1 |
>>Strangely, I'm able to ping with that command even with a very high -s value: |
2 |
>> |
3 |
>>$ ping -c 4 -M dont -s 9999 www.dslreports.com |
4 |
>>PING www.dslreports.com (64.91.255.98) 9999(10027) bytes of data. |
5 |
>>10007 bytes from www.dslreports.com (64.91.255.98): icmp_seq=1 ttl=54 |
6 |
>>time=331 ms |
7 |
>>10007 bytes from www.dslreports.com (64.91.255.98): icmp_seq=2 ttl=54 |
8 |
>>time=329 ms |
9 |
>>10007 bytes from www.dslreports.com (64.91.255.98): icmp_seq=3 ttl=54 |
10 |
>>time=329 ms |
11 |
>>10007 bytes from www.dslreports.com (64.91.255.98): icmp_seq=4 ttl=54 |
12 |
>>time=329 ms |
13 |
>> |
14 |
>>4 packets transmitted, 4 received, 0% packet loss, time 3003ms |
15 |
>>rtt min/avg/max/mdev = 329.159/329.877/331.612/1.158 ms |
16 |
> |
17 |
> Look again! You're just looking at the _PING_ packets, not the ICMP/IP |
18 |
> packets actually going over the interface! You'll need to run |
19 |
> 'tcpdump icmp' in parallel! "My ping" also just reports 1 packet, but |
20 |
> there's two IP packets actually going over the interface, due to the |
21 |
> ping-packet being too large and being fragmented. |
22 |
> |
23 |
> Start the tcpdump in another (x)term before running the "ping" ... |
24 |
> |
25 |
> If you use '-M do', you should get the |
26 |
> |
27 |
> "Frag needed and DF set (mtu = NNNN)" |
28 |
|
29 |
|
30 |
I switched to '-M do' and found that 1464 is the highest size I can |
31 |
ping without the "Frag needed" error. This means I should add 28 to |
32 |
that and set my MTU to 1492 across the network? |
33 |
|
34 |
- Grant |
35 |
|
36 |
|
37 |
> error from ping. "-M dont" explicitly allows fragmentation, which you |
38 |
> can then see with tcpdump. E.g. a with my MTU of 1492, a |
39 |
> |
40 |
> ==== ping -n -c 1 -M dont -s 9999 192.168.178.1 ==== |
41 |
> PING 192.168.178.1 (192.168.178.1) 9999(10027) bytes of data. |
42 |
> 10007 bytes from 192.168.178.1: icmp_seq=1 ttl=64 time=2.79 ms |
43 |
> |
44 |
> --- 192.168.178.1 ping statistics --- |
45 |
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms |
46 |
> rtt min/avg/max/mdev = 2.795/2.795/2.795/0.000 ms |
47 |
> ==== |
48 |
> |
49 |
> results in |
50 |
> |
51 |
> ==== tcpdump -n -i eth0 icmp ==== |
52 |
> 17:40:11.901583 IP 192.168.178.11 > 192.168.178.1: ICMP echo request, id 11363, seq 1, length 1472 |
53 |
> 17:40:11.901597 IP 192.168.178.11 > 192.168.178.1: icmp |
54 |
> 17:40:11.901599 IP 192.168.178.11 > 192.168.178.1: icmp |
55 |
> 17:40:11.901600 IP 192.168.178.11 > 192.168.178.1: icmp |
56 |
> 17:40:11.901602 IP 192.168.178.11 > 192.168.178.1: icmp |
57 |
> 17:40:11.901603 IP 192.168.178.11 > 192.168.178.1: icmp |
58 |
> 17:40:11.901605 IP 192.168.178.11 > 192.168.178.1: icmp |
59 |
> 17:40:11.903762 IP 192.168.178.1 > 192.168.178.11: ICMP echo reply, id 11363, seq 1, length 1480 |
60 |
> 17:40:11.903779 IP 192.168.178.1 > 192.168.178.11: icmp |
61 |
> 17:40:11.903984 IP 192.168.178.1 > 192.168.178.11: icmp |
62 |
> 17:40:11.903997 IP 192.168.178.1 > 192.168.178.11: icmp |
63 |
> 17:40:11.904227 IP 192.168.178.1 > 192.168.178.11: icmp |
64 |
> 17:40:11.904241 IP 192.168.178.1 > 192.168.178.11: icmp |
65 |
> 17:40:11.904338 IP 192.168.178.1 > 192.168.178.11: icmp |
66 |
> ==== |
67 |
> |
68 |
> Yes, that is just the _one_ ping packet. |
69 |
> |
70 |
> Read up on the links I gave you about fragmentation and IP(v4) in |
71 |
> general a bit ;) It's much better described there than I could ATM. |
72 |
> |
73 |
> Which does not mean not to ask for stuff that's unclear. |
74 |
> |
75 |
> HTH, |
76 |
> -dnh, who seems to have a knack for translating "techese" to normal |
77 |
> language ... Actually, I guess fragmentation can be explained |
78 |
> quite nicely by comparing to real-life packets ;) You'd get an |
79 |
> basically unlimited supply of courier boys, but you can get just |
80 |
> so many incoming and outgoing through the doors ;) |
81 |
> |
82 |
> *grepping out the appropriate sig for that* |