tcpdump says errors. Netstat says no.
Sherwood Botsford
sbotsford at sjsa.ab.ca
Wed Mar 17 16:51:59 PST 2004
Originally posted on FreeBSD-Questions at ...
I'm running mail services (exim, fetchmail, popper) on
FreeBSD 4.5
In a session trying to track down a problem related to a bad
cable, I found that:
tcpdump -i xl0 -v -v -v host pop.incentre.net
has lots of lines like this:
20:20:11.166767 postie.sjsa.internal.net.1126 >
bach.ccinet.ab.ca.pop3: F [bad tcp cksum 4f5e!]
61:61(0) ack 2075 win 33304 <nop,nop,timestamp 3005321 3937592>
(DF) (ttl 64, id 57145, len 52, bad cksum 0!)
But netstat -I xl0 -w 10 during the same interval when the
above were coming down at 5-10 per second showed:
input (xl0) output
packets errs bytes packets errs bytes colls
32 0 4019 28 0 4573 0
24 0 3512 22 0 4934 0
444 0 30070 433 0 227132 0
Explanations? (I also get them on the local network;
it's not just this destination host.)
**********************
Further testing:
Xterm ssh'd into postie:
netstat -I xl0 -w 10 -d
input (xl0) output
packets errs bytes packets errs bytes colls drops
4 0 367 4 0 298 0 0
27 0 4346 23 0 2368 0 0
21 0 1746 10 0 1170 0 0
19 0 1472 15 0 1516 0 0
4 0 429 1 0 178 0 0
...
Note: NO dropped packets, no errors.
Separate xterm ssh'd to postie:
tcpdump -i xl0 -c 1000 -v -v -v | grep bad | wc
tcpdump: listening on xl0
477 8960 72418
Separate xterm on localhost
ping postie.
So you can see that nearly half of the packets have bad
checksums.
I think I'm missing something here.
--
Sherwood Botsford
St. John's School of Alberta
More information about the freebsd-net
mailing list