> >
> > --- warsaw.stirlingsystems.net <http://warsaw.stirlingsystems.net> ping
> statistics ---
> > 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> > rtt min/avg/max/mdev = 0.196/0.196/0.196/0.000 ms, pipe 2
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> > 172.16.30.0     *               255.255.255.0   U     0      0        0
> vmnet8
> > 192.168.137.0   *               255.255.255.0   U     0      0        0
> vmnet1
> > 192.168.8.0     192.168.1.51    255.255.255.0   UG    0      0        0
> eth0
> > 192.168.0.0     *               255.255.252.0   U     0      0        0
> eth0
> > 169.254.0.0     *               255.255.0.0     U     0      0        0
> eth0
> > default         192.168.1.1     0.0.0.0         UG    0      0        0
> eth0
> > software at warsaw's password:
> >
> >
> > Thanks,
> >
> > Michael
> >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20120710/644f8c1c/attachment.html>


More information about the LUG mailing list