1 |
>> Could ICMP packets not getting through be to blame for my proxy server |
2 |
>> problem? My laptop can't seem to ping anyone (blocked at the firewall |
3 |
>> in this hotel I suppose) and certainly the proxy server can't ping my |
4 |
>> laptop. |
5 |
> |
6 |
> Not all ICMP packets are relevant to detecting the MTU of a node. A correctly |
7 |
> implemented node will return an ICMP Fragmentation Needed (Type 3, Code 4) |
8 |
> packet, with its MTU value. This kind of ICMP packets should not be blocked |
9 |
> at firewalls. Use ping with the do not fragment option to see if packets |
10 |
> above a certain size time out, i.e. they are dropped by some offending node on |
11 |
> the way. |
12 |
> |
13 |
> ping -c 6 -n -M do -s 1472 <server_address> |
14 |
|
15 |
I get "Frag needed and DF set (mtu = 1492)" when pinging google.com. |
16 |
I get normal replies with -s 1464. ifconfig shows my WAN interface at |
17 |
MTU 1500 so PMTUD must change the MTU for communication with |
18 |
google.com if I understand correctly. |
19 |
|
20 |
> Of course, if the hotel's firewall is blocking all outgoing/incoming pings |
21 |
> this sort of diagnostic test will not be useful. |
22 |
|
23 |
I actually only lose pings to my own remote system so I've started a |
24 |
new thread about that. I tried down to -s 1 but still 100% packet |
25 |
loss there. |
26 |
|
27 |
- Grant |