From owner-freebsd-chat  Thu Sep 25 03:47:15 1997
Return-Path: <owner-freebsd-chat>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id DAA10641
          for chat-outgoing; Thu, 25 Sep 1997 03:47:15 -0700 (PDT)
Received: from bunyip.cc.uq.edu.au (daemon@bunyip.cc.uq.edu.au [130.102.2.1])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id DAA10636
          for <freebsd-chat@freebsd.org>; Thu, 25 Sep 1997 03:47:08 -0700 (PDT)
Received: (from daemon@localhost)
	by bunyip.cc.uq.edu.au (8.8.7/8.8.7) id UAA26140;
	Thu, 25 Sep 1997 20:44:30 +1000
Received: from localhost.dtir.qld.gov.au (localhost.dtir.qld.gov.au [127.0.0.1])
	by ogre.dtir.qld.gov.au (8.8.7/8.8.7) with SMTP id UAA25273;
	Thu, 25 Sep 1997 20:39:15 +1000 (EST)
Message-Id: <199709251039.UAA25273@ogre.dtir.qld.gov.au>
X-Authentication-Warning: ogre.dtir.qld.gov.au: localhost.dtir.qld.gov.au [127.0.0.1] didn't use HELO protocol
To: Open Systems Networking <opsys@mail.webspan.net>
cc: freebsd-chat@freebsd.org, syssgm@dtir.qld.gov.au
Subject: Re: debian linux ping ? *WARNING LINUX INVOLVED!!* 
References: <Pine.BSF.3.95.970925031328.3496A-100000@orion.webspan.net>
In-Reply-To: <Pine.BSF.3.95.970925031328.3496A-100000@orion.webspan.net>
    from Open Systems Networking at "Thu, 25 Sep 1997 07:22:39 +0000"
Date: Thu, 25 Sep 1997 20:39:15 +1000
From: Stephen McKay <syssgm@dtir.qld.gov.au>
Sender: owner-freebsd-chat@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Thursday, 25th September 1997, Open Systems Networking wrote:

>While to trying to figure out why my local cable company whos offering
>net access, has such flaky service, i ran across this output of ping and
>cannot figure out WHY it's doing these things. Anyone have an answer?

Ooh!  I like puzzles. :-)

>cypress: {12}ping -v idtswe1
>
>76 bytes from localhost (127.0.0.1): Destination Port Unreachable
>Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst Data
> 4  5  00 4400 a758   0 0000  40  11 0024 127.0.0.1  127.0.0.1
>UDP: from port 1254, to port 512 (decimal)

Looks like you were receiving mail and don't have comsat enabled in
/etc/inetd.conf.  And you've got a verbose ping.

>First question is WHY is it showing a packet with a src and dst address as
>127.0.0.1? im not pinging loopback.

Because mail.local tried to talk to biff/comsat, I expect.  Local to local.

>64 bytes from 206.101.232.98: icmp_seq=19 ttl=252 time=61.4 ms
>
>Correct IP address of idtswe1 
>
>64 bytes from lpthomas.winning-edge.com (205.217.148.247): Echo Request
>		^^^^^^^^^^^^^^^^^^^^^^^^
>NOT idtswe1.idir.net
>Whoa hello where did you come from.
>I think debian linux is broke :)
>64 bytes from 206.101.232.98: icmp_seq=117 ttl=252 time=40.0 ms
>64 bytes from 206.101.232.98: icmp_seq=118 ttl=252 time=53.3 ms
>64 bytes from lpthomas.winning-edge.com (205.217.148.247): Echo Request
>		^^^^^^^^^^^^^^^^^^^^^^^
>Whats the deal on that as well?

It looks like linux ping isn't very picky and will display all ICMP traffic
going past.  It is an echo request, not a reply.  Maybe the dude was doing
a broadcast ping.  I expected ping -v on FreeBSD to act the same, but got
nothing special, even as root.  I suppose there could be some kernel
filtering going on, but I seem to be losing interest now. :-)  You'll be
wanting to "Read the Source, Luke"!

Oh well, back to the grind...

Stephen.