[lug] Dropped packet question

Chip Atkinson chip at pupman.com
Thu Sep 26 09:33:13 MDT 2013 

No, the logs are rather quiet, but there's no iptable entry to drop the
dns packets.

chip1:/var/log # uptime
  9:31am  up 7 days 10:44,  4 users,  load average: 0.02, 0.04, 0.00

So the network card(s) are suspect...  

On Fri, 27 Sep 2013, Davide Del Vento wrote:

> Since you control the server, don't the logs tell you something about
> the dropped packets? Since you don't see drops with the netbook, you
> can rule out the rest of the network: it must be the server box.
> 
> It may be dropping packets for a variety of reasons, just to mention a
> couple of stupid ones: a defective network card or too high CPU load.
> 
> Cheers,
> Davide
> 
> On Thu, Sep 26, 2013 at 8:48 AM, Chip Atkinson <chip at pupman.com> wrote:
> > Greetings all,
> >
> > Due to the recent flooding I had to change data centers from my parents'
> > basement to mine, which resulted in re-doing my network.
> >
> > Now that I've moved and re-IPed the server, I'm seeing large numbers of
> > dropped packets, slow ping times, basic network malaise.  I've been
> > running a series of 100 pings 5 sec apart and then looking at the reported
> > loss figures.
> >
> > With comcast's help, I believe that we've eliminated them and their
> > hardware.
> >
> > I put a small linux netbook on the network in place of the server and was
> > able to ping it from outside (vpn to work and out from there) and the
> > ping response time and dropped packets were basically gone.  Besides being
> > newer hardware and OS, the netbook had no services (web, dns, email).
> >
> > I then connected the server and see the dropped packet and slow ping time
> > issue again.
> >
> > I was using tcpdump and noticed that a large portion of the traffic is DNS
> > lookups:
> >
> > 08:42:23.411809 IP (tos 0x0, ttl  64, id 42252, offset 0, flags [+],
> > length: 1500) 173.14.7.2.53 > 108.174.149.7.2305:  13490| 250/0/1
> > bitstress.com. SOA[|domain]
> > 08:42:23.411817 IP (tos 0x0, ttl  64, id 42252, offset 1480, flags [+],
> > length: 1500) 173.14.7.2 > 108.174.149.7: udp
> > 08:42:23.411822 IP (tos 0x0, ttl  64, id 42252, offset 2960, flags [none],
> > length: 1150) 173.14.7.2 > 108.174.149.7: udp
> >
> > Googling found this:
> > http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html
> >
> > My question is whether or not the dns traffic could be responsible for all
> > the dropped network packets or should I start looking elsewhere for the
> > problem?
> >
> > I switched network interfaces and took the original server network
> > interface off the network, thinking that it could be broadcasting a bunch
> > of noise but still am seeing packet losses, though perhaps not as severe.
> >
> >
> > Thanks in advance for any insight and help.
> >
> > Chip
> >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>

More information about the LUG mailing list