Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Mar 2004 07:38:11 -0700
From:      Sherwood Botsford <sbotsford@sjsa.ab.ca>
To:        freebsd-net@freebsd.org
Subject:   tcpdump says errors.  Netstat says no.
Message-ID:  <200403170738.11990.sbotsford@sjsa.ab.ca>

next in thread | raw e-mail | index | archive | help
Originally posted on  FreeBSD-Questions@...

I'm running mail services (exim, fetchmail, popper) on 
FreeBSD 4.5

In a session trying to track down a problem related to a bad 
cable, I found that:
 
tcpdump -i xl0 -v -v -v host pop.incentre.net 

has lots of lines like this:

20:20:11.166767 postie.sjsa.internal.net.1126 > 
bach.ccinet.ab.ca.pop3: F [bad tcp cksum 4f5e!] 
61:61(0) ack 2075 win 33304 <nop,nop,timestamp 3005321 3937592> 
(DF) (ttl 64, id 57145, len 52, bad cksum 0!)

But netstat -I xl0 -w 10 during the same interval when the 
above were coming down at 5-10 per second showed:

            input          (xl0)           output
   packets  errs      bytes    packets  errs      bytes colls
        32     0       4019         28     0       4573     0
        24     0       3512         22     0       4934     0
       444     0      30070        433     0     227132     0

Explanations? (I also get them on the local network;
it's not just this destination host.)

**********************

Further testing:
Xterm ssh'd into postie:
 netstat -I xl0 -w 10 -d
            input          (xl0)           output
   packets  errs      bytes    packets  errs      bytes colls drops
         4     0        367          4     0        298     0     0
        27     0       4346         23     0       2368     0     0
        21     0       1746         10     0       1170     0     0
        19     0       1472         15     0       1516     0     0
         4     0        429          1     0        178     0     0
...

Note:  NO dropped packets, no errors.

Separate xterm ssh'd to postie:
   tcpdump -i xl0 -c 1000 -v -v -v | grep bad | wc
tcpdump: listening on xl0
     477    8960   72418

Separate xterm on localhost
ping postie.

So you can see that nearly half of the packets have bad
checksums.  

I think I'm missing something here.


-- 
Sherwood Botsford
St. John's School of Alberta



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403170738.11990.sbotsford>