-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is my eth1 interface (the one on the home network side of my firewall).
Okay, so it looks like I'm filtering ICMP packets. Is that right? Here, I'm
trying to ping debian.org from painter, which is connected to eth1 through a
hub. poet is my firewall machine, and ppp0 is the external interface. I'm
also doing all the tcpdump monitoring and such from the firewall machine
through ssh, so that's some of the ssh noise that you see.
Thanks for all of the help! This is finally fun....as in, my understanding in
improving by leaps and bounds.....
Russell
09:37:52.530000 painter.2075 > vnsc-pri.sys.gtei.net.domain: 51429+ A?
debian.org. (28)
09:37:52.570000 vnsc-pri.sys.gtei.net.domain > painter.2075: 51429 1/8/6 A
gluck.debian.org (317) (DF)
09:37:52.700000 painter > gluck.debian.org: icmp: echo request
09:37:52.700000 poet > painter: icmp: host gluck.debian.org unreachable [tos
0xc0]
09:37:52.710000 painter.ssh > poet.3421: P 1117:1185(68) ack 880 win 16060
<nop,nop,timestamp 41521808 81623651> (DF) [tos 0x10]
09:37:52.730000 poet.3421 > painter.ssh: . ack 1185 win 32120
<nop,nop,timestamp 81624805 41521808> (DF) [tos 0x10]
09:37:58.460000 painter > gluck.debian.org: icmp: echo request
09:37:58.460000 poet > painter: icmp: host gluck.debian.org unreachable [tos
0xc0]
09:38:02.240000 painter > gluck.debian.org: icmp: echo request
09:38:02.240000 poet > painter: icmp: host gluck.debian.org unreachable [tos
0xc0]
09:38:05.800000 painter > gluck.debian.org: icmp: echo request
09:38:05.800000 poet > painter: icmp: host gluck.debian.org unreachable [tos
0xc0]
On Saturday 24 August 2002 09:00 am, you wrote:
> > This is the output of tcpdump when I try to ping debian's servers from
> > the Quadra.
> > poet:/home/rusty# tcpdump
> > tcpdump: listening on ppp0
> > 08:35:32.660000 4.62.115.139.63452 > 4.2.2.1.domain: 42438+ A?
> > debian.org. (28)
> > 08:35:32.710000 4.2.2.1.domain > 4.62.115.139.63452: 42438 1/8/5 A
> > 192.25.206.10 (301) (DF)
> >
> > Ahhhh...the joys of looking at tcpdump on a quiet network! (mine) I
> > volunteer at a school where there's tons of traffic, and I could never
> > figure out how to isolate what I wanted, or even how to figure out what I
> > wanted.
> >
> > Thanks!
>
> You are getting back an answer, at least as far as the firewall's
> external interface. Did you look to see if that reply is being sent on
> your internal interface, back to the Quadra?
>
> BTW, you can tell tcpdump to look at only the traffic that you are
> interested in (no, its not quite that simple, no AI :-) To look only at
> the traffic between gecko.hef and micro.hef on the incredibly busy
> ".hef" network:
> tcpdump "host gecko.hef and host micro.hef"
>
> To view ALL traffic in and out of gecko.hef:
> tcpdump "host gecko.hef"
>
> To view all traffic where gecko.hef originates the packets:
> tcpdump "src host gecko.hef"
>
> etc.
>
> --ronan
- --
Linux -- the OS for the Renaissance Man
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9Z45yAqKGrvVshJQRAuukAJ4pbSiynOewRYABb6wrEt0yic6uzQCeM/bc
7qUKOpcDQ1IMkgxBfwywda4=
=2CgJ
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:56:10 EDT