[lug] Dropped packet question

Chip Atkinson chip at pupman.com
Fri Sep 27 11:12:56 MDT 2013 

Thanks for the suggestions.  I"ll look into iPerf too. 

On Fri, 27 Sep 2013, Tim Singleton wrote:

> I agree with Dan, check your negotiation settings (speed and duplex).  
> Sometimes autodetect doesn't work and you need to manually set it.
> I would also look through your system very carefully to see what process 
> is making all these DNS requests.  DNS requests are small, and if it is 
> actually causing a network slowdown or dropped packets, then you have 
> some bot or infection that you should clean up right away.  Finally, I 
> don't know how your network is set up, but if you have another computer 
> on a local network you have access to, you can send ping tests there as 
> well.  I have also had good luck using iPerf as a bandwidth/latency 
> testing tool. http://www.youtube.com/watch?v=3nz0HmPcoj0 is a good 
> example of how to use it.  (The video discusses wireless, but applies 
> equally to wired networks.)
> 
> 
> On 9/27/2013 10:21 AM, lug-request at lug.boulder.co.us wrote:
> > Greetings all,
> >
> > Due to the recent flooding I had to change data centers from my parents'
> > basement to mine, which resulted in re-doing my network.
> >
> > Now that I've moved and re-IPed the server, I'm seeing large numbers of
> > dropped packets, slow ping times, basic network malaise.  I've been
> > running a series of 100 pings 5 sec apart and then looking at the reported
> > loss figures.
> >
> > With comcast's help, I believe that we've eliminated them and their
> > hardware.
> >
> > I put a small linux netbook on the network in place of the server and was
> > able to ping it from outside (vpn to work and out from there) and the
> > ping response time and dropped packets were basically gone.  Besides being
> > newer hardware and OS, the netbook had no services (web, dns, email).
> >
> > I then connected the server and see the dropped packet and slow ping time
> > issue again.
> >
> > I was using tcpdump and noticed that a large portion of the traffic is DNS
> > lookups:
> >
> > 08:42:23.411809 IP (tos 0x0, ttl  64, id 42252, offset 0, flags [+],
> > length: 1500) 173.14.7.2.53 > 108.174.149.7.2305:  13490| 250/0/1
> > bitstress.com. SOA[|domain]
> > 08:42:23.411817 IP (tos 0x0, ttl  64, id 42252, offset 1480, flags [+],
> > length: 1500) 173.14.7.2 > 108.174.149.7: udp
> > 08:42:23.411822 IP (tos 0x0, ttl  64, id 42252, offset 2960, flags [none],
> > length: 1150) 173.14.7.2 > 108.174.149.7: udp
> >
> > Googling found this:
> > http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html
> >
> > My question is whether or not the dns traffic could be responsible for all
> > the dropped network packets or should I start looking elsewhere for the
> > problem?
> >
> > I switched network interfaces and took the original server network
> > interface off the network, thinking that it could be broadcasting a bunch
> > of noise but still am seeing packet losses, though perhaps not as severe.
> >
> >
> > Thanks in advance for any insight and help.
> >
> > Chip
> >
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>

More information about the LUG mailing list