[lug] Dropped packet question

Dan Ferris dan at usrsbin.com
Fri Sep 27 09:38:42 MDT 2013


Start with something easy.  Check ifconfig and see if there are errors 
on the interface.  If so, then start by checking hardware. You could 
have a bad cable, bad nic, bad switch port, or a duplex mismatch.

Dan

On 9/27/2013 9:31 AM, Davide Del Vento wrote:
> Since you control the server, don't the logs tell you something about
> the dropped packets? Since you don't see drops with the netbook, you
> can rule out the rest of the network: it must be the server box.
>
> It may be dropping packets for a variety of reasons, just to mention a
> couple of stupid ones: a defective network card or too high CPU load.
>
> Cheers,
> Davide
>
> On Thu, Sep 26, 2013 at 8:48 AM, Chip Atkinson <chip at pupman.com> wrote:
>> Greetings all,
>>
>> Due to the recent flooding I had to change data centers from my parents'
>> basement to mine, which resulted in re-doing my network.
>>
>> Now that I've moved and re-IPed the server, I'm seeing large numbers of
>> dropped packets, slow ping times, basic network malaise.  I've been
>> running a series of 100 pings 5 sec apart and then looking at the reported
>> loss figures.
>>
>> With comcast's help, I believe that we've eliminated them and their
>> hardware.
>>
>> I put a small linux netbook on the network in place of the server and was
>> able to ping it from outside (vpn to work and out from there) and the
>> ping response time and dropped packets were basically gone.  Besides being
>> newer hardware and OS, the netbook had no services (web, dns, email).
>>
>> I then connected the server and see the dropped packet and slow ping time
>> issue again.
>>
>> I was using tcpdump and noticed that a large portion of the traffic is DNS
>> lookups:
>>
>> 08:42:23.411809 IP (tos 0x0, ttl  64, id 42252, offset 0, flags [+],
>> length: 1500) 173.14.7.2.53 > 108.174.149.7.2305:  13490| 250/0/1
>> bitstress.com. SOA[|domain]
>> 08:42:23.411817 IP (tos 0x0, ttl  64, id 42252, offset 1480, flags [+],
>> length: 1500) 173.14.7.2 > 108.174.149.7: udp
>> 08:42:23.411822 IP (tos 0x0, ttl  64, id 42252, offset 2960, flags [none],
>> length: 1150) 173.14.7.2 > 108.174.149.7: udp
>>
>> Googling found this:
>> http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html
>>
>> My question is whether or not the dns traffic could be responsible for all
>> the dropped network packets or should I start looking elsewhere for the
>> problem?
>>
>> I switched network interfaces and took the original server network
>> interface off the network, thinking that it could be broadcasting a bunch
>> of noise but still am seeing packet losses, though perhaps not as severe.
>>
>>
>> Thanks in advance for any insight and help.
>>
>> Chip
>>
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety



More information about the LUG mailing list