dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1981
share rss forum feed


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL
reply to woody1950

Re: SSH connection puzzle

I'm starting to wonder if this isn't an MTU problem. You're only seeing a problem connecting to the Mac, which is not on your LAN, right? Could you try lowering the MTU on the router?

Note that tcpdump should be installed on the Mac already, so you should be able to just run it (assuming you can ssh to it from some device) without modifying software. The problem with running tcpdump via ssh on the Mac is that you will effectively create a storm on port 22 unless you can connect to it on a port or from an IP address other than the one you will be testing, such that you can filter packets from the control client out of the dump, and only capture those from the test client. Make sense?

If you can confirm that syn packets are leaving the client computer, but not arriving at the server, then doing packet dumps on both LAN and WAN interfaces of your router (and the remote router, if possible), will help to identify where the packets aren't getting through.
--
db


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

1 recommendation

said by clarknova:

Note that tcpdump should be installed on the Mac already, so you should be able to just run it (assuming you can ssh to it from some device) without modifying software. The problem with running tcpdump via ssh on the Mac is that you will effectively create a storm on port 22 unless you can connect to it on a port or from an IP address other than the one you will be testing, such that you can filter packets from the control client out of the dump, and only capture those from the test client. Make sense?

Already covered this in my last paragraph. Also, not to nitpick, but the term "storm" here is highly out-of-context; such a term is almost always associated with DoS or more literally "a large amount of unsolicited packets" -- that is not the case here.
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL
said by koitsu:

such a term is almost always associated with DoS or more literally "a large amount of unsolicited packets" -- that is not the case here.

If you tcpdump while connected via ssh without filtering those ssh packets, you are effectively DoSsing yourself. Whether or not it's unsolicited is another question I guess, but the positive feedback loop will certainly grow to make the dump useless.

But you're right, I did miss the fact that you already addressed the issue.
--
db


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
reply to woody1950
It seems to me from your very first post the issue had to be a firewall issue on the machine running the SSH server, the router, or your ISP.

Nmap showing filtered ports like that pretty much has to be a firewall blocking it. If not it would be closed or open.
--
300/150 mbit Bonded Verizon FiOS connection FTW!