RE: packet duplication

• Next message: Steve Francis: "Re: packet duplication"
• Previous message: Yuval Ben-Ari: "RE: [nsp] Microcom vs. MICA"
• In reply to: Scott Morris: "RE: packet duplication"
• Next in thread: Scott Morris: "RE: packet duplication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This is pretty bizarre. Packets are getting dup'd or rather regenerated
with a different TTL. That would suggest and ill behaved L3 device as
opposed to L2 (eg. SPAN port/bridge loop).

Is this the router you're suspecting:

 7 QAnhGSR-WestEdGSR-ATM.CSU.net (137.145.203.2) 23.5 ms 24.0 ms 24.7 ms

Are there other paths into it that would allow you to track it down to a particular
subnet/interface?

Barry

At 09:02 AM 12/2/2001 -0500, Scott Morris wrote:
>Just a note. Your TTL values in parentheses would be wrong... Traceroute
>by default will start with a TTL = 1, which will get an ICMP TTL-Exceeded
>message (because it counts down, and 0 is bad).
>
>Even if it counted up, you have 7 hops listed before you show TTL=250. So
>that wouldn't be possible anyway.
>
>Scott
>
>-----Original Message-----
>From: Jim Warner [mailto:warner@cats.UCSC.EDU]
>Sent: Sunday, December 02, 2001 1:28 AM
>To: bbruins@cisco.com; cisco-nsp@puck.nether.net; warner@cats.UCSC.EDU
>Subject: Re: packet duplication
>
>
>> What happens on a traceroute?
>
>Good question. Implimentations that care about TTL values
>complain when they pass this router. Running solaris snoop
>during a trace shows that the (un)expected extra replies are
>being received and ignorred by the program.
>
>traceroute to www.santacruz.k12.ca.us (205.155.8.128): 1-30 hops, 38 byte
>packets
> 1 comm-g-129.ucsc.edu (128.114.129.252) 33.5 ms 1.76 ms 1.66 ms
> 2 frontdoor-GE1-0-0.ucsc.edu (128.114.103.1) 0.772 ms 0.679 ms 0.593 ms
> 3 STAN--UCSC-gw.ATM.calren2.net (198.32.249.45) 3.23 ms 3.28 ms 3.36 ms
> 4 SUNV--STAN.POS.calren2.net (198.32.249.73) 3.65 ms 3.42 ms 3.31 ms
> 5 QSV-GSR--C2-QSV-GSR.CSU.net (137.145.11.5) 3.43 ms 3.65 ms 3.61 ms
> 6 WEGSR-QSVGSR-ATM.CSU.net (137.145.202.126) 22.6 ms 22.7 ms 22.9 ms
> 7 QAnhGSR-WestEdGSR-ATM.CSU.net (137.145.203.2) 23.5 ms 24.0 ms 24.7 ms
> 8 DCP-QANH-GSR.GE.calren2.net (137.164.12.33) 23.9 ms (ttl=250!) 23.7 ms
>(ttl=250!) 24.0 ms (ttl=250!)
> 9 WE-DCP--QANH-DCP-ATM.calren2.net (137.164.14.14) 25.3 ms (ttl=249!)
>24.7 ms (ttl=249!) 24.4 ms (ttl=249!)
>10 SLO-DCP--WE-DCP-ATM.calren2.net (137.164.14.13) 40.2 ms (ttl=248!)
>39.7 ms (ttl=248!) 39.8 ms (ttl=248!)
>11 QSal1-DCP--SLO-DCP-ATM.calren2.net (137.164.14.27) 43.0 ms (ttl=247!)
>43.0 ms (ttl=247!) 41.9 ms (ttl=247!)
>12 DCP-SCCOE-7507--DCP-QSAL-GSR1.DS3.calren2.net (137.164.2.153) 49.2 ms
>(ttl=246!) 49.4 ms (ttl=246!) 49.8 ms (ttl=246!)
>13 198.189.240.73 (198.189.240.73) 49.8 ms (ttl=245!) 49.2 ms (ttl=245!)
>49.1 ms (ttl=245!)
>14 ns.santacruz.k12.ca.us (205.155.7.2) 50.5 ms (ttl=244!) * 49.8 ms
>(ttl=244!)

• Next message: Steve Francis: "Re: packet duplication"
• Previous message: Yuval Ben-Ari: "RE: [nsp] Microcom vs. MICA"
• In reply to: Scott Morris: "RE: packet duplication"
• Next in thread: Scott Morris: "RE: packet duplication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:25 EDT