LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-07-2012, 09:37 AM   #1
iamalinuxnoob
LQ Newbie
 
Registered: Jul 2012
Posts: 1

Rep: Reputation: Disabled
Dropped or blocked packets


Hello everyone !

My LAN topology is this :
[ [VMs] PC1] -- [ISP box] -- [PC2]

PC1: 192.168.1.3
ISP Box : 192.168.1.1
PC2; 192.168.1.42

More info:
- The VMs are bridged on an ethernet NIC.
- I'm using full ethernet connectivity, full duplex 100Mb/s

The issue is (or seems to be) located on the server.
-- On PC1 --
The first thing I witnessed was that I wasn't able to access the internet. So I investigated.
I tried to ping the ISP Box :
Code:
# ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.

--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms
So I thought I had a bad netmask or bad routes (but it would be weird since I'am able to PING PC2) :
Code:
# ifconfig br0
br0       Link encap:Ethernet  HWaddr 50:e5:49:ca:c7:e4  
          inet adr:192.168.1.3  Bcast:192.168.1.255  Masque:255.255.255.0
          adr inet6: fe80::52e5:49ff:feca:c7e4/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:60558 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          RX bytes:36478349 (34.7 MiB)  TX bytes:6522301 (6.2 MiB)

# route -n
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 br0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
Thus, I thought it's much more likely to be a bad iptables/ebtables rule, I checked it out :
Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination      

# ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

# iptables-save 
# Generated by iptables-save v1.4.8 on Sat Jul  7 16:21:43 2012
*filter
:INPUT ACCEPT [51162:35416108]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [38757:6082687]
COMMIT
# Completed on Sat Jul  7 16:21:43 2012
But there's nothing... so I decided to do some network sniffing :
Code:
# ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.

--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms


# tshark icmp
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
  0.000000  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) request
  0.000563  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) reply
  1.007245  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) request
  1.008007  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) reply
  2.015409  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) request
  2.016052  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) reply
It's not the ISP box doing the filtering here, so it's clearly located on PC1.

Then I tried an ARPING :
Code:
# arping -c 3 192.168.1.1
ARPING 192.168.1.1
60 bytes from 00:25:15:37:68:18 (192.168.1.1): index=0 time=351.191 usec
60 bytes from 00:25:15:37:68:18 (192.168.1.1): index=1 time=337.839 usec
60 bytes from 00:25:15:37:68:18 (192.168.1.1): index=2 time=353.098 usec

--- 192.168.1.1 statistics ---
3 packets transmitted, 3 packets received,   0% unanswered (0 extra)

# tshark arp
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
  0.000000 50:e5:49:ca:c7:e4 -> Broadcast    ARP Who has 192.168.1.1?  Tell 192.168.1.3
  0.000342 Sfr_37:68:18 -> 50:e5:49:ca:c7:e4 ARP 192.168.1.1 is at 00:25:15:37:68:18
  1.000489 50:e5:49:ca:c7:e4 -> Broadcast    ARP Who has 192.168.1.1?  Tell 192.168.1.3
  1.000829 Sfr_37:68:18 -> 50:e5:49:ca:c7:e4 ARP 192.168.1.1 is at 00:25:15:37:68:18
  2.000934 50:e5:49:ca:c7:e4 -> Broadcast    ARP Who has 192.168.1.1?  Tell 192.168.1.3
  2.001288 Sfr_37:68:18 -> 50:e5:49:ca:c7:e4 ARP 192.168.1.1 is at 00:25:15:37:68:18
ARP works well..

I tried removing the bridge and ifconfig-ing ethO to set a static IP address but I had the same results...

-- On PC2 --
I noticed that SSHing PC1 is taking 3-4 seconds instead of being almost instantaneous.

And I don't know if this could be of any help but I tried to PING PC1 from PC2 while IP spoofing :

Code:
# hping3 --icmp -a 192.168.1.1 -c 3 192.168.1.3
HPING 192.168.1.3 (eth0 192.168.1.3): icmp mode set, 28 headers + 0 data bytes

--- 192.168.1.3 hping statistic ---
3 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
Of course I don't receive the ICMP Reply on PC2 but there's a capture on PC1 :
Code:
# tshark icmp
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
  0.000000  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) request
  0.000016  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) reply
  1.000086  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) request
  1.000098  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) reply
  2.000128  192.168.1.1 -> 192.168.1.3  ICMP Echo (ping) request
  2.000141  192.168.1.3 -> 192.168.1.1  ICMP Echo (ping) reply
I need help ! Thanks !
I set up an HTTP proxy to install packages using APT, just in case.

Last edited by iamalinuxnoob; 07-07-2012 at 09:43 AM. Reason: Forgot something
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dropped packets on firewall morinpatmorin Linux - Networking 2 01-13-2010 08:14 AM
Dropped packets Doolspin Linux - Software 1 10-22-2006 01:22 PM
too much dropped packets...Hi.. alaios Linux - Networking 2 02-10-2005 04:49 AM
select() and dropped packets MrHenky Linux - Networking 0 02-04-2005 09:15 AM
dropped packets... sohmc Linux - Software 3 05-29-2003 09:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration