[EMAIL PROTECTED] wrote:
>
> ok,i ran tcpdump. nothing happened util I tried to ping from another
> machine in the internal net. then I got a ton of traffic, alot of it from
> another server on the at&t network. I will attach the file I generated as
> a result,okay see the file below(still learning pine!!)
Smells like a cable network...(?)
>From the headers in your e-mail, you are at C454783-C.laporte1.in.home.com
(24.179.224.150)...
> 20:38:26.402134 ha1.svc1.il.home.com.bootps > 255.255.255.255.bootpc: xid:0x6270
>Y:10.93.209.148 [|bootp]
> 20:38:26.492134 ha1.svc1.il.home.com.bootps > 255.255.255.255.bootpc: xid:0x6270
>Y:10.93.209.148 [|bootp]
Unless ha1.svc1.il.home.com is one of your machines, you are seeing other
traffic from the network; this is one of the reasons people with cable
connections should be wary... depending on how much filtering is done by the
cable modem, there is always *some* of your traffic that is visible to all other
users on your cable "LAN segment"...
[DNS stuff snipped]
> 20:38:29.802134 arp who-has c1638680-a.laporte1.in.home.com tell 24.182.167.129
Looks like stuff from your neighbors.
> 20:38:32.582134 arp who-has 24.179.224.1 tell C454783-C.laporte1.in.home.com
You looking for 24.179.224.1 (gateway?).
> 20:38:32.582134 arp reply 24.179.224.1 is-at 0:d0:ba:a8:56:70
Reply.
> 20:38:32.772134 arp who-has c1638680-a.laporte1.in.home.com tell 24.182.167.129
> 20:38:38.692134 ha1.svc1.il.home.com.bootps > 255.255.255.255.bootpc: xid:0xffffc9ce
More neighbor stuff... only broadcast packets which likely means not everything
is visible to everyone on the segment; but the broadcast packets are the worst
since every machine on the segment MUST look at them if only to toss them. DSL
doesn't have this problem...
> I haven't a clue as to what this means as it goes way beyond my networking
> abilities. I did notice the arp stuff, but could that be thier dhcp server
> looking to fill requests?
"arp stuff" is from clients (packets sent by machines looking for a MAC
(hardware address) which belongs to an IP address. The responses are not seen,
indicating that the modem is at least keeping some of the traffic off your
network.
Unfortunately, none of this is useful because the tcpdump trace needed was done
on the wrong interface... we'd need to see a trace of the problem on the
internal card.
> Also, I still need to find out why I get those error messages from the net
> interface(they are very annoying) this is what they look like:
>
> eth1: tx interrupt but no status
Your adapter interrupted the CPU after sending a packet but could not read the
status info from the hardware register. I finally dumped my EEPro10 when I
noticed it would fail predictably. I did try to find the problem which I
suspected to be a race condition in the driver; but gave up ($15 for the card
made it a throwaway) and installed 100MB cards in my machines.
> I get this over and over again when someone is surfing on the other
> computers. tried reconfiguring the net cards for different io and irqs, no
> change. Tried changing eth1 for eth0 and no change, so its not in the
> cards, has to be in the driver or the kernel.
You'd need to run some debugging in the driver to match these messages with
packets on the wire. Not for the faint of heart. You might probe the kernel
lists for someone who might be interested in solving this issue. I don't mind
providing some observations if you find such a person; but I don't have the time
to do the debugging myself.
> I really am lost on this one and need allthe help I can get! :-)
Can you try a non-EEPro adapter...?
> thanks again Dennis
>
> On Sat, 26 May 2001, Pierre Fortin wrote:
>
> > [EMAIL PROTECTED] wrote:
> > >
> > > I have an older 486 w/6megs(max for this machine) running mandrake 6.0.
> > > This machine is my gateway/firewall to the internet. It always is able to
> > > access the net for its own,but, If I want the other machines to be able to
> > > see the internet I have to ping one of them from the 486. After this all
> > > the machines on the in house net have normal access. So basically I have
> > > to log in and ping the internal net on the 486 every time I lose power or
> > > reboot. Also I get error messages on eth1, it says that eth1 generated a
> > > tx interupt with no status. I have intel etherexpress 16 net cards
> > > installed. Doesn't make any difference which one is used as eth1, still get
> > > that error message repeatedly when someone is on the internet on the other
> > > machines,this also screws up my screen on the 486 forcing me to hit return
> > > or have the app I'm running rescroll its screen so I can get rid of those
> > > error messages. At the least I would like to send those error messages to
> > > /dev/null and also not have to ping to activate the interal net.
> > > Any ideas?
> > >
> > > thanks Dennis
> >
> > More info required... From your comments so far, it sounds like attempts to
> > get through your gateway fail... assuming the gateway is specified in all
> > hosts, you are unable to ping the gateway after it reboots... but pinging from
> > the 486 lets the other hosts figure out where the gateway is.
> >
> > Can you run tcpdump, ethereal or other sniffer on the 486..? If so, does the
> > 486 see a broadcast ARP request packet** when you try to ping the 486 from
> > another host? If so, does the 486 send an ARP reply packet? If so, does the
> > pinging host get the reply?
> >
> > If all the above works, does the pinging host's ping packet now appear at the
> > 486? Note that after all this, if every answer is 'yes', then we'll have to dig
> > deeper.
> >
> > **Are you using a hub or switch? If a switch, the broadcast ARP request might
> > not be flooded to all ports.
> >
> > Pierre
> >
--
Support Linux development: http://www.linux-mandrake.com/donations/
Last reboot reason: 01/03/27: winter storm 6hr power outage
