| 1 |
>>Strangely, I'm able to ping with that command even with a very high -s value: |
| 2 |
>> |
| 3 |
>>$ ping -c 4 -M dont -s 9999 www.dslreports.com |
| 4 |
>>PING www.dslreports.com (64.91.255.98) 9999(10027) bytes of data. |
| 5 |
>>10007 bytes from www.dslreports.com (64.91.255.98): icmp_seq=1 ttl=54 |
| 6 |
>>time=331 ms |
| 7 |
>>10007 bytes from www.dslreports.com (64.91.255.98): icmp_seq=2 ttl=54 |
| 8 |
>>time=329 ms |
| 9 |
>>10007 bytes from www.dslreports.com (64.91.255.98): icmp_seq=3 ttl=54 |
| 10 |
>>time=329 ms |
| 11 |
>>10007 bytes from www.dslreports.com (64.91.255.98): icmp_seq=4 ttl=54 |
| 12 |
>>time=329 ms |
| 13 |
>> |
| 14 |
>>4 packets transmitted, 4 received, 0% packet loss, time 3003ms |
| 15 |
>>rtt min/avg/max/mdev = 329.159/329.877/331.612/1.158 ms |
| 16 |
> |
| 17 |
> Look again! You're just looking at the _PING_ packets, not the ICMP/IP |
| 18 |
> packets actually going over the interface! You'll need to run |
| 19 |
> 'tcpdump icmp' in parallel! "My ping" also just reports 1 packet, but |
| 20 |
> there's two IP packets actually going over the interface, due to the |
| 21 |
> ping-packet being too large and being fragmented. |
| 22 |
> |
| 23 |
> Start the tcpdump in another (x)term before running the "ping" ... |
| 24 |
> |
| 25 |
> If you use '-M do', you should get the |
| 26 |
> |
| 27 |
> "Frag needed and DF set (mtu = NNNN)" |
| 28 |
|
| 29 |
|
| 30 |
I switched to '-M do' and found that 1464 is the highest size I can |
| 31 |
ping without the "Frag needed" error. This means I should add 28 to |
| 32 |
that and set my MTU to 1492 across the network? |
| 33 |
|
| 34 |
- Grant |
| 35 |
|
| 36 |
|
| 37 |
> error from ping. "-M dont" explicitly allows fragmentation, which you |
| 38 |
> can then see with tcpdump. E.g. a with my MTU of 1492, a |
| 39 |
> |
| 40 |
> ==== ping -n -c 1 -M dont -s 9999 192.168.178.1 ==== |
| 41 |
> PING 192.168.178.1 (192.168.178.1) 9999(10027) bytes of data. |
| 42 |
> 10007 bytes from 192.168.178.1: icmp_seq=1 ttl=64 time=2.79 ms |
| 43 |
> |
| 44 |
> --- 192.168.178.1 ping statistics --- |
| 45 |
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms |
| 46 |
> rtt min/avg/max/mdev = 2.795/2.795/2.795/0.000 ms |
| 47 |
> ==== |
| 48 |
> |
| 49 |
> results in |
| 50 |
> |
| 51 |
> ==== tcpdump -n -i eth0 icmp ==== |
| 52 |
> 17:40:11.901583 IP 192.168.178.11 > 192.168.178.1: ICMP echo request, id 11363, seq 1, length 1472 |
| 53 |
> 17:40:11.901597 IP 192.168.178.11 > 192.168.178.1: icmp |
| 54 |
> 17:40:11.901599 IP 192.168.178.11 > 192.168.178.1: icmp |
| 55 |
> 17:40:11.901600 IP 192.168.178.11 > 192.168.178.1: icmp |
| 56 |
> 17:40:11.901602 IP 192.168.178.11 > 192.168.178.1: icmp |
| 57 |
> 17:40:11.901603 IP 192.168.178.11 > 192.168.178.1: icmp |
| 58 |
> 17:40:11.901605 IP 192.168.178.11 > 192.168.178.1: icmp |
| 59 |
> 17:40:11.903762 IP 192.168.178.1 > 192.168.178.11: ICMP echo reply, id 11363, seq 1, length 1480 |
| 60 |
> 17:40:11.903779 IP 192.168.178.1 > 192.168.178.11: icmp |
| 61 |
> 17:40:11.903984 IP 192.168.178.1 > 192.168.178.11: icmp |
| 62 |
> 17:40:11.903997 IP 192.168.178.1 > 192.168.178.11: icmp |
| 63 |
> 17:40:11.904227 IP 192.168.178.1 > 192.168.178.11: icmp |
| 64 |
> 17:40:11.904241 IP 192.168.178.1 > 192.168.178.11: icmp |
| 65 |
> 17:40:11.904338 IP 192.168.178.1 > 192.168.178.11: icmp |
| 66 |
> ==== |
| 67 |
> |
| 68 |
> Yes, that is just the _one_ ping packet. |
| 69 |
> |
| 70 |
> Read up on the links I gave you about fragmentation and IP(v4) in |
| 71 |
> general a bit ;) It's much better described there than I could ATM. |
| 72 |
> |
| 73 |
> Which does not mean not to ask for stuff that's unclear. |
| 74 |
> |
| 75 |
> HTH, |
| 76 |
> -dnh, who seems to have a knack for translating "techese" to normal |
| 77 |
> language ... Actually, I guess fragmentation can be explained |
| 78 |
> quite nicely by comparing to real-life packets ;) You'd get an |
| 79 |
> basically unlimited supply of courier boys, but you can get just |
| 80 |
> so many incoming and outgoing through the doors ;) |
| 81 |
> |
| 82 |
> *grepping out the appropriate sig for that* |
Archives