 |
 |
tcpdump -i en0 -X output??
|
|
|
|
|
Junior Member
Join Date: Feb 2003
Location: Oz
Status:
Offline
|
|
I am running 10.2.6 with a direct PPPoE connection via Ethernet single port modem to ISP
I had no running Services and had Jag's firewall active
Network Utliity's port scan of 127.0.0.1 revealled Ports 139, 631 & 1033
An outside scan revealed no open ports ie stealth
However when i ran tcpdump -i en0 -X when idle -
I get a constant stream of the following -
22:04:10.324815 PPPoE [ses 0x628] Echo-Req(133), Magic-Num=0da80344
0x0000 1100 0628 000a c021 0985 0008 0da8 0344 ...(...!.......D
22:04:10.341757 PPPoE [ses 0x628] Echo-Rep(133), Magic-Num=1fdf7ffd
0x0000 1100 0628 000a c021 0a85 0008 1fdf 7ffd ...(...!........
0x0010 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020 0000 0000 0000 0000 0000 0000 0000 5fd7 .............._.
0x0030 3068 0h
22:04:18.203331 PPPoE [ses 0x628] Echo-Req(184), Magic-Num=1fdf7ffd
0x0000 1100 0628 000a c021 09b8 0008 1fdf 7ffd ...(...!........
0x0010 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020 0000 0000 0000 0000 0000 0000 0000 21de ..............!.
0x0030 99b1 ..
22:04:18.203510 PPPoE [ses 0x628] Echo-Rep(184), Magic-Num=0da80344
0x0000 1100 0628 000a c021 0ab8 0008 0da8 0344 ...(...!.......D
22:04:20.325009 PPPoE [ses 0x628] Echo-Req(134), Magic-Num=0da80344
0x0000 1100 0628 000a c021 0986 0008 0da8 0344 ...(...!.......D
22:04:20.343488 PPPoE [ses 0x628] Echo-Rep(134), Magic-Num=1fdf7ffd
0x0000 1100 0628 000a c021 0a86 0008 1fdf 7ffd ...(...!........
0x0010 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020 0000 0000 0000 0000 0000 0000 0000 3fe8 ..............?.
0x0030 5132 Q2
22:04:28.203635 PPPoE [ses 0x628] Echo-Req(185), Magic-Num=1fdf7ffd
0x0000 1100 0628 000a c021 09b9 0008 1fdf 7ffd ...(...!........
0x0010 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020 0000 0000 0000 0000 0000 0000 0000 3ec9 ..............>.
0x0030 6931 i1
22:04:28.203854 PPPoE [ses 0x628] Echo-Rep(185), Magic-Num=0da80344
0x0000 1100 0628 000a c021 0ab9 0008 0da8 0344 ...(...!.......D
22:04:30.329907 PPPoE [ses 0x628] Echo-Req(135), Magic-Num=0da80344
0x0000 1100 0628 000a c021 0987 0008 0da8 0344 ...(...!.......D
22:04:30.347711 PPPoE [ses 0x628] Echo-Rep(135), Magic-Num=1fdf7ffd
0x0000 1100 0628 000a c021 0a87 0008 1fdf 7ffd ...(...!........
0x0010 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020 0000 0000 0000 0000 0000 0000 0000 20ff ................
0x0030 a1b2
But while idle
tcpdump -i ppp0 -X reveals nothing
What are these requests ( are they from the external internet) and are they imposing an unacceptable load on my connection?
tia
|
- be stirred but never shaken -
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
"This Configuration Option provides a method to detect looped-back
links and other Data Link Layer anomalies."
The whole RFC describing its purpose can be found here RFC 1661 . Magic Numbers are detailed on page 45.
The best guess I can come up with is that these echos are coming from the DSLAM at the CO at intervals specified by the reset timer for option configuration negotiation.
I wouldn't worry about it, unless you are seeing really crappy performance from your link.
You can try this place to see how your link is performing, at least for downstream performance. It's been fairly accurate in my experience.
(Last edited by kampl; Aug 11, 2003 at 06:33 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Feb 2003
Location: Oz
Status:
Offline
|
|
Thanks for the info
The performance is acceptable but not near the claimed bandwidth
I wouldn't be concerned but my ISP counts both downloads/uploads towards my monthly quota
To date, they haven't/can't advise me on this point
I am now wondering if the way that Apple configures OSX's PPPoE to bind to ppp0 rather than en0 maybe creating a problem?
|
- be stirred but never shaken -
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
That is normal operation from my experience with FreeBSD and netgraph in the past. IP packets will be encapsulated in PPP like your usual dial up connection, but will be injected into ethernet frames sent out your ethernet interface instead of out your modem. In fairly simple terms anyway. I believe I had to monitor tun0 back then (haven't used FBSD in awhile, damn good stuff though).
I dug around for config scripts and what not in /etc and /System/Library/Extensions/PPPoE.ppp/, but couldn't come up with anything too useful.
Quota? What kind of service are you getting and from whom?
|
|
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Feb 2003
Location: Oz
Status:
Offline
|
|
My experience with this aDSL connection is that the the OS cannot see/connect to it's own assigned IP
That is I have to use 127.0.0.1 to connect
eg If i want to view webpages on this machine from this machine - entering the assigned IP or domain name would fail
- also Jag's internet sharing would not allow an extra PCI ethernet card to communicate Nat to a local network
The only tentative answer i could come up with was the way that the IP was bound to ppp0 instead of en0
I have seen a few others complain of this anomoly but it appears only limited to PPPoE connections - dialup and cable have no issues in this regard
and this seems to be confirmed when i run tcpdump i get this message tcpdump: WARNING: en0: no IPv4 address assigned
Maybe the DSLAM is sending out more requests/echos than necessary due to this?
Perhaps as you say it maybe normal for PPPoE!!
- as yet i haven't been able to locate a kludge.
I got around the Internet sharing/Nat problem by using a hub
My connection is a 512/128 ADSL (dynamic IP) with a 3GB cap monitoring uploads/downloads - any excess incurs a charge per MB
(Last edited by Pretzel; Aug 12, 2003 at 10:23 PM.
)
|
- be stirred but never shaken -
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
Man, sounds like you're getting reamed, in ummmm.....Oz, by that ISP with the whole quota thing. I pull 1.5Mbps down with no quota. My condolences.
When a lot of ISPs went to ADSL service providing they wanted to keep the existing PPP and authentication server infrastructure in place so as to not have to reengineer authentication systems solely for their DSL customers (from friends working in major DSL provider space). This allows account creation, logging, and accounting to continue and be consistent with all the software and operation methods that are already in place. PPPoE provides this. So basically ppp0 is the interface you are connecting with and is the one getting the public IP address, just in a somewhat different method from a lower layer standpoint.
I unfortunately can't explain why you can't see a page hosted on that machine via public IP address but you can on loopback. That's weird, and I'll have to look into that since I'm intrigued by that oddity and don't recall having that problem.
So most of this was not on topic or all that useful I suppose but I had fun spewing at the mouth for a few minutes.
|
|
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Feb 2003
Location: Oz
Status:
Offline
|
|
Thanks for your feedback and info
Yes in Australia our ISPs tend to be of the lame
variety
I have finally (after 3days) have had a response from the ISP's support - they see it as Spam and refer to the need to identify the IP the traffic orginates from - SHEESH! 
So I thank you for your analysis of the problem which would appear to be more inline with the traffic in question
I would be interested to know what you find out about the loopback anomoly as the answer may well illuminate whether the ISP's ADSL configuration is problematic
|
- be stirred but never shaken -
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
