weird routing question
Nathaniel Hall
lists at spider-security.net
Thu Nov 23 02:53:39 UTC 2006
fedora wrote:
> Andy Green wrote:
>> fedora wrote:
>>> Can anyone help me understand what I am doing wrong on the route del
>>> command and also if it looks like I am moving in the right direction
>>> to remove the latency issue?
>> Latencies are very often DNS problems of some sort. Check the
>> /etc/resolv.conf nameservers, and do a dig on them by hand from the
>> box in question
>> dig google.com @ my.first.nameserver.ip
>> and see what the latencies are like. If the latencies are good, try a
>> tcpdump -i eth1 port 53 -s0 -X
>> and try to cause the delay, maybe you can get a clue.
> Interesting - when I run tcpdump and try to connect on port 143 (IMAP
> port) it shows the immediate connection to that specific port - in
> other words, no latency on the server end - it appears to be on the
> way back to the desktop to complete the connection that the latency
> comes into play. Here's what is interesting - when I kill the tcpdump
> it shows the following:
> 392 packets received by filter
> 299 packets dropped by kernel
> I only ran this for approximately 30 seconds on our live system and
> only about three or four users' computers connected during this
> session. Your thoughts - anyone.
Have you considered the firewall that your DMZ connects to?
Specifically, do you drop, reject, or accept IDENT (TCP port 113)?
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
More information about the users
mailing list