ping sends packets 1472 bytes

[RMGBELGIUM]

Hi all,

We've got an annoying problem.Some CS software we are running needs to send ICMP packets from client to server to check if the server is still alive
Apperently one of our machines is sending out packets of 1472 bytes when pinging, and they were dropped by our firewall.Is there any way to change the size of those packets? MTU is set to 1500, we arent using jumboframes

Thx in advance,

Regards,

R.

 

[RodKnowlton]

Is the machine with the 1472 byte packets a client or a server?

Are these ICMP ECHO packets?

The default packets sent by the AIX ping command are only 64 bytes, so it would seem that the application you're using is providing some state information in the payload. Perhaps that payload is variable length, and the one machine is the only one where the payload has violated a firewall rule.


Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
CompTIA Linux+
CompTIA Security+

 

[AIX5L]

Send your netstat -rn and no -a |grep pmtu

Has the Client an Ethernet Interface, or is it behind a VPN ?

 

[RMGBELGIUM]

The client has 2 ethernet cards

this is the output for netstat -rn :

Route Tree for Protocol Family 2 (Internet):
default 172.16.9.1 UGc 0 0 en0 - - -
89/8 172.16.5.1 UGc 0 0 en1 - - -
89.0.0.2 172.16.5.1 UGHW 7 5129592 en1 1500 - -
89.0.0.3 172.16.5.1 UGHW 1 69 en1 1500 - -
89.0.35.64 172.16.5.1 UGHW 1 277509 en1 1500 - -
89.0.35.90 172.16.5.1 UGHW 0 2462 en1 - 1 -
89.0.41.181 172.16.5.1 UGHW 2 1578934 en1 1500 - -
89.0.51.3 172.16.5.1 UGHW 5 6547 en1 1500 - -
89.0.51.10 172.16.5.1 UGHW 3 242273 en1 1500 - -
89.0.60.43 172.16.5.1 UGHW 1 3518 en1 1500 - -
89.0.61.109 172.16.5.1 UGHW 1 401 en1 1500 - -
89.0.61.242 172.16.9.1 UGH 0 29761 en0 1500 - -
127/8 127.0.0.1 U 106 41685411 lo0 - - -
172.16.2.3 172.16.9.1 UGHW 15 22774603 en0 - - -
172.16.2.158 172.16.9.1 UGHW 1 118464 en0 1500 - -
172.16.2.159 172.16.9.1 UGHW 3 38534063 en0 1500 - -
172.16.5.0 172.16.5.3 UHSb 0 0 en1 - - - =>
172.16.5/24 172.16.5.3 U 10 3 en1 - - -
172.16.5.3 127.0.0.1 UGHS 0 1 lo0 - - -
172.16.5.255 172.16.5.3 UHSb 0 4 en1 - - -
172.16.6.2 172.16.9.1 UGHW 0 17 en0 1500 1 -
172.16.6.4 172.16.9.1 UGHW 13 3991552 en0 1500 - -
172.16.9.0 172.16.9.3 UHSb 0 0 en0 - - - =>
172.16.9/24 172.16.9.3 U 25 5286808 en0 - - -
172.16.9.3 127.0.0.1 UGHS 570 229198408 lo0 - - -
172.16.9.255 172.16.9.3 UHSb 0 4 en0 - - -

Route Tree for Protocol Family 24 (Internet v6):
::1 ::1 UH 0 1232 lo0 16896 - -




no -a|grep pmtu :

pmtu_default_age = 10
pmtu_rediscover_interval = 30
tcp_pmtu_discover = 1
udp_pmtu_discover = 1


The client and the server are not in the same network range.
Client : 172.16.5.3
server : 89.0.0.2

Regards,

R.

 

[AIX5L]

Is there a need that you have

tcp_pmtu_discover = 1
udp_pmtu_discover = 1

active ?

If you don't have atm, or vpn involved you can turn this values to "0".

 

[sbix]

look's like a problem in the interface, normally with 802.3 interfaces you sends packets bigger than 1472, but with old ethernet interface that's the max packet size