Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Mar 2004 16:58:20 -0800
From:      "Sreekanth" <sreekanth@redlinenetworks.com>
To:        <sbotsford@sjsa.ab.ca>, <freebsd-net@freebsd.org>
Subject:   RE: tcpdump says errors.  Netstat says no.
Message-ID:  <000001c40c84$1b9a4d10$c204a8c0@SREELAPTOP>
In-Reply-To: <200403170738.11990.sbotsford@sjsa.ab.ca>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Netstat errors are those errors reported by the Hardware(NIC) for e.g,
buffer underrun overrun etc,They do not check for errors in tcp layer.

Sreekanth

> -----Original Message-----
> From: owner-freebsd-net@freebsd.org 
> [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Sherwood Botsford
> Sent: Wednesday, March 17, 2004 6:38 AM
> To: freebsd-net@freebsd.org
> Subject: tcpdump says errors. Netstat says no.
> 
> 
> Originally posted on  FreeBSD-Questions@...
> 
> I'm running mail services (exim, fetchmail, popper) on 
> FreeBSD 4.5
> 
> In a session trying to track down a problem related to a bad 
> cable, I found that:
>  
> tcpdump -i xl0 -v -v -v host pop.incentre.net 
> 
> has lots of lines like this:
> 
> 20:20:11.166767 postie.sjsa.internal.net.1126 > 
> bach.ccinet.ab.ca.pop3: F [bad tcp cksum 4f5e!] 
> 61:61(0) ack 2075 win 33304 <nop,nop,timestamp 3005321 3937592> 
> (DF) (ttl 64, id 57145, len 52, bad cksum 0!)
> 
> But netstat -I xl0 -w 10 during the same interval when the 
> above were coming down at 5-10 per second showed:
> 
>             input          (xl0)           output
>    packets  errs      bytes    packets  errs      bytes colls
>         32     0       4019         28     0       4573     0
>         24     0       3512         22     0       4934     0
>        444     0      30070        433     0     227132     0
> 
> Explanations? (I also get them on the local network;
> it's not just this destination host.)
> 
> **********************
> 
> Further testing:
> Xterm ssh'd into postie:
>  netstat -I xl0 -w 10 -d
>             input          (xl0)           output
>    packets  errs      bytes    packets  errs      bytes colls drops
>          4     0        367          4     0        298     0     0
>         27     0       4346         23     0       2368     0     0
>         21     0       1746         10     0       1170     0     0
>         19     0       1472         15     0       1516     0     0
>          4     0        429          1     0        178     0     0
> ...
> 
> Note:  NO dropped packets, no errors.
> 
> Separate xterm ssh'd to postie:
>    tcpdump -i xl0 -c 1000 -v -v -v | grep bad | wc
> tcpdump: listening on xl0
>      477    8960   72418
> 
> Separate xterm on localhost
> ping postie.
> 
> So you can see that nearly half of the packets have bad checksums.  
> 
> I think I'm missing something here.
> 
> 
> -- 
> Sherwood Botsford
> St. John's School of Alberta
> 
> _______________________________________________
> freebsd-net@freebsd.org mailing list 
> http://lists.freebsd.org/mailman/listinfo/free>; bsd-net
> To 
> unsubscribe, send any mail to 
> "freebsd-net-unsubscribe@freebsd.org"
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.573 / Virus Database: 363 - Release Date: 1/28/2004
>  
> 



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?000001c40c84$1b9a4d10$c204a8c0>