From owner-freebsd-hackers Thu Mar 6 19:00:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id TAA05141 for hackers-outgoing; Thu, 6 Mar 1997 19:00:57 -0800 (PST) Received: from w2xo.pgh.pa.us (w2xo.pgh.pa.us [206.210.70.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA05127 for ; Thu, 6 Mar 1997 19:00:48 -0800 (PST) Received: from w2xo.pgh.pa.us (localhost [127.0.0.1]) by w2xo.pgh.pa.us (8.8.4/8.8.4) with SMTP id WAA06690 for ; Thu, 6 Mar 1997 22:01:01 -0500 (EST) Message-ID: <331F84EC.446B9B3D@w2xo.pgh.pa.us> Date: Thu, 06 Mar 1997 22:01:00 -0500 From: Jim Durham Organization: Dis- X-Mailer: Mozilla 3.01Gold (X11; I; FreeBSD 2.1.6-RELEASE i386) MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Subject: "Phantom IP address" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I am the "caretaker" of a small ISP hub in a suburban telephone company's calling area, connected to the "downtown" hub by a 56K line. The IP address of the router are 206.210.70.1, the portmaster is 206.210.70.2. My FreeBSD boxes are .4 and .5, the Dos/Windows box is .6 . The netmask I was using was fffffff8 on this box (.5). I wanted to add my new laptop as .7 . I tried pinging .7 to see if anything was there. I got a reply! Looking at the ping times, it was obvious (.8ms) that the echo was coming from the local ethernet and not from the 56K link. It was also quicker than the ping from the router, so it looked like it was coming from the .5 box, running 2.1.6 . I did "netstat -nr" and , sure enough, there was .7 with "Link #1" next to it. I rebooted and checked again, and it was gone. Pinging .7 would make it re-appear. Here's what it looked like.. w2xo# netstat -nr Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 206.210.70.1 UGSc 26 9 ed0 127.0.0.1 127.0.0.1 UH 0 36 lo0 206.210.70/29 link#1 UC 0 0 206.210.70.1 0:c0:5:0:1b:69 UHLW 27 0 ed0 1196 206.210.70.2 0:c0:5:1:2c:ad UHLW 0 93 ed0 713 206.210.70.5 0:0:c0:21:e2:15 UHLW 1 1968 lo0 206.210.70.6 0:0:c0:f4:39:12 UHLW 0 175 ed0 839 w2xo# ping 206.210.70.7 PING 206.210.70.7 (206.210.70.7): 56 data bytes 64 bytes from 206.210.70.5: icmp_seq=0 ttl=255 time=1.522 ms 64 bytes from 206.210.70.5: icmp_seq=1 ttl=255 time=0.714 ms 64 bytes from 206.210.70.5: icmp_seq=2 ttl=255 time=0.693 ms ^C --- 206.210.70.7 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.693/0.976/1.522 ms w2xo# netstat -nr Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 206.210.70.1 UGSc 26 9 ed0 127.0.0.1 127.0.0.1 UH 0 36 lo0 206.210.70/29 link#1 UC 0 0 206.210.70.1 0:c0:5:0:1b:69 UHLW 27 0 ed0 1189 206.210.70.2 0:c0:5:1:2c:ad UHLW 0 93 ed0 1189 206.210.70.5 0:0:c0:21:e2:15 UHLW 1 1973 lo0 206.210.70.6 0:0:c0:f4:39:12 UHLW 0 175 ed0 801 206.210.70.7 link#1 UHLW 0 3 w2xo:durham% About this time, I realized that the netmask was wrong, so I changed it to fffffff0 to get some "more room". The "phantom" went away! If the echo had been coming from the 56K line, it would have been at least 20ms, so it was local, and sure looks like it came from .5 . Does this qualify as "wierd" ? regards, Jim Durham