> On 27 May 2020, at 14:38, Donald Mickunas <[email protected]> wrote:
>
> Thanks, Doug.
>
> Here are the results after running pkg update once.
>
> $ sudo tcpdump -n -e -ttt -r /var/log/pflog
> Password:
> reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
> 00:00:00.000000 rule 7/0(match): pass out on em0: 192.168.1.4.25334 >
> 192.168.1.1.53: 18844+[|domain]
> 00:00:00.049750 rule 7/0(match): pass out on em0: 192.168.1.4.48855 >
> 192.168.1.1.53: 59873+[|domain]
> 00:00:00.049459 rule 9/0(match): pass out on em0: 192.168.1.4.123 >
> 209.94.190.139.123: NTPv4, Client, length 48
> 00:00:00.887723 rule 9/0(match): pass out on em0: 192.168.1.4.123 >
> 64.6.144.6.123: NTPv4, Client, length 48
> 00:00:29.345987 rule 7/0(match): pass out on em0: 192.168.1.4.51718 >
> 192.168.1.1.53: 49030+[|domain]
> 00:00:00.442261 rule 7/0(match): pass out on em0: 192.168.1.4.12228 >
> 192.168.1.1.53: 15101+[|domain]
> 00:00:00.105498 rule 7/0(match): pass out on em0: 192.168.1.4.31652 >
> 192.168.1.1.53: 56618+[|domain]
> 00:00:00.136933 rule 3/0(match): pass out on em0:
> 2600:6c5c:6000:32a0:1a03:73ff:fe3a:d596.60802 > 2610:1c1:1:606c::50:1.80:
> [|tcp]
> 00:00:34.523685 rule 9/0(match): pass out on em0: 192.168.1.4.123 >
> 74.6.168.73.123: NTPv4, Client, length 48
> 00:00:00.526029 rule 3/0(match): pass out on em0: 192.168.1.4.12913 >
> 96.47.72.71.80: Flags [S], seq 1540288966, win 65535, options [mss
> 1460,nop,wscale 6,sackOK,TS[|tcp]>
> 00:00:00.075191 rule 7/0(match): pass out on em0: 192.168.1.4.11403 >
> 192.168.1.1.53: 30468+[|domain]
> 00:00:00.000800 rule 7/0(match): pass out on em0: 192.168.1.4.27145 >
> 192.168.1.1.53: 3978+[|domain]
> 00:00:00.000739 rule 3/0(match): pass out on em0:
> 2600:6c5c:6000:32a0:1a03:73ff:fe3a:d596.64864 > 2610:1c1:1:606c::50:1.80:
> [|tcp]
> 00:00:18.977520 rule 3/0(match): pass out on em0: 192.168.1.4.58497 >
> 96.47.72.71.80: Flags [S], seq 2776579475, win 65535, options [mss
> 1460,nop,wscale 6,sackOK,TS[|tcp]>
> 00:00:00.082616 rule 7/0(match): pass out on em0: 192.168.1.4.15248 >
> 192.168.1.1.53: 2366+[|domain]
> 00:00:00.000531 rule 7/0(match): pass out on em0: 192.168.1.4.65475 >
> 192.168.1.1.53: 41713+[|domain]
> 00:00:00.000772 rule 3/0(match): pass out on em0:
> 2600:6c5c:6000:32a0:1a03:73ff:fe3a:d596.55684 > 2610:1c1:1:606c::50:1.80:
> [|tcp]
> 00:00:18.883826 rule 3/0(match): pass out on em0: 192.168.1.4.25039 >
> 96.47.72.71.80: Flags [S], seq 222404333, win 65535, options [mss
> 1460,nop,wscale 6,sackOK,TS[|tcp]>
> $
>
> I have no idea how to interpret this. Any help would be appreciated.
That is quite unexpected. The connection starts out with IPv4 and then
switches to IPv6. It also only shows the output packets so delays caused at
the server end cannot be distinguished. I would recommend using tcpdump to see
the entire transaction.
In one window, start tcpdump with:
tcpdump -ixxx -ttt -s0 -X port 80
Here you need to replace xxx above with your interface name. You can find it
in the output of ifconfig. It will be the interface that has your IP address
in it. For example, mine is:
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
ether 38:c9:86:07:3b:5b
inet 10.0.1.250 netmask 0xffffff00 broadcast 10.0.1.255
inet6 fe80::3ac9:86ff:fe07:3b5b%bge0 prefixlen 64 scopeid 0x1
inet6 fee1::250 prefixlen 64
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
and the interface name is bge0.
Then in the second window start the pkg update command. Note, tcpdump will
produce a lot of output. The output will have a time stamp
(hours:minutes:seconds.microseconds). It will be a delta time from the
previous packet. Look for one where the seconds are greater than zero. That
is where the delays are occurring.
-- Doug
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
