tcpdump says errors. Netstat says no.

Sreekanth sreekanth at redlinenetworks.com
Wed Mar 17 16:58:42 PST 2004 

Netstat errors are those errors reported by the Hardware(NIC) for e.g,
buffer underrun overrun etc,They do not check for errors in tcp layer.

Sreekanth

> -----Original Message-----
> From: owner-freebsd-net at freebsd.org 
> [mailto:owner-freebsd-net at freebsd.org] On Behalf Of Sherwood Botsford
> Sent: Wednesday, March 17, 2004 6:38 AM
> To: freebsd-net at freebsd.org
> Subject: tcpdump says errors. Netstat says no.
> 
> 
> Originally posted on  FreeBSD-Questions at ...
> 
> I'm running mail services (exim, fetchmail, popper) on 
> FreeBSD 4.5
> 
> In a session trying to track down a problem related to a bad 
> cable, I found that:
>  
> tcpdump -i xl0 -v -v -v host pop.incentre.net 
> 
> has lots of lines like this:
> 
> 20:20:11.166767 postie.sjsa.internal.net.1126 > 
> bach.ccinet.ab.ca.pop3: F [bad tcp cksum 4f5e!] 
> 61:61(0) ack 2075 win 33304 <nop,nop,timestamp 3005321 3937592> 
> (DF) (ttl 64, id 57145, len 52, bad cksum 0!)
> 
> But netstat -I xl0 -w 10 during the same interval when the 
> above were coming down at 5-10 per second showed:
> 
>             input          (xl0)           output
>    packets  errs      bytes    packets  errs      bytes colls
>         32     0       4019         28     0       4573     0
>         24     0       3512         22     0       4934     0
>        444     0      30070        433     0     227132     0
> 
> Explanations? (I also get them on the local network;
> it's not just this destination host.)
> 
> **********************
> 
> Further testing:
> Xterm ssh'd into postie:
>  netstat -I xl0 -w 10 -d
>             input          (xl0)           output
>    packets  errs      bytes    packets  errs      bytes colls drops
>          4     0        367          4     0        298     0     0
>         27     0       4346         23     0       2368     0     0
>         21     0       1746         10     0       1170     0     0
>         19     0       1472         15     0       1516     0     0
>          4     0        429          1     0        178     0     0
> ...
> 
> Note:  NO dropped packets, no errors.
> 
> Separate xterm ssh'd to postie:
>    tcpdump -i xl0 -c 1000 -v -v -v | grep bad | wc
> tcpdump: listening on xl0
>      477    8960   72418
> 
> Separate xterm on localhost
> ping postie.
> 
> So you can see that nearly half of the packets have bad checksums.  
> 
> I think I'm missing something here.
> 
> 
> -- 
> Sherwood Botsford
> St. John's School of Alberta
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list 
> http://lists.freebsd.org/mailman/listinfo/free> bsd-net
> To 
> unsubscribe, send any mail to 
> "freebsd-net-unsubscribe at freebsd.org"
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.573 / Virus Database: 363 - Release Date: 1/28/2004
>  
>

More information about the freebsd-net mailing list