Date: Wed, 17 Mar 2004 11:32:33 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Sherwood Botsford <sbotsford@sjsa.ab.ca> Cc: freebsd-questions@freebsd.org Subject: Re: tcpdump check sum errors. Message-ID: <20040317113233.GA26606@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <200403162043.30590.sbotsford@sjsa.ab.ca> References: <200403162043.30590.sbotsford@sjsa.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Mar 16, 2004 at 08:43:30PM -0700, Sherwood Botsford wrote:
>=20
> I'm running mail services (exim, fetchmail, popper) on FreeBSD 4.5
>=20
> In a session trying to track down a problem related to a bad=20
> cable, I found that=20
> tcpdump -i xl0 -v -v -v host pop.incentre.net=20
>=20
> has lots of lines like this:
>=20
> 20:20:11.166767 postie.sjsa.internal.net.1126 >=20
> bach.ccinet.ab.ca.pop3: F [bad tcp cksum 4f5e!]=20
> 61:61(0) ack 2075 win 33304 <nop,nop,timestamp 3005321 3937592>=20
> (DF) (ttl 64, id 57145, len 52, bad cksum 0!)
>=20
> But netstat -I xl0 -w 10 during the same interval when the=20
> above were coming down at 5-10 per second showed:
>=20
> input (xl0) output
> packets errs bytes packets errs bytes colls
> 32 0 4019 28 0 4573 0
> 24 0 3512 22 0 4934 0
> 444 0 30070 433 0 227132 0
>=20
> Explanations? (I also get them on the local network;
> it's not just this destination host.)
So you're asking why all of those corrupted packets you can see on the
wire don't appear on the error counters in the netstat -w output?
Good question. About the only explanation I can think of is that the
packets are so mangled that they get dropped very early on. You've
probably replaced the broken cable by now, but for future reference
you could try adding '-d' to your netstat command line, to count the
number of dropped packets.
You might try asking again on the freebsd-net@freebsd.org list, where
you're more likely to find people with a great deal of familiarity
with the internals of the networking code.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--CE+1k2dSO48ffgeK
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAWDdQdtESqEQa7a0RAkbYAJ0fa4bWRqQY9N2V/MlDYlHA2WYitgCeP1e/
TY+7GYdwXtY/wyD3ayfkyng=
=7znL
-----END PGP SIGNATURE-----
--CE+1k2dSO48ffgeK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040317113233.GA26606>