| 1 |
On Sunday 19 Oct 2014 14:14:03 Alec Ten Harmsel wrote: |
| 2 |
> On 10/19/2014 06:31 AM, Mick wrote: |
| 3 |
> > On Saturday 18 Oct 2014 19:13:23 Alec Ten Harmsel wrote: |
| 4 |
> >> arpscanning the entire subnet results in 3 responses, with 2 being |
| 5 |
> >> displayed and 1 being dropped by the kernel. |
| 6 |
> > |
| 7 |
> > Oh! I wonder if this is your problem. I can't answer why 1 response is |
| 8 |
> > being dropped by the kernel. Have you set up some fancy tcp wrappers or |
| 9 |
> > firewall rules at the desktop? |
| 10 |
> |
| 11 |
> Nope, running vanilla-sources, no tcp wrappers or firewall. In fact, |
| 12 |
> iptables wasn't installed until arp-scan or wireshark or another network |
| 13 |
> tool pulled it in as a dependency. |
| 14 |
> |
| 15 |
> If you're really interested as to why this happens and can tell me how I |
| 16 |
> can even log something like this, I'd be more than willing to play |
| 17 |
> around with it. |
| 18 |
|
| 19 |
The information that thegeezer suggested will offer some quick comparisons |
| 20 |
between the three machines. |
| 21 |
|
| 22 |
In addition, for capturing packets: |
| 23 |
|
| 24 |
Router - I think that DD-WRT offers netflow to monitor interfaces. That |
| 25 |
should show what comes in - goes out, but there may be other network |
| 26 |
diagnostic tools that DD-WRT offers. |
| 27 |
|
| 28 |
On desktop, laptop (for comparison) and server you could use something like: |
| 29 |
|
| 30 |
tcpdump -i eth0 -e -l -p -U -vvv -w tcpdump_cap.txt -XX |
| 31 |
|
| 32 |
to record and replace the -w with -r to read the captured file, or use |
| 33 |
wireshark to study the captured file. Run tcpdump while using arping from |
| 34 |
each machine at a time: |
| 35 |
|
| 36 |
arping -I eth0 -c 2 192.168.0.10 |
| 37 |
|
| 38 |
You can filter for arp packets and see which machine is the culprit, because |
| 39 |
so far we do not know for sure whether the server refuses to return arp |
| 40 |
responses, or the desktop drops them for some reason (e.g. malformed ARP |
| 41 |
packets), or the router routes them differently. |
| 42 |
|
| 43 |
-- |
| 44 |
Regards, |
| 45 |
Mick |
Archives