| 1 |
>> Could ICMP packets not getting through be to blame for my proxy server |
| 2 |
>> problem? My laptop can't seem to ping anyone (blocked at the firewall |
| 3 |
>> in this hotel I suppose) and certainly the proxy server can't ping my |
| 4 |
>> laptop. |
| 5 |
> |
| 6 |
> Not all ICMP packets are relevant to detecting the MTU of a node. A correctly |
| 7 |
> implemented node will return an ICMP Fragmentation Needed (Type 3, Code 4) |
| 8 |
> packet, with its MTU value. This kind of ICMP packets should not be blocked |
| 9 |
> at firewalls. Use ping with the do not fragment option to see if packets |
| 10 |
> above a certain size time out, i.e. they are dropped by some offending node on |
| 11 |
> the way. |
| 12 |
> |
| 13 |
> ping -c 6 -n -M do -s 1472 <server_address> |
| 14 |
|
| 15 |
I get "Frag needed and DF set (mtu = 1492)" when pinging google.com. |
| 16 |
I get normal replies with -s 1464. ifconfig shows my WAN interface at |
| 17 |
MTU 1500 so PMTUD must change the MTU for communication with |
| 18 |
google.com if I understand correctly. |
| 19 |
|
| 20 |
> Of course, if the hotel's firewall is blocking all outgoing/incoming pings |
| 21 |
> this sort of diagnostic test will not be useful. |
| 22 |
|
| 23 |
I actually only lose pings to my own remote system so I've started a |
| 24 |
new thread about that. I tried down to -s 1 but still 100% packet |
| 25 |
loss there. |
| 26 |
|
| 27 |
- Grant |
Archives