Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
And if you run tcpdump or wireshark on desktop, what does it say about icmp traffic or port 22 traffic?
$ tcpdump
Code:
tcpdump: no suitable device found
$ which tcpdump
Code:
/usr/sbin/tcpdump
$ wireshark
Code:
The program 'wireshark' is currently not installed. You can install it by typing:
sudo apt-get install wireshark
Make sure you have the 'universe' component enabled
bash: wireshark: command not found
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
What your network interface is called? Run 'tcpdump -i <interface name>'. It would also be interesting to run it on client and on server and compare.. Also post output of 'netstat -nlp' on server.
What your network interface is called? Run 'tcpdump -i <interface name>'. It would also be interesting to run it on client and on server and compare.. Also post output of 'netstat -nlp' on server.
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
What traffic between desktop and server does tcpdump show when you try to ssh -X? The most interesting part is how does this differ from the view point of client and server..
What traffic between desktop and server does tcpdump show when you try to ssh -X? The most interesting part is how does this differ from the view point of client and server..
Do I understand correctly that with iptables off everything is OK?
Yes, please refer to my posting #27
Quote:
In this case, with iptables running.
OK
On desktop
1)
Console-1
$ ssh -X satimis@192.168.0.10 rox
Code:
satimis@192.168.0.10's password:
(process:5153): Gdk-WARNING **: locale not supported by C library
(rox:5153): Gtk-WARNING **: Locale not supported by C library.
Using the fallback 'C' locale.
(rox:5153): Gtk-WARNING **: cannot open display:
Console-2
$ sudo tcpdump -i eth0
Code:
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:58:48.703193 IP 192.168.0.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2 [max resp time 10]
17:58:48.739881 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain: 56772+ PTR? 1.0.0.224.in-addr.arpa. (40)
17:58:48.761840 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769: 56772 1/3/6 PTR[|domain]
17:58:48.762441 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain: 27311+ PTR? 1.0.168.192.in-addr.arpa. (42)
17:58:48.781903 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769: 27311 NXDomain 0/1/0 (119)
17:58:48.886251 IP ubuntu704.local.mdns > 224.0.0.251.mdns: 0 PTR? 1.0.168.192.in-addr.arpa. (42)
17:58:49.182173 IP ubuntu704.local > 224.0.0.251: igmp v2 report 224.0.0.251
17:58:49.182744 IP 192.168.0.1 > ubuntu704.local: ICMP 224.0.0.251 protocol 2 unreachable, length 40
17:58:49.890335 IP ubuntu704.local.mdns > 224.0.0.251.mdns: 0 PTR? 1.0.168.192.in-addr.arpa. (42)
17:58:51.894450 IP ubuntu704.local.mdns > 224.0.0.251.mdns: 0 PTR? 1.0.168.192.in-addr.arpa. (42)
17:58:53.738419 arp who-has 192.168.0.1 tell ubuntu704.local
17:58:53.746152 arp reply 192.168.0.1 is-at 00:16:b6:c9:8a:a9 (oui Unknown)
17:58:53.787613 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain: 1339+ PTR? 4.67.14.202.in-addr.arpa. (42)
17:58:53.808092 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769: 1339* 1/2/2 PTR[|domain]
17:58:53.808549 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain: 23491+ PTR? 11.0.168.192.in-addr.arpa. (43)
17:58:53.828263 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769: 23491 NXDomain 0/1/0 (120)
17:58:53.930559 IP ubuntu704.local.mdns > 224.0.0.251.mdns: 0 PTR? 11.0.168.192.in-addr.arpa. (43)
17:58:53.930895 IP ubuntu704.local.mdns > 224.0.0.251.mdns: 0*- [0q] 1/0/0 (Cache flush) PTR[|domain]
17:58:53.931885 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain: 6479+ PTR? 251.0.0.224.in-addr.arpa. (42)
17:58:53.951719 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769: 6479 NXDomain 0/1/0 (100)
17:58:54.054567 IP ubuntu704.local.mdns > 224.0.0.251.mdns: 0 PTR? 251.0.0.224.in-addr.arpa. (42)
17:58:55.058631 IP ubuntu704.local.mdns > 224.0.0.251.mdns: 0 PTR? 251.0.0.224.in-addr.arpa. (42)
17:58:57.058737 IP ubuntu704.local.mdns > 224.0.0.251.mdns: 0 PTR? 251.0.0.224.in-addr.arpa. (42)
23 packets captured
23 packets received by filter
0 packets dropped by kernel
On server
$ sudo tcpdump -i eth0
Code:
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:00:21.184711 IP 192.168.0.10.ssh > 192.168.0.11.38149: P 279954464:279954560(
96) ack 185116361 win 359 <nop,nop,timestamp 468638 55467>
18:00:21.184887 IP 192.168.0.11.38149 > 192.168.0.10.ssh: . ack 96 win 2884 <nop
,nop,timestamp 102717 468638>
18:00:21.185813 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain: 55799+ PTR?
11.0.168.192.in-addr.arpa. (43)
18:00:21.185994 IP 192.168.0.10.ssh > 192.168.0.11.38149: P 96:224(128) ack 1 wi
n 359 <nop,nop,timestamp 468638 102717>
18:00:21.186103 IP 192.168.0.11.38149 > 192.168.0.10.ssh: . ack 224 win 3244 <no
p,nop,timestamp 102717 468638>
18:00:21.186460 IP 192.168.0.11.38149 > 192.168.0.10.ssh: P 1:33(32) ack 224 win
3244 <nop,nop,timestamp 102717 468638>
18:00:21.186592 IP 192.168.0.11.38149 > 192.168.0.10.ssh: F 33:33(0) ack 224 win
3244 <nop,nop,timestamp 102717 468638>
18:00:21.187230 IP 192.168.0.10.ssh > 192.168.0.11.38149: F 224:224(0) ack 34 wi
n 359 <nop,nop,timestamp 468639 102717>
18:00:21.187353 IP 192.168.0.11.38149 > 192.168.0.10.ssh: . ack 225 win 3244 <no
p,nop,timestamp 102717 468639>
18:00:21.204767 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781: 55799 NXDoma
in 0/1/0 (120)
18:00:21.204928 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain: 17824+ PTR?
10.0.168.192.in-addr.arpa. (43)
18:00:21.225484 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781: 17824 NXDoma
in 0/1/0 (120)
18:00:21.225616 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain: 46575+ PTR?
4.67.14.202.in-addr.arpa. (42)
18:00:21.246687 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781: 46575* 1/2/2
PTR[|domain]
18:00:26.184749 arp who-has 192.168.0.1 tell 192.168.0.10
18:00:26.184885 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain: 44587+ PTR?
1.0.168.192.in-addr.arpa. (42)
18:00:26.185840 arp reply 192.168.0.1 is-at 00:16:b6:c9:8a:a9 (oui Unknown)
18:00:26.205881 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781: 44587 NXDoma
in 0/1/0 (119)
18 packets captured
18 packets received by filter
0 packets dropped by kernel
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
Try (on desktop) telnet or netcat or ncat to server port 22.. What happens? Also redo tcpdump experiment: launch it on both boxes first, then try 'ssh -X', and please leave only communication between server and client in your post. By the way, I looked once more at iptables configuration and if I understand anything, it forbids network connections from 127.0.0.1 to 127.0.0.1 through loopback - and X forwarding is done that way.
Try (on desktop) telnet or netcat or ncat to server port 22.. What happens? Also redo tcpdump experiment: launch it on both boxes first, then try 'ssh -X', and please leave only communication between server and client in your post. By the way, I looked once more at iptables configuration and if I understand anything, it forbids network connections from 127.0.0.1 to 127.0.0.1 through loopback - and X forwarding is done that way.
Iptables on server was running.
1) Test-1
On desktop;
$ telnet 192.168.0.10 22
Code:
Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3p2 Debian-8ubuntu1
Connection closed by foreign host.
$ sudo tcpdump -i eth0
Code:
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
21:52:17.560976 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain: 690+ A? sb.google.com. (31)
21:52:17.583103 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773: 690 2/7/7 CNAME sb.l.google.com., (290)
21:52:17.583547 IP ubuntu704.local.45122 > po-in-f91.google.com.www: S 2083052393:2083052393(0) win 5840 <mss 1460,sackOK,timestamp 741054 0,nop,wscale 2>
21:52:17.584585 IP 192.168.0.1.1974 > 192.168.0.255.snmp-trap: Trap(120) E:3955.2.2.1 192.168.0.1 enterpriseSpecific s=1 1368842 [|snmp]
21:52:17.626074 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain: 47876+ PTR? 4.67.14.202.in-addr.arpa. (42)
21:52:17.646768 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773: 47876* 1/2/2 PTR[|domain]
21:52:17.647192 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain: 17083+ PTR? 11.0.168.192.in-addr.arpa. (43)
21:52:17.667467 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773: 17083 NXDomain 0/1/0 (120)
21:52:17.771370 IP ubuntu704.local.mdns > 224.0.0.251.mdns: 0 PTR? 11.0.168.192.in-addr.arpa. (43)
9 packets captured
36 packets received by filter
0 packets dropped by kernel
On server;
$ sudo tcpdump -i eth0
Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
21:55:23.894914 arp who-has 192.168.0.1 tell 192.168.0.10
21:55:23.895425 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain: 63576+ PTR?
1.0.168.192.in-addr.arpa. (42)
21:55:23.895839 arp reply 192.168.0.1 is-at 00:16:b6:c9:8a:a9 (oui Unknown)
21:55:23.914415 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789: 63576 NXDoma
in 0/1/0 (119)
21:55:23.914574 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain: 49217+ PTR?
10.0.168.192.in-addr.arpa. (43)
21:55:23.935143 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789: 49217 NXDoma
in 0/1/0 (120)
21:55:23.935417 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain: 37745+ PTR?
4.67.14.202.in-addr.arpa. (42)
21:55:23.955567 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789: 37745* 1/2/2
PTR[|domain]
8 packets captured
8 packets received by filter
0 packets dropped by kernel
2) Test-2
On desktop
$ ssh -X satimis@192.168.0.10 rox
Code:
satimis@192.168.0.10's password:
(process:5333): Gdk-WARNING **: locale not supported by C library
(rox:5333): Gtk-WARNING **: Locale not supported by C library.
Using the fallback 'C' locale.
It hung here for prolonged time. I have to press [Ctrl]+[c] to stop it.
On server;
$ sudo tcpdump -i eth0
Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:00:58.748352 IP 192.168.0.11.58379 > 192.168.0.10.ssh: F 2511929468:2511929468(0) ack 2609615553 win 2884 <nop,nop,timestamp 871004 1337270>
22:00:58.749019 IP 192.168.0.10.ssh > 192.168.0.11.58379: F 1:1(0) ack 1 win 359 <nop,nop,timestamp 1363479 871004>
22:00:58.749149 IP 192.168.0.11.58379 > 192.168.0.10.ssh: . ack 2 win 2884 <nop,nop,timestamp 871004 1363479>
22:00:58.751000 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain: 4469+ PTR? 10.0.168.192.in-addr.arpa. (43)
22:00:58.770398 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789: 4469 NXDomain 0/1/0 (120)
22:00:58.770489 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain: 63340+ PTR? 11.0.168.192.in-addr.arpa. (43)
22:00:58.790579 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789: 63340 NXDomain 0/1/0 (120)
22:00:58.790965 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain: 49644+ PTR? 4.67.14.202.in-addr.arpa. (42)
22:00:58.811035 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789: 49644* 1/2/2 PTR[|domain]
9 packets captured
9 packets received by filter
0 packets dropped by kernel
While the desktop was hanging as abovementioned, the server also hung on "listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes". On stopping the desktop then the server started to print.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.