Re: [SLE] SuSE/Linux Ping vs DOS Ping
- From: Brad Bourn <brad@xxxxxxxxxxxx>
- Date: Fri, 2 Dec 2005 13:51:26 -0700
I see from your next post, that you also tried switching IP addresses from XP
to SuSE. That would eliminate the difference between subnets, gateways, or
routing problems..... wait, maybe give the industrial box the IP of the XP
machine. That was successful before. Then you will have eliminated the
routing stuff.
Which would leave one basic difference, like you also posted in the next
message, that the packets are formed differently.
Thinking that the protocol is supposed to be the same (regardless of OS or
program making the packets, if done right), Maybe the difference is that the
Linux box is implementing it "right" or "current".
People complain often about Linux being behind windows in Destop GUI, Hardware
Support, Etc. You'll often hear things like "It works with windows, So I
know the hardware is OK. Well, this is simply NOT the case. Linux is far
more "bleeding edge" than windows. You'll see OS support for "true"
hardware / standards implementation FAR before you'll see them in windows.
And if the hardware side isn't implemented to the standard, you won't find
out about it until you load Linux on the box and let the newest drivers /
technology talk to the hardware. A good example is 64 mobo's. Well, there
was 64 bit Linux WAAAAAAAAAAAAAAAY before there was 64 bit windows. Some had
a 64 bit board with windows loaded on it (32-bit) and then loaded Linux on it
(64 bit) and things went bad. (BIOS not up to standards or something) Well,
saying that it works in windows isn't accurate. Windows isn't taking full
advantage of the hardware like Linux is. Same could be true in your
situation. For example, if that industrial piece of hardware is older than
your kernel version, the latest Linux kernel may be using a current standard
"ping" packet (like with ipv6 stuff in it), where the windows box is still
using the old stuff that isn't as bleeding edge.
So when these types of problems happen, you can sometimes dumb Linux down to
the level of windows to get something to work that windows can do that
(bleeding edge) Linux can't.
I'm not sure what would be newer with a ping packet. My assumtion would be
something with ipv6 maybe? Can someone else on this list clarify? You might
want to start checking what options you have for configuring the way the ping
packets are constructed....... And dumb it down to the bare minimun (older
standard) to give you the most chance of being as dumb as windows.
hehehe
Just a thought.
B-)
On Friday 02 December 2005 12:10 pm, David McMillan wrote:
> Brad Bourn wrote:
> > ok, cable, windows box, industrial box are "known good"
>
> Yep, verified several different ways.
>
> > Anyway, that is now also known good. (We don't need DNS, you know the
> > IP).
> >
> > The only question we have then is, "Is the SuSE box known good?"
> >
> > So, I'll ask. Can you / Have you been able to ping anything with that
> > box?
>
> Oh, yes. Ping works fine across the the internet, on my home LAN, on
> the corporate intranet, and on various WiFi hotspots. Never any trouble.
>
> > Does it have internet access? (to test a ping like microsoft.com or your
> > isp or gateway or something)
> >
> > Can you Windows box ping the SuSE box? (does it answer?)
>
> Hooked up all three machines on a small switch (definitely a switch,
> not a router -- I checked) to try more testing. XP and SuSE could not
> ping each other until I killed SuSEFirewall -- after that, perfect
> pings, both ways. XP could still ping Industrial, but SuSE couldn't.
>
> > Does the ping comand even work on the SuSE box? Can it ping itself?
>
> Yep.
> # ping 172.16.200.241
> PING 172.16.200.241 (172.16.200.241) 56(84) bytes of data.
> 64 bytes from 172.16.200.241: icmp_seq=1 ttl=64 time=0.169 ms
> 64 bytes from 172.16.200.241: icmp_seq=2 ttl=64 time=0.164 ms
>
>
> Ran an nmap of the subnet: (SuSE is .241, XP is .245, Industrial is
> .240. Netmasks are all 255.255.0.0):
> Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-12-02
> 13:43 EST
> sendto in send_ip_raw: sendto(4, packet, 28, 0, 172.16.200.0, 16) =>
> Operation not permitted
> Interesting ports on 172.16.200.240:
> (The 1641 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 23/tcp open telnet
> 24/tcp filtered priv-mail
> 137/tcp filtered netbios-ns
> 273/tcp filtered unknown
> 334/tcp filtered unknown
> 517/tcp filtered talk
> 552/tcp filtered deviceshare
> 682/tcp filtered unknown
> 730/tcp filtered netviewdm2
> 817/tcp filtered unknown
> 823/tcp filtered unknown
> 834/tcp filtered unknown
> 936/tcp filtered unknown
> 1440/tcp filtered eicon-slp
> 1532/tcp filtered miroconnect
> 1650/tcp filtered nkd
> 3269/tcp filtered globalcatLDAPssl
> 27003/tcp filtered flexlm3
>
> Interesting ports on 172.16.200.241:
> (The 1650 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 21/tcp open ftp
> 22/tcp open ssh
> 111/tcp open rpcbind
> 631/tcp open ipp
> 901/tcp open samba-swat
> 5800/tcp open vnc-http
> 5801/tcp open vnc-http-1
> 5900/tcp open vnc
> 5901/tcp open vnc-1
>
> Interesting ports on 172.16.200.245:
> (The 1651 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 21/tcp open ftp
> 23/tcp open telnet
> 80/tcp open http
> 135/tcp open msrpc
> 139/tcp open netbios-ssn
> 445/tcp open microsoft-ds
> 502/tcp open asa-appl-proto
> 1212/tcp open lupa
>
> Nmap run completed -- 256 IP addresses (3 hosts up) scanned in 126.950
> seconds
>
> > This should narrow down the possibilities anyway.
> >
> > Like someone else pointed out. Ping is a TCP/IP protocal / networking
> > thing.
> >
> > It would be like saying Windows HTML is different than Linux's HTML, or
> > Windows Font is different that Linux's font.
>
> I thought "Windows <anything>" was always different than "Standard
> <anything>," by definition. :)
> Kidding aside, that's what I believed to be true, as well. But as
> far as I can tell, from process of elimination, there is *something*
> different between the two.
>
> I'm no low-level protocol guru, but I ran an Ethereal trace just to
> look at the packet structure. For some reason, I couldn't see the
> packets passing between XP and the industrial box (the switch's
> fault?), but I recorded the ping requests between XP and SuSE, and
> this is what I got (apologies for the lousy formatting):
>
> From XP:
> 0000 00 40 45 12 91 c4 00 11 11 5b fe 4b 08 00 45 00 .@xxxxxxx[.K..E.
> 0010 00 3c a2 f6 00 00 80 01 ad c2 ac 10 c8 f5 ac 10 .<..............
> 0020 c8 f1 08 00 24 5c 02 00 27 00 61 62 63 64 65 66 ....$\..'.abcdef
> 0030 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 ghijklmnopqrstuv
> 0040 77 61 62 63 64 65 66 67 68 69 wabcdefghi
>
> From SuSE:
> 0000 00 09 0f 02 57 09 00 40 45 12 91 c4 08 00 45 00 ....W..@xxxxxxxx
> 0010 00 54 00 03 40 00 40 01 50 a3 ac 10 c8 f1 ac 10 .T..@.@.P.......
> 0020 c8 f0 08 00 dc 13 ce 04 00 04 8b 92 90 43 44 0a .............CD.
> 0030 03 00 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 ................
> 0040 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 .......... !"#$%
> 0050 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 &'()*+,-./012345
> 0060 36 37 67
>
> There is a visible difference, but decoding it is a little beyond my
> depth. From Ethereal, the two pings are different sizes, have
> different TTL, and different flags. That's about it.
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx
- Follow-Ups:
- Re: [SLE] SuSE/Linux Ping vs DOS Ping
- From: James Wright
- Re: [SLE] SuSE/Linux Ping vs DOS Ping
- References:
- [SLE] SuSE/Linux Ping vs DOS Ping
- From: David McMillan
- Re: [SLE] SuSE/Linux Ping vs DOS Ping
- From: Brad Bourn
- Re: [SLE] SuSE/Linux Ping vs DOS Ping
- From: David McMillan
- [SLE] SuSE/Linux Ping vs DOS Ping
- Prev by Date: [SLE] Remote Desktop trouble in SuSE 10.0?
- Next by Date: Re: [SLE] Mysterious cron problem with Suse 9.3
- Previous by thread: Re: [SLE] SuSE/Linux Ping vs DOS Ping
- Next by thread: Re: [SLE] SuSE/Linux Ping vs DOS Ping
- Index(es):
Relevant Pages
|
