Results 1 to 7 of 7

Thread: [HELP] Ping to the def. GW works only if tcpdump is on

  1. #1
    ciri_fiona NNTP User

    Default [HELP] Ping to the def. GW works only if tcpdump is on

    Hi,

    I am totally confused. From one of my servers I can ping the default GW only if tcpdump is running on this machine - what the hell is going on???? What does tcpdump change that suddenly the network is available and when I switch off tcpdump nothing is pingable except the local network (but not the gateway)??? Anyone has any idea?

    OK, from the beginning.

    The IP config of this strange host:

    Code:
    dbsiteui:~ # ifconfig
    
    eth0      Link encap:Ethernet  HWaddr 00:1B:78:99:1F:A0
    
              inet addr:10.16.61.22  Bcast:10.16.61.255  Mask:255.255.255.0
    
              inet6 addr: fe80::21b:78ff:fe99:1fa0/64 Scope:Link
    
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
              RX packets:23299 errors:0 dropped:0 overruns:0 frame:0
    
              TX packets:17322 errors:0 dropped:0 overruns:0 carrier:0
    
              collisions:0 txqueuelen:1000
    
              RX bytes:24057584 (22.9 Mb)  TX bytes:3569924 (3.4 Mb)
    
              Interrupt:16 Memory:f8000000-f8011100
    
    lo        Link encap:Local Loopback
    
              inet addr:127.0.0.1  Mask:255.0.0.0
    
              inet6 addr: ::1/128 Scope:Host
    
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
    
              RX packets:79 errors:0 dropped:0 overruns:0 frame:0
    
              TX packets:79 errors:0 dropped:0 overruns:0 carrier:0
    
              collisions:0 txqueuelen:0
    
              RX bytes:9533 (9.3 Kb)  TX bytes:9533 (9.3 Kb)
    
    dbsiteui:~ # netstat -rn
    
    Kernel IP routing table
    
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    
    10.16.61.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0
    
    169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
    
    127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
    
    0.0.0.0         10.16.61.1      0.0.0.0         UG        0 0          0 eth0
    
    dbsiteui:~ # ip addr sh
    
    1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    
        inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    
        inet6 ::1/128 scope host
    
           valid_lft forever preferred_lft forever
    
    2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    
        link/ether 00:1b:78:99:1f:a0 brd ff:ff:ff:ff:ff:ff
    
        inet 10.16.61.22/24 brd 10.16.61.255 scope global eth0
    
        inet6 fe80::21b:78ff:fe99:1fa0/64 scope link
    
           valid_lft forever preferred_lft forever
    
    3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    
        link/ether 00:1b:78:99:1f:9e brd ff:ff:ff:ff:ff:ff
    
    4: sit0: <NOARP> mtu 1480 qdisc noqueue
    
        link/sit 0.0.0.0 brd 0.0.0.0
    
    dbsiteui:~ # ip route sh
    
    10.16.61.0/24 dev eth0  proto kernel  scope link  src 10.16.61.22
    
    169.254.0.0/16 dev eth0  scope link
    
    127.0.0.0/8 dev lo  scope link
    
    default via 10.16.61.1 dev eth0
    Now similar host in the same subnet - everything is working fine:
    Code:
    dbsitecu:~ # ifconfig
    
    eth0      Link encap:Ethernet  HWaddr 00:1B:78:99:1F:32
    
              inet addr:10.16.61.23  Bcast:10.16.61.255  Mask:255.255.255.0
    
              inet6 addr: fe80::21b:78ff:fe99:1f32/64 Scope:Link
    
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
              RX packets:951593 errors:0 dropped:0 overruns:0 frame:0
    
              TX packets:397028 errors:0 dropped:0 overruns:0 carrier:0
    
              collisions:0 txqueuelen:1000
    
              RX bytes:202256460 (192.8 Mb)  TX bytes:159600871 (152.2 Mb)
    
              Interrupt:16 Memory:f8000000-f8011100
    
    eth1      Link encap:Ethernet  HWaddr 00:1B:78:99:1F:30
    
              inet addr:10.16.200.23  Bcast:10.16.200.255  Mask:255.255.255.0
    
              inet6 addr: fe80::21b:78ff:fe99:1f30/64 Scope:Link
    
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
              RX packets:744410 errors:0 dropped:0 overruns:0 frame:0
    
              TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
    
              collisions:0 txqueuelen:1000
    
              RX bytes:55594176 (53.0 Mb)  TX bytes:1994 (1.9 Kb)
    
              Interrupt:17 Memory:fa000000-fa011100
    
    lo        Link encap:Local Loopback
    
              inet addr:127.0.0.1  Mask:255.0.0.0
    
              inet6 addr: ::1/128 Scope:Host
    
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
    
              RX packets:623 errors:0 dropped:0 overruns:0 frame:0
    
              TX packets:623 errors:0 dropped:0 overruns:0 carrier:0
    
              collisions:0 txqueuelen:0
    
              RX bytes:36547 (35.6 Kb)  TX bytes:36547 (35.6 Kb)
    
    
    dbsitecu:~ # netstat -rn
    
    Kernel IP routing table
    
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    
    10.16.61.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0
    
    10.16.200.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
    
    169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
    
    127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
    
    0.0.0.0         10.16.61.1      0.0.0.0         UG        0 0          0 eth0
    
    
    dbsitecu:~ # ip addr sh
    
    1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    
        inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    
        inet6 ::1/128 scope host
    
           valid_lft forever preferred_lft forever
    
    2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    
        link/ether 00:1b:78:99:1f:32 brd ff:ff:ff:ff:ff:ff
    
        inet 10.16.61.23/24 brd 10.16.61.255 scope global eth0
    
        inet6 fe80::21b:78ff:fe99:1f32/64 scope link
    
           valid_lft forever preferred_lft forever
    
    3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    
        link/ether 00:1b:78:99:1f:30 brd ff:ff:ff:ff:ff:ff
    
        inet 10.16.200.23/24 brd 10.16.200.255 scope global eth1
    
        inet6 fe80::21b:78ff:fe99:1f30/64 scope link
    
           valid_lft forever preferred_lft forever
    
    4: sit0: <NOARP> mtu 1480 qdisc noqueue
    
        link/sit 0.0.0.0 brd 0.0.0.0
    
    dbsitecu:~ # ip route sh
    
    10.16.61.0/24 dev eth0  proto kernel  scope link  src 10.16.61.23
    
    10.16.200.0/24 dev eth1  proto kernel  scope link  src 10.16.200.23
    
    169.254.0.0/16 dev eth0  scope link
    
    127.0.0.0/8 dev lo  scope link
    
    default via 10.16.61.1 dev eth0

    Now when I switch on tcp dump on 10.16.61.22 ping to the def. GW is working fine:

    Code:
    dbsiteui:~ # ping 10.16.61.1
    
    PING 10.16.61.1 (10.16.61.1) 56(84) bytes of data.
    
    64 bytes from 10.16.61.1: icmp_seq=1 ttl=255 time=0.402 ms
    
    64 bytes from 10.16.61.1: icmp_seq=2 ttl=255 time=0.696 ms
    
    64 bytes from 10.16.61.1: icmp_seq=3 ttl=255 time=0.546 ms
    
    64 bytes from 10.16.61.1: icmp_seq=4 ttl=255 time=0.421 ms
    
    64 bytes from 10.16.61.1: icmp_seq=5 ttl=255 time=0.312 ms
    
    --- 10.16.61.1 ping statistics ---
    
    5 packets transmitted, 5 received, 0% packet loss, time 4001ms
    
    rtt min/avg/max/mdev = 0.312/0.475/0.696/0.134 ms
    But if I stop tcpdump - ping to the GW fails (but still 10.16.61.23 is pingable):
    Code:
    dbsiteui:~ # ping 10.16.61.1
    
    PING 10.16.61.1 (10.16.61.1) 56(84) bytes of data.
    
    --- 10.16.61.1 ping statistics ---
    
    16 packets transmitted, 0 received, 100% packet loss, time 14999ms.
    Why 10.16.61.22 behaves in such a strange way?

    PS. The system version on both machines is SUSE LINUX Enterprise Server 9 (x86_64) VERSION = 9, PATCHLEVEL = 3

  2. #2
    ciri_fiona NNTP User

    Default Re: [HELP] Ping to the def. GW works only if tcpdump is on

    OK, I did some troubleshooting and I can specify my question:

    why I cannot ping the default gateway unless the network interface is in the promiscuous mode...?

    Thanks in advance for any help!
    Joanna

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: [HELP] Ping to the def. GW works only if tcpdump is on

    Bizarre, and I have no idea, but seeing as you are running a tcpdump, why not look at the ping replies to see if there is anything odd about them?

    Wait, perhaps you have blocked ping replies in your firewall rules?

  4. #4
    ciri_fiona NNTP User

    Default Re: [HELP] Ping to the def. GW works only if tcpdump is on

    Ping in the local network is working fine. If I ping 10.16.61.22 from 10.16.61.23 (or the other way round) it works.
    But if I want to ping the default gateway (10.16.61.1) or anything outside the local subnet - it fails unless I enable the promiscuous mode on the eth0.

    And if I ping 10.16.61.1 from 10.16.61.23 or some hosts from other subnets (e.g. 10.16.63.41) - the ping is successfull. Only 10.16.61.22 cannot ping 10.16.61.1 unless in promiscuous mode.

    Cheers,
    Joanna

  5. #5

    Default Re: [HELP] Ping to the def. GW works only if tcpdump is on

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I would get a problem with some other network setting. What do you get
    from the following commands:

    ip addr
    ip route

    Also have you customized your firewall? By default everything SUSE-ish
    allows pings to work in either direction.

    Good luck.





    ciri fiona wrote:
    > Ping in the local network is working fine. If I ping 10.16.61.22 from
    > 10.16.61.23 (or the other way round) it works.
    > But if I want to ping the default gateway (10.16.61.1) or anything
    > outside the local subnet - it fails unless I enable the promiscuous mode
    > on the eth0.
    >
    > And if I ping 10.16.61.1 from 10.16.61.23 or some hosts from other
    > subnets (e.g. 10.16.63.41) - the ping is successfull. Only 10.16.61.22
    > cannot ping 10.16.61.1 unless in promiscuous mode.
    >
    > Cheers,
    > Joanna
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJKpKQiAAoJEF+XTK08PnB5UqkP/R365GkEdKf4uzj90VIj/QrJ
    ANgFQM1LZSM5U3Q8h6ZJj79/uXwYUnPrpVE02Up7ExDnEY7U9w1QpoYxbckrLbaP
    a9fdPsLRAJnreTCjrVXLPaigTwQ4bYYQYBPr4K9k82l2ydP0p24jA/I2KcAK5AVI
    coHe3Ab6ZAKn/xH0SSdn1DuCYoY45kUQTBr9WCuJjjpysiL0deYEdc08YglgWpF3
    oLFU6oUnJTveHQqxmCuCaMA5v5nxpygWCvoHgzWOBzukzQW06Lvgjqco3hQGaaAr
    mspfb9+/QvKHc/biDuF7gWQD4tJNKs9JEe6+dXimZS1NQjm37/nyBVPRzcuhSkBt
    1c7Xw1D1STexSblywi81SQwInW1xQXlnRz2owffuxWwD/GFlHzgj9xUb4Dch/DmG
    yKT1fREJuWkpW1Fc7LrzbP4RGRWQzo82ddhUXd79yolTgakjiDmpgnfWt63wN1SL
    53xouByOOGuGvnQda5W3Q5FqwnVw1lBjEXsIvy9jveDDNAWQCoZluuIKeuspUcrS
    0eD0MxfztldDJcD85UNZNW12eZL3saD2BxELiOOSlw7fsHNQZVk9MduRRIp5DcMu
    7Cp3v6DLbTqLN/c9GUXtpheVE9BvaQKmYwUf7TNGNpRLy232CiP5Dmj65mqEH1tD
    AW0Tdf5M8xKCWvmOD5yf
    =xw8j
    -----END PGP SIGNATURE-----

  6. #6
    ciri_fiona NNTP User

    Default Re: [HELP] Ping to the def. GW works only if tcpdump is on

    Please find below:
    Code:
    dbsiteui:/etc/sysconfig # ip addr
    
    1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    
        inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    
        inet6 ::1/128 scope host
    
           valid_lft forever preferred_lft forever
    
    2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    
        link/ether 00:1b:78:99:1f:a0 brd ff:ff:ff:ff:ff:ff
    
        inet 10.16.61.22/24 brd 10.16.61.255 scope global eth0
    
        inet6 fe80::21b:78ff:fe99:1fa0/64 scope link
    
           valid_lft forever preferred_lft forever
    
    3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    
        link/ether 00:1b:78:99:1f:9e brd ff:ff:ff:ff:ff:ff
    
    4: sit0: <NOARP> mtu 1480 qdisc noqueue
    
        link/sit 0.0.0.0 brd 0.0.0.0
    
    dbsiteui:/etc/sysconfig # ip route
    
    10.16.61.0/24 dev eth0  proto kernel  scope link  src 10.16.61.22
    
    169.254.0.0/16 dev eth0  scope link
    
    127.0.0.0/8 dev lo  scope link
    
    default via 10.16.61.1 dev eth0

  7. #7
    ciri_fiona NNTP User

    Default Re: [HELP] Ping to the def. GW works only if tcpdump is on

    OK, after some troubleshooting it turned out that there is an IP address conflict (?) and the router is sending packets to the wrong MAC address.
    On the other hand after I changed the IP to something else, nothing is responding to the pings at 10.16.61.22 so maybe something got stack in the ARP table on the router or I do not know...?
    Anyway after I changed the IP everything works fine.

    Thanks for all your comments.
    Cheers,
    Joanna

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •