Odd tcp dump? was: ssh working with dialup, not through router

Luciano Miguel Ferreira Rocha strange at nsk.no-ip.org
Sat May 15 22:59:39 UTC 2004 

On Sat, May 15, 2004 at 11:51:31PM +0200, M. Fioretti wrote:
> Hello,
> 
> still trying to track why ssh doesn't work anymore, see my original
> posting.
> 
> the PC is192.168.1.2 and the ADSL router 192.168.1.1. I have run
> tcpdump on the PC eth0 interface, while the ssh connection
> freezes, and found that, at a certain point:
> 
> 1) the PC asks the DNS server (if I understand correctly) about the
> router:
> 
> 192.168.1.2.1047 > ammi.mclink.it.domain:  22723+ PTR? 1.1.168.192.in-addr.arpa. (42) (DF)
> ammi.mclink.it.domain > 192.168.1.2.1047:  22723 NXDomain 0/1/0 (119)

I believe ssh is trying to get the server name for its inclusion in
known_hosts. The failure isn't a problem.

> 2) after that PC and router start to ask each other their ethernet
> addresses ("arp who-has 192.168.1.2 tell 192.168.1.1" and the related
> arp replies) and viceversa, repeatedly.

How may times? Normally, only one arp request and reply should be necessary.
The PC asking about the router and the router saving the MAC:IP of the PC
and replying with its own.

You could have a bad cable that's corrupting packets.

> 3) when this happens, the pc and the ssh server seem to also go in a
> loop, which eventually times out: several equal lines in the dump,
> like:
> 
> 23:27:10.780631 192.168.1.2.1772 > ssh.server.io.ssh: . ack 2096 win 8832 <nop,nop,timestamp 474677 141420442,nop,nop,sack sack 1 {2048:2096} > (DF) [tos 0x10] 
> 
> Is 3) caused by 1) and 2)?

I think it's a different thing.

Could you send the full tcp log for a connection?

And could you answer a few questions:

. Does the ADSL connection use ppp

. What system does the router run

. How is it configured (routing and nating)

If your ADSL connection uses ppp the MSS defined when connecting could be
too big for the path between the ADSL router at your side and the final
destination. If you're ADSL router runs linux with iptables, try this line:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
         --clamp-mss-to-pmtu

Otherwise, try to reduce the MTU in your client PC.

Regards,
Luciano Rocha

More information about the fedora-list mailing list