[lug] Dropped packet question

Tim Singleton tims-blug at dystopian.org
Fri Sep 27 10:40:41 MDT 2013 

I agree with Dan, check your negotiation settings (speed and duplex).  
Sometimes autodetect doesn't work and you need to manually set it.
I would also look through your system very carefully to see what process 
is making all these DNS requests.  DNS requests are small, and if it is 
actually causing a network slowdown or dropped packets, then you have 
some bot or infection that you should clean up right away.  Finally, I 
don't know how your network is set up, but if you have another computer 
on a local network you have access to, you can send ping tests there as 
well.  I have also had good luck using iPerf as a bandwidth/latency 
testing tool. http://www.youtube.com/watch?v=3nz0HmPcoj0 is a good 
example of how to use it.  (The video discusses wireless, but applies 
equally to wired networks.)


On 9/27/2013 10:21 AM, lug-request at lug.boulder.co.us wrote:
> Greetings all,
>
> Due to the recent flooding I had to change data centers from my parents'
> basement to mine, which resulted in re-doing my network.
>
> Now that I've moved and re-IPed the server, I'm seeing large numbers of
> dropped packets, slow ping times, basic network malaise.  I've been
> running a series of 100 pings 5 sec apart and then looking at the reported
> loss figures.
>
> With comcast's help, I believe that we've eliminated them and their
> hardware.
>
> I put a small linux netbook on the network in place of the server and was
> able to ping it from outside (vpn to work and out from there) and the
> ping response time and dropped packets were basically gone.  Besides being
> newer hardware and OS, the netbook had no services (web, dns, email).
>
> I then connected the server and see the dropped packet and slow ping time
> issue again.
>
> I was using tcpdump and noticed that a large portion of the traffic is DNS
> lookups:
>
> 08:42:23.411809 IP (tos 0x0, ttl  64, id 42252, offset 0, flags [+],
> length: 1500) 173.14.7.2.53 > 108.174.149.7.2305:  13490| 250/0/1
> bitstress.com. SOA[|domain]
> 08:42:23.411817 IP (tos 0x0, ttl  64, id 42252, offset 1480, flags [+],
> length: 1500) 173.14.7.2 > 108.174.149.7: udp
> 08:42:23.411822 IP (tos 0x0, ttl  64, id 42252, offset 2960, flags [none],
> length: 1150) 173.14.7.2 > 108.174.149.7: udp
>
> Googling found this:
> http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html
>
> My question is whether or not the dns traffic could be responsible for all
> the dropped network packets or should I start looking elsewhere for the
> problem?
>
> I switched network interfaces and took the original server network
> interface off the network, thinking that it could be broadcasting a bunch
> of noise but still am seeing packet losses, though perhaps not as severe.
>
>
> Thanks in advance for any insight and help.
>
> Chip
>

More information about the LUG mailing list