how-to block ads
|
|
Share Topic
 |
 |
|
|
|
| reply to WizLayer
Re: arp info overwritten (OpenBSD) After a while of examining _many_ tcpdumps, I have determined that there is no other plausible explanation for this except that Mediacom has a misconfig in one of their routers.
This _shouldn't_ cause a loss of Internet accessability though, even if the current connections are reset because the arp info is rewritten (switched back) within a second or two.
Other times (and this may be coincidence, because this also seems to happen regardless of the arp overwrites), I find that I am able to ping the gateway, access the DNS server, but nothing beyond. Of course, when I cycle power to the modem, all seems to return to normal.
That leads me to my next question (and this is for you Mediacom, tech folks)... Why is it that if I can ping the gateway and get response, ping 'www.yahoo.com,' get the IP resolution, but no echo reply, ping the IP address which your DNS server sends to me, get no echo, and then get on the phone with my mother and have her ping the same IP address and get reply, that I need to "reset the modem?"
Because I can ping the gateway, there's nothing wrong between the gateway and my box (including the modem).
Because I can ping www.yahoo.com and get resolution, there's nothing wrong between your DNS server, your gateway, and my box (including the modem... It _does_ suggest that there's a problem between your gateway and www.yahoo.com, though (because I get no return from the outgoing echo requests).
Because I get no reply when pinging the IP address of www.yahoo.com directly, it shows that there is a definite problem _somewhere_ and it has nothing to do with your DNS server.
Because my Mother can get on her box (from one of those _other_ ISPs ) and get reply from pinging that same IP address, it shows that www.yahoo.com is not dropping echo requests.
I'm not trying to sound cynical or anything, but "you need to reset the modem" isn't the solution, here. If it were a problem with the modem, then I wouldn't be able to interact with the gateway, right? It sounds more like I'm having to back out of the system alltogether and connect again, which would be a jury-rig, not a fix (kind of like a reset button on a M$ box ).
You've got to be aware of the problems, because I know for a fact that I'm not the only one who has noticed it, and I'm not the only one who has reported it either.
The last time I reported it to support, I included an excerpt from tcpdump, with system messages, dhclient configs (showing that nothing bogus was written to them by your DHCP server/s), and outputs from the previously mentioned pings, showing good connection with the gateway, and the email was forwarded to upper management for futher review. I say this because I don't want anyone to think I'm being negative here. I'm just applying good, troubleshooting techniques with a bit of common sense to help identify the problem so it can get fixed.
Also, I appreciate all the timely responses and positive attitudes when I call tech support, but for real... What's going on?
thx
WizLayer
| |
 DewiPremium
join:2001-09-28
united kingd | Are you sure this is not indicative of ethernet frame collisions caused by two NICs with the same MAC ADDRESS on the same net? | | |
|
| This _would_ bring on the arp info overwritten notices and cause some major connection problems, yes (and I would hope that Mediacom would immediately notice such an attempt and deal with it)... however, when arp info is overwritten the first time, it wouldn't almost immediately switch back if that were the case.
If someone were to "hijack" my connection, then I would loose connection alltogether until he/she was done using it... that is, unless the hijacker _also_ allowed my box to connect through his (that was my initial concern going into this).
Unfortunately, my knowledge of cisco routers is lacking (it's not like I have one at the home to play with  ). btw... If you know of a good book on cisco, let me know... I'd love to learn it.
When I first started putting the pieces together, I figured that _somehow_ I must have set my box up wrong. I posted specifics to a newbies forum for openbsd. The last message in that thread, I posted specifics (go to »mailman.theapt.org/pipermail/ope···522.html to see my last post to them regarding this).
What you'll find in the tcpdump is that during regular operation, [MAC address 1] is sent requests and [MAC address 2] replies to each request (that suggests routing). The MAC addresses themselves are Cisco's. Sometimes, [MAC address 2] (as opposed to [MAC address 1]) decides it wants to know who I am and that is when arp info is overwritten. BUT... It is immediately written back.
This is Greek to me for the most part because like I said, I know nothing of cisco. I DO know that nothing is misconfigured in my system, though. And the little I have read on this (long live google!), arp messages are either due to someone hijacking the account (which would have been obvious enough that I would have picked up on it even if Mediacom didn't), a network card being changed out (a one-time switch only), or a misconfigured cisco router. The misconfigured cisco router is the only one that fits this scenario.
As for the rest of the problem (connection problems), this may be something different altogether. I'm not so sure that these two are related. I can take my LAN to a friend's house, connect it directly to his DSL service, and the problems simply don't exist. Kinda weird (that was a 'peace of mind' test for me), but it at least indicates where the problem/s is/are at.
I was just wanting to know if any tech reps would give me more than, "we've sent your email to upper management" because surely they know of this (and if they don't, then goodness... why not?)...
thx
Mike | |
|
