[ale] Need help reading tcpdump output

Gary MacKay gary at edisoninfo.com
Fri Feb 15 09:08:18 EST 2002 

> Could you post the output of ifconfig? That might show us all something
> that didn't come up in the tcpdump.

------------DSL line: (we0 internal, ne1 external)
gw# ifconfig -a
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 32972
ne1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu
1500
        media: Ethernet autoselect (10baseT)
        inet 207.87.222.229 netmask 0xfffffff0 broadcast 207.87.222.239
        inet6 fe80::5054:40ff:fe20:4e7a%ne1 prefixlen 64 scopeid 0x1
we0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu
1500
        media: Ethernet 10base5
        inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 fe80::200:c0ff:fef7:e7ec%we0 prefixlen 64 scopeid 0x2
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500
bridge1: flags=0<> mtu 1500
gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

----------- Cable modem:  (xl0 internal, ne1 external)
gw2# ifconfig -a
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 32972
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet 10baseT (10baseT half-duplex)
        inet 192.168.0.253 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 fe80::201:2ff:fe73:bf7c%xl0 prefixlen 64 scopeid 0x1
ne1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu
1500
        media: Ethernet autoselect (10baseT)
        inet6 fe80::5054:4cff:fe1d:2900%ne1 prefixlen 64 scopeid 0x2
        inet 11.22.33.44 netmask 0xfffffc00 broadcast 255.255.255.255
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500
bridge1: flags=0<> mtu 1500
gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280


- Gary



Jim Philips wrote:
> 
> Could you post the output of ifconfig? That might show us all something
> that didn't come up in the tcpdump.
> 
> On Fri, 2002-02-15 at 06:37, Gary MacKay wrote:
> > I do not have a ppp0 interface on either firewall. There are two nic's
> > in each and they are all set to MTU of 1500.
> >
> >
> > Jim Philips wrote:
> > >
> > > Try running an ifconfig on your ppp0 interface with the cable modem and
> > > with DSL. You may find that MTU is different depending on the device you
> > > use to connect. I had major connection problenms with DSL a few weeks
> > > ago. They all went away when I reduced MTU to 1474 from 1492.
> > >
> > > On Thu, 2002-02-14 at 19:51, Gary MacKay wrote:
> > > > I have a cable modem and a DSL line in my office. I use the cable modem
> > > > to serve 'net access to my internal network and the DSL only has my
> > > > email/web server on it. I am having problems sending email to a few
> > > > domains, not all, just a few. I found I can telnet to port 25 of one of
> > > > the failing domains via my cable modem, but not via the DSL line. Below
> > > > are the first packett trace of each. The only thing I can see different
> > > > is the flags SWE instead of just S. I do not know enough about the flags
> > > > to know what that means nor how to fix it. The address I'm trying to
> > > > send email to is 170.206.225.44.
> > > >
> > > > --------DSL Line: fails
> > > > 19:32:35.162544 207.87.222.229.15255 > 170.206.225.44.25: SWE
> > > > 3747157433:3747157433(0) win 5840 <mss 1460,sackOK,timestamp 303797345
> > > > 0,nop,wscale 0> (DF) [tos 0x10]
> > > >
> > > > --------Cable modem: works
> > > > 15:39:37.774455 11.22.33.44.41159 > 170.206.225.44.25: S
> > > > 3934758720:3934758720(0) win 5840 <mss 1460,sackOK,timestamp 329647437
> > > > 0,nop,wscale 0> (DF) [tos 0x10]
> > > >
> > > > Both lines have a firewall with the exact same firewall rules, except
> > > > for ports 25 and 110 on the DSL line. What am I missing?
> > > >
> > > > - Gary
> > > >
> > > > ---
> > > > This message has been sent through the ALE general discussion list.
> > > > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> > > > sent to listmaster at ale dot org.
> > > >
> > >
> > > ---
> > > This message has been sent through the ALE general discussion list.
> > > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> > > sent to listmaster at ale dot org.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list