On Tue, Jan 31, 2006 at 10:32:14AM -0600, Miguel wrote:
> Joachim Schipper wrote:
>
> >There's an arp(8) command you can use to check your suspicions.
> >Otherwise, I'd like a packet trace - any chance of running tcpdump
> >-nvvvXs 65535 host 200.13.161.2 while doing the above?
> >
> >(Though I'm not certain you are right about arp being the problem - if
> >it was, why'd the second ping have the same problem? Arp is cached.)
>
> You are right, this is even worst :
>
>
> # ping 200.13.161.3
> PING 200.13.161.3 (200.13.161.3): 56 data bytes
> ping: sendto: No route to host
> ping: wrote 200.13.161.3 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 200.13.161.3 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 200.13.161.3 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 200.13.161.3 64 chars, ret=-1
> 64 bytes from 200.13.161.3: icmp_seq=4 ttl=255 time=0.592 ms
> 64 bytes from 200.13.161.3: icmp_seq=5 ttl=255 time=0.302 ms
> 64 bytes from 200.13.161.3: icmp_seq=6 ttl=255 time=0.365 ms
> 64 bytes from 200.13.161.3: icmp_seq=7 ttl=255 time=0.357 ms
> --- 200.13.161.3 ping statistics ---
> 8 packets transmitted, 4 packets received, 50.0% packet loss
> round-trip min/avg/max/std-dev = 0.302/0.404/0.592/0.111 ms
> # arp -a
> ? (200.13.161.2) at 00:03:ba:04:cd:02 on hme0
> ? (200.13.161.3) at 00:03:ba:05:01:2c on hme0
> ? (200.13.161.6) at 00:12:79:d4:95:63 on hme0
Looks fine, arp -a looks like this here:
calliope.jschipper.dynalias.net (192.168.14.1) at 00:30:4f:21:1f:81 on rl0
So that should work.
> # ping 200.13.161.3
> PING 200.13.161.3 (200.13.161.3): 56 data bytes
> ping: sendto: No route to host
> ping: wrote 200.13.161.3 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 200.13.161.3 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 200.13.161.3 64 chars, ret=-1
> 64 bytes from 200.13.161.3: icmp_seq=3 ttl=255 time=0.476 ms
> 64 bytes from 200.13.161.3: icmp_seq=4 ttl=255 time=0.306 ms
> --- 200.13.161.3 ping statistics ---
> 5 packets transmitted, 2 packets received, 60.0% packet loss
> round-trip min/avg/max/std-dev = 0.306/0.391/0.476/0.085 ms
> #
>
> the arp entry is cached, but the No route to host is always there.
> BTW, i tried the packet trace but its a lot of output, it is my dns
> server, so i cant read the output, look at an example
<snip: mucho traffic>
That is, indeed, only dns traffic. Try tcpdump -s 65535 -w outfile
host 200.13.161.2 and ! port 53, followed by tcpdump -nvvvXs 65535 -r
outfile | less; this combination will allow you to read at your
convenience. Please note that it is possible to restrict the traffic
further in the read command, though it is obviously more efficient to
only write what you need.
Joachim
