[lug] Dropped packet question
David Frye
dafr at dafr.us
Fri Sep 27 10:20:07 MDT 2013
What does 'netstat -s <interface>' show?
If packets are being dropped, it may have additional information there not shown with ifconfig.
On Sep 26, 2013, at 8:53 AM, Chip Atkinson wrote:
> Thanks. I'm not seeing errors or dropped packets in ifconfig, which is
> kind of weird, isn't it? If ping reports dropped packets, wouldn't that
> droppage appear in the output of ifconfig?
>
> On Fri, 27 Sep 2013, Dan Ferris wrote:
>
>> Start with something easy. Check ifconfig and see if there are errors
>> on the interface. If so, then start by checking hardware. You could
>> have a bad cable, bad nic, bad switch port, or a duplex mismatch.
>>
>> Dan
>>
>> On 9/27/2013 9:31 AM, Davide Del Vento wrote:
>>> Since you control the server, don't the logs tell you something about
>>> the dropped packets? Since you don't see drops with the netbook, you
>>> can rule out the rest of the network: it must be the server box.
>>>
>>> It may be dropping packets for a variety of reasons, just to mention a
>>> couple of stupid ones: a defective network card or too high CPU load.
>>>
>>> Cheers,
>>> Davide
>>>
>>> On Thu, Sep 26, 2013 at 8:48 AM, Chip Atkinson <chip at pupman.com> wrote:
>>>> Greetings all,
>>>>
>>>> Due to the recent flooding I had to change data centers from my parents'
>>>> basement to mine, which resulted in re-doing my network.
>>>>
>>>> Now that I've moved and re-IPed the server, I'm seeing large numbers of
>>>> dropped packets, slow ping times, basic network malaise. I've been
>>>> running a series of 100 pings 5 sec apart and then looking at the reported
>>>> loss figures.
>>>>
>>>> With comcast's help, I believe that we've eliminated them and their
>>>> hardware.
>>>>
>>>> I put a small linux netbook on the network in place of the server and was
>>>> able to ping it from outside (vpn to work and out from there) and the
>>>> ping response time and dropped packets were basically gone. Besides being
>>>> newer hardware and OS, the netbook had no services (web, dns, email).
>>>>
>>>> I then connected the server and see the dropped packet and slow ping time
>>>> issue again.
>>>>
>>>> I was using tcpdump and noticed that a large portion of the traffic is DNS
>>>> lookups:
>>>>
>>>> 08:42:23.411809 IP (tos 0x0, ttl 64, id 42252, offset 0, flags [+],
>>>> length: 1500) 173.14.7.2.53 > 108.174.149.7.2305: 13490| 250/0/1
>>>> bitstress.com. SOA[|domain]
>>>> 08:42:23.411817 IP (tos 0x0, ttl 64, id 42252, offset 1480, flags [+],
>>>> length: 1500) 173.14.7.2 > 108.174.149.7: udp
>>>> 08:42:23.411822 IP (tos 0x0, ttl 64, id 42252, offset 2960, flags [none],
>>>> length: 1150) 173.14.7.2 > 108.174.149.7: udp
>>>>
>>>> Googling found this:
>>>> http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html
>>>>
>>>> My question is whether or not the dns traffic could be responsible for all
>>>> the dropped network packets or should I start looking elsewhere for the
>>>> problem?
>>>>
>>>> I switched network interfaces and took the original server network
>>>> interface off the network, thinking that it could be broadcasting a bunch
>>>> of noise but still am seeing packet losses, though perhaps not as severe.
>>>>
>>>>
>>>> Thanks in advance for any insight and help.
>>>>
>>>> Chip
>>>>
>>>>
>>>> _______________________________________________
>>>> Web Page: http://lug.boulder.co.us
>>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>> _______________________________________________
>>> Web Page: http://lug.boulder.co.us
>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>> _______________________________________________
>> Web Page: http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
--
David
dafr at dafr.us
More information about the LUG
mailing list