[lug] Dropped packet question

Bruce Long qstream at gmail.com
Fri Sep 27 10:20:24 MDT 2013 

Is it possible that the problem is related to your system clock being off?
Some network measurements require the system clocks to be in relative sync.
I ask because the email messages received from you (Chip) are all marked as
being sent yesterday.


On Thu, Sep 26, 2013 at 9:53 AM, Chip Atkinson <chip at pupman.com> wrote:

> Thanks.  I'm not seeing errors or dropped packets in ifconfig, which is
> kind of weird, isn't  it?  If ping reports dropped packets, wouldn't that
> droppage appear in the output of ifconfig?
>
> On Fri, 27 Sep 2013, Dan Ferris wrote:
>
> > Start with something easy.  Check ifconfig and see if there are errors
> > on the interface.  If so, then start by checking hardware. You could
> > have a bad cable, bad nic, bad switch port, or a duplex mismatch.
> >
> > Dan
> >
> > On 9/27/2013 9:31 AM, Davide Del Vento wrote:
> > > Since you control the server, don't the logs tell you something about
> > > the dropped packets? Since you don't see drops with the netbook, you
> > > can rule out the rest of the network: it must be the server box.
> > >
> > > It may be dropping packets for a variety of reasons, just to mention a
> > > couple of stupid ones: a defective network card or too high CPU load.
> > >
> > > Cheers,
> > > Davide
> > >
> > > On Thu, Sep 26, 2013 at 8:48 AM, Chip Atkinson <chip at pupman.com>
> wrote:
> > >> Greetings all,
> > >>
> > >> Due to the recent flooding I had to change data centers from my
> parents'
> > >> basement to mine, which resulted in re-doing my network.
> > >>
> > >> Now that I've moved and re-IPed the server, I'm seeing large numbers
> of
> > >> dropped packets, slow ping times, basic network malaise.  I've been
> > >> running a series of 100 pings 5 sec apart and then looking at the
> reported
> > >> loss figures.
> > >>
> > >> With comcast's help, I believe that we've eliminated them and their
> > >> hardware.
> > >>
> > >> I put a small linux netbook on the network in place of the server and
> was
> > >> able to ping it from outside (vpn to work and out from there) and the
> > >> ping response time and dropped packets were basically gone.  Besides
> being
> > >> newer hardware and OS, the netbook had no services (web, dns, email).
> > >>
> > >> I then connected the server and see the dropped packet and slow ping
> time
> > >> issue again.
> > >>
> > >> I was using tcpdump and noticed that a large portion of the traffic
> is DNS
> > >> lookups:
> > >>
> > >> 08:42:23.411809 IP (tos 0x0, ttl  64, id 42252, offset 0, flags [+],
> > >> length: 1500) 173.14.7.2.53 > 108.174.149.7.2305:  13490| 250/0/1
> > >> bitstress.com. SOA[|domain]
> > >> 08:42:23.411817 IP (tos 0x0, ttl  64, id 42252, offset 1480, flags
> [+],
> > >> length: 1500) 173.14.7.2 > 108.174.149.7: udp
> > >> 08:42:23.411822 IP (tos 0x0, ttl  64, id 42252, offset 2960, flags
> [none],
> > >> length: 1150) 173.14.7.2 > 108.174.149.7: udp
> > >>
> > >> Googling found this:
> > >>
> http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html
> > >>
> > >> My question is whether or not the dns traffic could be responsible
> for all
> > >> the dropped network packets or should I start looking elsewhere for
> the
> > >> problem?
> > >>
> > >> I switched network interfaces and took the original server network
> > >> interface off the network, thinking that it could be broadcasting a
> bunch
> > >> of noise but still am seeing packet losses, though perhaps not as
> severe.
> > >>
> > >>
> > >> Thanks in advance for any insight and help.
> > >>
> > >> Chip
> > >>
> > >>
> > >> _______________________________________________
> > >> Web Page:  http://lug.boulder.co.us
> > >> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > >> Join us on IRC: irc.hackingsociety.org port=6667
> channel=#hackingsociety
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > Join us on IRC: irc.hackingsociety.org port=6667
> channel=#hackingsociety
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>



-- 
Give me immortality or give me death!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20130927/9ea3e1fa/attachment-0001.html>

More information about the LUG mailing list