[lug] Dropped packet question

Davide Del Vento davide.del.vento at gmail.com
Fri Sep 27 09:31:57 MDT 2013 

Since you control the server, don't the logs tell you something about
the dropped packets? Since you don't see drops with the netbook, you
can rule out the rest of the network: it must be the server box.

It may be dropping packets for a variety of reasons, just to mention a
couple of stupid ones: a defective network card or too high CPU load.

Cheers,
Davide

On Thu, Sep 26, 2013 at 8:48 AM, Chip Atkinson <chip at pupman.com> wrote:
> Greetings all,
>
> Due to the recent flooding I had to change data centers from my parents'
> basement to mine, which resulted in re-doing my network.
>
> Now that I've moved and re-IPed the server, I'm seeing large numbers of
> dropped packets, slow ping times, basic network malaise.  I've been
> running a series of 100 pings 5 sec apart and then looking at the reported
> loss figures.
>
> With comcast's help, I believe that we've eliminated them and their
> hardware.
>
> I put a small linux netbook on the network in place of the server and was
> able to ping it from outside (vpn to work and out from there) and the
> ping response time and dropped packets were basically gone.  Besides being
> newer hardware and OS, the netbook had no services (web, dns, email).
>
> I then connected the server and see the dropped packet and slow ping time
> issue again.
>
> I was using tcpdump and noticed that a large portion of the traffic is DNS
> lookups:
>
> 08:42:23.411809 IP (tos 0x0, ttl  64, id 42252, offset 0, flags [+],
> length: 1500) 173.14.7.2.53 > 108.174.149.7.2305:  13490| 250/0/1
> bitstress.com. SOA[|domain]
> 08:42:23.411817 IP (tos 0x0, ttl  64, id 42252, offset 1480, flags [+],
> length: 1500) 173.14.7.2 > 108.174.149.7: udp
> 08:42:23.411822 IP (tos 0x0, ttl  64, id 42252, offset 2960, flags [none],
> length: 1150) 173.14.7.2 > 108.174.149.7: udp
>
> Googling found this:
> http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html
>
> My question is whether or not the dns traffic could be responsible for all
> the dropped network packets or should I start looking elsewhere for the
> problem?
>
> I switched network interfaces and took the original server network
> interface off the network, thinking that it could be broadcasting a bunch
> of noise but still am seeing packet losses, though perhaps not as severe.
>
>
> Thanks in advance for any insight and help.
>
> Chip
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

More information about the LUG mailing list