Re: [networking-discuss] ICMP redirect

Wed, 16 Dec 2009 06:15:16 -0800 

Adam wrote:
>> netstat -r

"-nr" would be more interesting here.  "ifconfig -a" would also help.

>> snoop -I e1000g0 -x0 host activity
> 192.168.1.169 -> activity     ICMP Echo request (ID: 740 Sequence number: 0)
> 
>            0: 0102 0100 0000 0054 0000 0002 0000 0000    .......T........
>           16: 0000 0000 ffff ffff 4500 0054 031e 4000    ........e.....@.
>           32: ff01 f44a c0a8 01a9 c0a8 0146 0800 1b43    ...J.......F...C
>           48: 02e4 0000 fada 284b c2af 0900 0809 0a0b    ......(K........
>           64: 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b    ................
>           80: 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b    .... !"#$%&'()*+
>           96: 2c2d 2e2f 3031 3233 3435 3637              ,-./01234567

Don't use "-I".  That captures at the IP level and obscures all the
useful Ethernet information.

Use "-d" instead.  You'll need to be privileged to use that, so run it
with "pfexec" or "sudo".

>       router -> 192.168.1.169 ICMP Redirect (for host activity to activity)
> 
>            0: 0102 0000 0000 0038 0000 0002 0000 0000    .......8........
>           16: ffff ffff 0000 0000 4500 0038 1cad 4000    ........e.....@.
>           32: 4001 9920 c0a8 01fe c0a8 01a9 0501 2e42    @.. ...........B
>           48: c0a8 0146 4500 0054 07c3 4000 fe01 f0a5    ...fe.....@.....
>           64: c0a8 01a9 c0a8 0146 0800 fecd 0400 0000    .......F........

At a guess, someone has a misconfigured subnet mask.  But it's hard to
tell without a better capture.

> 192.168.1.169 -> router       DNS C _ldap._tcp.dc._msdcs. Internet Unknown 
> (33) ?
> 
>            0: 0102 0100 0000 0042 0000 0002 0000 0000    .......B........
>           16: 0000 0000 ffff ffff 4500 0042 027b 0000    ........E..B.{..
>           32: ff11 3438 c0a8 01a9 c0a8 01fe a136 0035    ..48.........6.5
>           48: 002e c6a9 a5cf 0100 0001 0000 0000 0000    ................
>           64: 055f 6c64 6170 045f 7463 7002 6463 065f    ._ldap._tcp.dc._
>           80: 6d73 6463 7300 0021 0001                   msdcs..!..

I think that's just service discovery stuff.  You can probably disable
it with "svcadm disable dns/multicast".

> I'm at a loss here, all I need to do is prevent that route being added, or at 
> least somehow automatically invalidated.

ndd -set /dev/ip ip_ignore_redirect 1

... but that still begs a number of other questions.

-- 
James Carlson         42.703N 71.076W         <carls...@workingcode.com>
_______________________________________________
networking-discuss mailing list
networking-discuss@opensolaris.org

Reply via email to