Sean Dogar wrote: > > How about an ifconfig -a from both systems, clearing the arp cache > > of both hosts and capturing tcpdumps on both ends during an entire > > connection attempt?
> OK. > > Here's the ifconfig -a from the OpenBSD box (IP address 172.16.1.22) > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224 > groups: lo > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 > bge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:09:6b:ff:03:80 > media: Ethernet autoselect (1000baseSX full-duplex) > status: no carrier > bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:09:6b:ff:03:81 > groups: egress > media: Ethernet autoselect (1000baseSX full-duplex) > status: active > inet 172.16.1.22 netmask 0xffffff00 broadcast 172.16.1.255 > inet6 fe80::209:6bff:feff:381%bge1 prefixlen 64 scopeid 0x2 > pflog0: flags=0<> mtu 33224 > pfsync0: flags=0<> mtu 1348 > enc0: flags=0<> mtu 1536 > > > Here's the ifconfig -a from another box on the local network (a Linux > box) > > > eth0 Link encap:Ethernet HWaddr 00:09:6B:B5:25:C0 > inet addr:172.16.1.144 Bcast:172.16.1.255 > Mask:255.255.255.0 inet6 addr: fe80::209:6bff:feb5:25c0/64 > Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 > Metric:1 RX packets:74396848 errors:0 dropped:0 overruns:0 > frame:0 TX packets:124988430 errors:0 dropped:0 overruns:0 > carrier:0 collisions:0 txqueuelen:1000 > RX bytes:169643814 (161.7 MiB) TX bytes:305112539 (290.9 > MiB) Interrupt:193 > > eth1 Link encap:Ethernet HWaddr 00:09:6B:B5:25:C1 > BROADCAST MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > Interrupt:201 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:991728 errors:0 dropped:0 overruns:0 frame:0 > TX packets:991728 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:157384504 (150.0 MiB) TX bytes:157384504 (150.0 > MiB) > > sit0 Link encap:IPv6-in-IPv4 > NOARP MTU:1480 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > > The default route for both machines is 172.16.1.1, which corresponds > to a Layer 3 part of a Cisco Catalyst 6506. They both appear to be on the same subnet, so there should be no use of this gateway. > I'll clear out the arp caches and work on the tcpdump and submit that > in a bit. Both of these machines are remote, though, and the tcpdump > will also show a lot of traffic going to and from the machine I'm > ssh'ing into them from, yes? Yea, but you can also exclude this host from the dump with the appropriate syntax--maybe someone else knows a better way.
