[lug] Dropped packet question

Chip Atkinson chip at pupman.com
Fri Sep 27 10:35:49 MDT 2013 

Yeow.  Good catch.  Fixed.

On Fri, 27 Sep 2013, Bruce Long wrote:

> Is it possible that the problem is related to your system clock being off?
> Some network measurements require the system clocks to be in relative sync.
> I ask because the email messages received from you (Chip) are all marked as
> being sent yesterday.
> 
> 
> On Thu, Sep 26, 2013 at 9:53 AM, Chip Atkinson <chip at pupman.com> wrote:
> 
> > Thanks.  I'm not seeing errors or dropped packets in ifconfig, which is
> > kind of weird, isn't  it?  If ping reports dropped packets, wouldn't that
> > droppage appear in the output of ifconfig?
> >
> > On Fri, 27 Sep 2013, Dan Ferris wrote:
> >
> > > Start with something easy.  Check ifconfig and see if there are errors
> > > on the interface.  If so, then start by checking hardware. You could
> > > have a bad cable, bad nic, bad switch port, or a duplex mismatch.
> > >
> > > Dan
> > >
> > > On 9/27/2013 9:31 AM, Davide Del Vento wrote:
> > > > Since you control the server, don't the logs tell you something about
> > > > the dropped packets? Since you don't see drops with the netbook, you
> > > > can rule out the rest of the network: it must be the server box.
> > > >
> > > > It may be dropping packets for a variety of reasons, just to mention a
> > > > couple of stupid ones: a defective network card or too high CPU load.
> > > >
> > > > Cheers,
> > > > Davide
> > > >
> > > > On Thu, Sep 26, 2013 at 8:48 AM, Chip Atkinson <chip at pupman.com>
> > wrote:
> > > >> Greetings all,
> > > >>
> > > >> Due to the recent flooding I had to change data centers from my
> > parents'
> > > >> basement to mine, which resulted in re-doing my network.
> > > >>
> > > >> Now that I've moved and re-IPed the server, I'm seeing large numbers
> > of
> > > >> dropped packets, slow ping times, basic network malaise.  I've been
> > > >> running a series of 100 pings 5 sec apart and then looking at the
> > reported
> > > >> loss figures.
> > > >>
> > > >> With comcast's help, I believe that we've eliminated them and their
> > > >> hardware.
> > > >>
> > > >> I put a small linux netbook on the network in place of the server and
> > was
> > > >> able to ping it from outside (vpn to work and out from there) and the
> > > >> ping response time and dropped packets were basically gone.  Besides
> > being
> > > >> newer hardware and OS, the netbook had no services (web, dns, email).
> > > >>
> > > >> I then connected the server and see the dropped packet and slow ping
> > time
> > > >> issue again.
> > > >>
> > > >> I was using tcpdump and noticed that a large portion of the traffic
> > is DNS
> > > >> lookups:
> > > >>
> > > >> 08:42:23.411809 IP (tos 0x0, ttl  64, id 42252, offset 0, flags [+],
> > > >> length: 1500) 173.14.7.2.53 > 108.174.149.7.2305:  13490| 250/0/1
> > > >> bitstress.com. SOA[|domain]
> > > >> 08:42:23.411817 IP (tos 0x0, ttl  64, id 42252, offset 1480, flags
> > [+],
> > > >> length: 1500) 173.14.7.2 > 108.174.149.7: udp
> > > >> 08:42:23.411822 IP (tos 0x0, ttl  64, id 42252, offset 2960, flags
> > [none],
> > > >> length: 1150) 173.14.7.2 > 108.174.149.7: udp
> > > >>
> > > >> Googling found this:
> > > >>
> > http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html
> > > >>
> > > >> My question is whether or not the dns traffic could be responsible
> > for all
> > > >> the dropped network packets or should I start looking elsewhere for
> > the
> > > >> problem?
> > > >>
> > > >> I switched network interfaces and took the original server network
> > > >> interface off the network, thinking that it could be broadcasting a
> > bunch
> > > >> of noise but still am seeing packet losses, though perhaps not as
> > severe.
> > > >>
> > > >>
> > > >> Thanks in advance for any insight and help.
> > > >>
> > > >> Chip
> > > >>
> > > >>
> > > >> _______________________________________________
> > > >> Web Page:  http://lug.boulder.co.us
> > > >> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > >> Join us on IRC: irc.hackingsociety.org port=6667
> > channel=#hackingsociety
> > > > _______________________________________________
> > > > Web Page:  http://lug.boulder.co.us
> > > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > > Join us on IRC: irc.hackingsociety.org port=6667
> > channel=#hackingsociety
> > >
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> > >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >
> 
> 
> 
> -- 
> Give me immortality or give me death!
>

More information about the LUG mailing list