SUMMARY ADD: TCP dump - SOLVED from Nikola Milutinovic on 2000-10-11 (tru64-unix-managers)

From: Nikola Milutinovic <Nikola.Milutinovic_at_ev.co.yu>
Date: Wed, 11 Oct 2000 11:26:31 +0200

Hi all.

I would like to thank these people for lending their advice:

Tim Hespe <t.hespe_at_unsw.edu.au>
mogul_at_actitis.pa.dec.com (Jeffrey Mogul)
John P Speno <speno_at_isc.upenn.edu>
Bård Tesaker <bt_at_chembio.ntnu.no>

They all pointed me to a correct solution, "pfconfig +p +c".

What noone has addressed (and experienced) is the delay I'm having with
tcpdump. That time delay lead me to posting my original message. The
problem is:

1. Everything is configured as it should be.
2. I start the service which I want to sniff (IMAP session, PING, etc.).
3. When I start TCPdump, there is no output and the service freezes
4. After about 10 or 15 seconds the service starts
and TCPdump starts producing output.
5. The packets taht were sent during those 10-15 secs are lost
6. THE STRANGEST THING: when I Ctrl-C TCPdump, the service in question
freezes AGAIN for 10-15 secs!

I have tried "tcpdump -i tu1 -l icmp", the same. Then I tried "tcpdump
-l -n -i tu1 icmp", no change.

Then I tried to sniff IMAP and pinged the machine. PING again FROZE! So,
I'm assuming that the whole network is off.

So, to summarize: when TCPdump works, the network works as well. When
TCPdump starts/stops there is a strange (switch on)/(switch off) time
delay of 15 seconds when using packetfilter.

The NIC is DE-500 10/100 connected to BayNetworks 350-T 10/100
autosensing switch. The DE-500 is set to Auto-Negotiate.

The OS is Tru64 UNIX 4.0F + PK3.

Could this be some weird Autosensing problem?

------ ONLINE UPDATE :-) ------

Ideas seam to be springing as I write this. I've just set NIC to
no-negotiate:

# lan_config -i tu1 -s 100 -x 1 -a 0 -m utp

And tried tcpdump - NO DELAYS!!! So, it appears that when
starting/stopping PacketFilter, UNIX initiates Auto-Negotiate. I know
that T64U enjoys initializing Auto-Negotiate NICs (during boot-up it
happens 3 times), but this was rather idiotic.

-------------------------------

FINAL SUMMARY
-------------

1. Set PacketFilter to "Copy-All": "pfconfig +c +p tu1"
2. Set NIC to "No-Negotiate": "lan_config -i tu1 -s 100 -x 1 -a 0 -m
utp"
3. Sniff as much as you like: "tcpdump -i tu1 icmp"

Thanks to all who helped me get on the right track.

Nix.

-- 
Black holes SUCK!

Received on Wed Oct 11 2000 - 09:23:05 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:41 NZDT