Date: Sun, 29 Dec 2002 13:26:06 -0800 From: Eli Dart <dart@nersc.gov> To: Rostislav Krasny <rosti_bsd@yahoo.com> Cc: freeBSD-net@freebsd.org Subject: Re: PPPoE and troubles with TCP Message-ID: <20021229212606.4E55A3B1AE@gemini.nersc.gov> In-Reply-To: Message from Rostislav Krasny <rosti_bsd@yahoo.com> of "Sun, 29 Dec 2002 02:52:17 PST." <20021229105217.13130.qmail@web14802.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1637333154P Content-Type: text/plain; charset=us-ascii In reply to Rostislav Krasny <rosti_bsd@yahoo.com> : > > --0-1140876309-1041159137=:12973 > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > > I have some sniffer in Win98SE but don't know how to save its dump in > the text format to make it easy to read. So I maked a screenshot of the > first TCP/IP packet with HTTP response I got from www.ssh.com in my > Win98SE. Look at ssw_com.png file in the attachments. Draw your > attention to the "Total length" and to the "Flags" in the IP header. Well, it appears that your packets are being fragmented -- if I'm interpreting the image correctly. It also appears that www.ssh.com is able to get fragmented packets to you. I think you should look at another tcpdump. This time, don't kill tcpdump for at least 2 minutes (we want to watch what TCP does). Also, kill the tcpdump before you kill lynx. Also, capture at least 200 bytes of the packet (preferably the whole thing), and write it out to a trace file (tcpdump's -w option) so that you can look at it in different ways later. So, something like tcpdump -i <iface> -w 1492.trace -s 1500 Then do your test, wait for a while, kill the dump, kill the app. Now run strings on the tcpdump file -- how much of your http request do you see? Read the trace file with -vv in the tcpdump command line, etc etc. Have you used any other browser? What about ssh traffic? FTP? The idea here is to determine what doesn't change, and also to determine if the problem is local to a given app. --eli > > --- Rostislav Krasny <rosti_bsd@yahoo.com> wrote: > > To produce these tcpdump's log files I used two terminals. In the > > first > > I ran 'tcpdump -n > filename' and in the second I ran 'links URL'. I > > ran the first command before the second one, of course. In case of > > www.ssh.com the "links" browsers maked TCP connection, sent HTTP > > request and the last thing it got from www.ssh.com was ACK packet, > > nothing more. I waited few seconds and pressed to the 'q' key so > > "links" will quit. That is why you see FIN packet sent from my host. > > If > > I stop "tcpdump" before "links" quiting there is no FIN packet in the > > log file of "tcpdump". Look at 1492-2.log and 1492-3.log new files. > > In > > case of the 1492-2.log file I just stoped tcpdump before quiting > > "links". In case of the 1492-3.log file I stoped tcpdump after > > quiting > > links but I waited more time. So you can see few PPPoE echo requests > > and responses before the FIN. That is the time I was waiting before I > > closed the "links" browser. > > I use links because it is a text mode browser, so I will not download > > images that can flood tcpdump's logs. But the problem with > > www.ssh.com > > exists when I use any browser or even simulate it by sending HTTP/1.1 > > or HTTP/1.0 "GET" request manually through 'telnet www.ssh.com 80'. > > If > > I send just "GET /<newline>" (it is HTTP/0.9 request) I get some > > short > > response about that document was moved. HTTP/0.9 is not in use today > > by > > most web sites (including www.ssh.com) and browsers. > > Look at 1492-fbsd.org.log file, there is the log of successful HTTP > > connection with www.freebsd.org when MTU==MRU==1492. > > > > Of course I can use smaller MTU and MRU (<=1484) but when I use > > Win98SE > > with RASPPPOE driver I have no troubles when MTU == 1492. Why in > > FreeBSD it is impossibly? If FreeBSD or its ppp have some bug why not > > to fix it instead? And it looks like a bug. --==_Exmh_1637333154P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE+D2huLTFEeF+CsrMRAs4gAJ0epm9u8VENZ5gDJoCLCCdx265aQwCffBvP Ym3+/5g4yd6w9GeOnyKVIQE= =0Rnn -----END PGP SIGNATURE----- --==_Exmh_1637333154P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021229212606.4E55A3B1AE>