Re: Interpreting ping response? (the POD lives??)
On Apr 18, 2004, at 6:10 PM, Kevin D. Kinsey, DaleCo, S.P. wrote: A further question, if I may ... from a FBSD box at 192.168.0.2, I can ping 192.168.0.2 up to { -s 65507 }. Windows XP at *.*.*.10 responds as long as { -s 25153 } ... if Ethernet Maximum is 1500, and that's the reason for the error ? why doesn't FreeBSD, or even Windows, elicit a similar response? Nah, maybe that's a bad question ... they aren't the same OS ... :-( So, MTU is an OS feature/stat rather than general Ethernet? You can send ICMP or UDP packets larger than the local MTU because the IP layer includes support for fragmenting datagrams if they are too big. This capability works remarkably well but can be expensive in terms of system resources to break apart and reassemble fragments. MTU is a parameter of a network transport layer, it has nothing to do with the OS... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Interpreting ping response? (the POD lives??)
On Tue, Apr 13, 2004 at 09:46:21AM -0500, Kevin D. Kinsey, DaleCo, S.P. wrote: Can anyone help me interpret the following output? I read the ping manpage, but came to the end before I learned much that helps me here [EMAIL PROTECTED] [/home/kdk] [16:25] #sudo ping -s 2048 app PING app.southuni.com (192.168.0.80): 2048 data bytes 36 bytes from app.southuni.com (192.168.0.80): Destination Host Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 05dc 07bd 0 3f 01 1677 192.168.0.2 192.168.0.80 The device (router?) is sending a host unreachable message which can be for a variety of reasons, the most common being that there is no route available to the destination. What address are you pinging from though? You are trying to ping with a packet size of 2048 bytes (-s) but the MTU of Ethernet is 1500 bytes. You don't need to understand the information below to troubleshoot this but here is an explanation anyway :) It's just a dump of the IP packet headers that came back in the destination host unreachable message: Vr 4 IP version 4 HL 5 Packet header length TOS 0 Type of Service: Routine traffic Len 05dc Packet length in hex (1500 bytes) ID 07bdIdentification - unique number to tell the ICMP packets apart Flg 0 Flags - 3 bits: 0 (reserved), 0 (fragment if necessary), 0 (last fragment) Off Fragment offset (not used since it is not a fragment) TTL 3f Time to Live in hex (63 hops) - number of hops before packet is discarded Pro 01 IP protocol type (01 = ICMP, what ping uses) Cks 1677 Packet header checksum SrcSource address that sent the host unreachable message DstRecipient of the host unreachable message - your machine -- Stephen Fisher San Jose, CA USA ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Interpreting ping response? (the POD lives??)
Stephen Fisher wrote: On Tue, Apr 13, 2004 at 09:46:21AM -0500, Kevin D. Kinsey, DaleCo, S.P. wrote: Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 05dc 07bd 0 3f 01 1677 192.168.0.2 192.168.0.80 The device (router?) is sending a host unreachable message which can be for a variety of reasons, the most common being that there is no route available to the destination. What address are you pinging from though? You are trying to ping with a packet size of 2048 bytes (-s) but the MTU of Ethernet is 1500 bytes. First off, thank you *very much* for taking time to explain this. A further question, if I may ... from a FBSD box at 192.168.0.2, I can ping 192.168.0.2 up to { -s 65507 }. Windows XP at *.*.*.10 responds as long as { -s 25153 } ... if Ethernet Maximum is 1500, and that's the reason for the error ? why doesn't FreeBSD, or even Windows, elicit a similar response? Nah, maybe that's a bad question ... they aren't the same OS ... :-( So, MTU is an OS feature/stat rather than general Ethernet? You don't need to understand the information below to troubleshoot this but here is an explanation anyway :) It's just a dump of the IP packet headers that came back in the destination host unreachable message: Vr 4 IP version 4 HL 5 Packet header length TOS 0 Type of Service: Routine traffic Len 05dc Packet length in hex (1500 bytes) ID 07bd Identification - unique number to tell the ICMP packets apart Flg 0 Flags - 3 bits: 0 (reserved), 0 (fragment if necessary), 0 (last fragment) Off Fragment offset (not used since it is not a fragment) TTL 3f Time to Live in hex (63 hops) - number of hops before packet is discarded Pro 01 IP protocol type (01 = ICMP, what ping uses) Cks 1677 Packet header checksum Src Source address that sent the host unreachable message Dst Recipient of the host unreachable message - your machine Thank you. This was what I was fishing for, an explanation, for me to learn *something* from this experience, besides the fact that this other OS seems to behave badly in the presence of any kind of adverse networking conditions, including big pings and any kind of real latency ... We've just decided we're going to have to baby this one. Wish it was a *BSD instead; seems like nothing much bothers BSD ;-) Kevin Kinsey DaleCo, S.P. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Interpreting ping response? (the POD lives??)
Can anyone help me interpret the following output? I read the ping manpage, but came to the end before I learned much that helps me here Other than source and destination, where can I find an explanation for the rest of this? And, if possible, can you tell me what might be happening? I've seen responses like it before, but usually only because I was pinging a blocked port; unfortunately for me, now I kinda need to know, and I really am not deep enough into TCP/IP to know where to look for an answer ... :-( Kevin Kinsey -- [EMAIL PROTECTED] [/home/kdk] [16:25] #sudo ping -s 2048 app PING app.southuni.com (192.168.0.80): 2048 data bytes 36 bytes from app.southuni.com (192.168.0.80): Destination Host Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 05dc 07bd 0 3f 01 1677 192.168.0.2 192.168.0.80 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Interpreting ping response? (the POD lives??)
Kevin D. Kinsey, DaleCo, S.P. wrote: can you tell me what might be happening? [EMAIL PROTECTED] [/home/kdk] [16:25] #sudo ping -s 2048 app PING app.southuni.com (192.168.0.80): 2048 data bytes 36 bytes from app.southuni.com (192.168.0.80): Destination Host Unreachable This may indicate that the computer is behind a firewall, that blocks response to ping. R. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Interpreting ping response? (the POD lives??)
On Wed, Apr 14, 2004 at 12:08:16AM +0900, Rob wrote: Kevin D. Kinsey, DaleCo, S.P. wrote: can you tell me what might be happening? [EMAIL PROTECTED] [/home/kdk] [16:25] #sudo ping -s 2048 app PING app.southuni.com (192.168.0.80): 2048 data bytes 36 bytes from app.southuni.com (192.168.0.80): Destination Host Unreachable This may indicate that the computer is behind a firewall, that blocks response to ping. If so, it wouldn't indicate the response is being blocked, but the request. If the response was being block the icmp message would go to app.southuni.com, which originated the blocked packet. Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 05dc 07bd 0 3f 01 1677 192.168.0.2 192.168.0.80 is the ip header of the packet to which the icmp-unreachable message is a response to. (ie your original ping request) -- greetz Joost [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Interpreting ping response? (the POD lives??)
Rob wrote: Kevin D. Kinsey, DaleCo, S.P. wrote: can you tell me what might be happening? [EMAIL PROTECTED] [/home/kdk] [16:25] #sudo ping -s 2048 app PING app.southuni.com (192.168.0.80): 2048 data bytes 36 bytes from app.southuni.com (192.168.0.80): Destination Host Unreachable This may indicate that the computer is behind a firewall, that blocks response to ping. Well, yes; I am somewhat aware of that. Can you tell me what the hieroglyphics mean? Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 05dc 07bd 0 3f 01 1677 192.168.0.2 192.168.0.80 There is, AFAIK, no firewall here; the situation: the two hosts are on the same private Class C, and app is an application server running an OS that is neither a *BSD nor M$ stuff. The crux of the issue is that app responded normally to pings of 56, 128, 256, 512, and 1024 bytes, and then when the 2048 byte packet was sent, we got this response and the whole shop went offline, hence the subtitle to this post (the POD lives??) The shop has problems similar to this rather frequently, and my next step is probably to put an old-style hub on the wire right next to app with a lil' FBSD box that I can run ethereal or tcpdump on, but it may not do me much good until I can learn how to read this stuff a little better. I want to blame the OS or the app vendor, or the M$ Windows client that connects to it. Fortunately for us, the only FreeBSD machine in this scenario is the one doing the attacking. I'll probably be hunting for clues (and harping the blues) elsewhere, as it doesn't appear to be related to FreeBSD at all, but as I frequent this list I thought I might gain a bit of insight by asking. Thanks for your response :-) Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Interpreting ping response? (the POD lives??)
Check the archives, I remember seeing the question asked about what the ping response fields mean about 2+ years ago. http://groups.google.com/groups?q=ping+group:lucky.freebsd.questions hl=enlr=lang_enie=UTF-8group=lucky.freebsd.questionssa=G -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kevin D. Kinsey, DaleCo, S.P. Sent: Tuesday, April 13, 2004 1:08 PM To: [EMAIL PROTECTED] Subject: Re: Interpreting ping response? (the POD lives??) Rob wrote: Kevin D. Kinsey, DaleCo, S.P. wrote: can you tell me what might be happening? [EMAIL PROTECTED] [/home/kdk] [16:25] #sudo ping -s 2048 app PING app.southuni.com (192.168.0.80): 2048 data bytes 36 bytes from app.southuni.com (192.168.0.80): Destination Host Unreachable This may indicate that the computer is behind a firewall, that blocks response to ping. Well, yes; I am somewhat aware of that. Can you tell me what the hieroglyphics mean? Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 05dc 07bd 0 3f 01 1677 192.168.0.2 192.168.0.80 There is, AFAIK, no firewall here; the situation: the two hosts are on the same private Class C, and app is an application server running an OS that is neither a *BSD nor M$ stuff. The crux of the issue is that app responded normally to pings of 56, 128, 256, 512, and 1024 bytes, and then when the 2048 byte packet was sent, we got this response and the whole shop went offline, hence the subtitle to this post (the POD lives??) The shop has problems similar to this rather frequently, and my next step is probably to put an old-style hub on the wire right next to app with a lil' FBSD box that I can run ethereal or tcpdump on, but it may not do me much good until I can learn how to read this stuff a little better. I want to blame the OS or the app vendor, or the M$ Windows client that connects to it. Fortunately for us, the only FreeBSD machine in this scenario is the one doing the attacking. I'll probably be hunting for clues (and harping the blues) elsewhere, as it doesn't appear to be related to FreeBSD at all, but as I frequent this list I thought I might gain a bit of insight by asking. Thanks for your response :-) Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Interpreting ping response? (the POD lives??)
On Tuesday 13 April 2004 14:46, Kevin D. Kinsey, DaleCo, S.P. wrote: Can anyone help me interpret the following output? I read the ping manpage, but came to the end before I learned much that helps me here Other than source and destination, where can I find an explanation for the rest of this? And, if possible, can you tell me what might be happening? I've seen responses like it before, but usually only because I was pinging a blocked port; unfortunately for me, now I kinda need to know, and I really am not deep enough into TCP/IP to know where to look for an answer ... :-( Ping packets an ICMP encapsulated in an IP packet, they have nothing to do with TCP. Also, you can't ping a port. There are no ports in these protocols, they are handled in TCP and UDP. What is listed in the output are the contents of the IP header. They are described in the RFC 791: http://www.ietf.org/rfc/rfc0791.txt Daniela ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]