| Author |
Message |
Moe Trin
Guest
|
 Posted:
Thu Jan 20, 2005 4:35 am Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
In article <csk4rh$pds$1@cauldron.broomstick.com>, Arthur Hagen wrote:
| Quote: | Eirik Seim <eirik@mi.uib.no> wrote:
On Mon, 17 Jan 2005 21:19:25 -0500, Arthur Hagen wrote:
[snip]
There's no way your office firewall can tell whether the ICMP
ECHO_REQUEST packet used in a ping comes from a Linux box or a
Windows box.
While I agree it seems to be something wrong with the home router/fw
|
I also agree
| Quote: | in this case, there are in fact ways a firewall can allow "linux" to
access certain network services, and deny "windows".
From http://www.openbsd.org/faq/pf/filter.html#osfp
pass in on $ext_if any os OpenBSD keep state
block in on $ext_if any os "Windows 2000"
block in on $ext_if any os "Linux 2.4 ts"
block in on $ext_if any os unknown
Google keywords: Passive Operating System Fingerprinting
That would block TCP but not ICMP, though. And the OP has problems
*pinging* too.
|
Yes, but ICMP comes wrapped in an IP header. While there isn't _as much_
information that can be used to identify the O/S, there most certainly is
a lot of clues there - and specifically "something" that will differentiate
between nearly all versions of windoze verses Linux with a very high order
of probability. Both Fyodor and Michal know this, and use it well.
Old guy |
|
| Back to top |
|
 |
nick
Guest
|
| Posted:
Thu Jan 20, 2005 7:45 pm Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrncutrlv.6je.ibuprofin@compton.phx.az.us...
| Quote: | In article <csk4rh$pds$1@cauldron.broomstick.com>, Arthur Hagen wrote:
Eirik Seim <eirik@mi.uib.no> wrote:
On Mon, 17 Jan 2005 21:19:25 -0500, Arthur Hagen wrote:
[snip]
There's no way your office firewall can tell whether the ICMP
ECHO_REQUEST packet used in a ping comes from a Linux box or a
Windows box.
While I agree it seems to be something wrong with the home router/fw
I also agree
But my home Linux can ping/ssh/http all other hosts I tried successfully. |
And my home Windows PC can access my office Win XP PC without any problem
while my home Linux has the problem. Sounds my office firewall problem.
Since both my home WinXP and Linux PC use NAT and the IP packages from my
home should be wrapped by my home firewall/gateway(Belkin) with the same
header (source IP address, etc) assigned to my home Belkin.
Looks my office firewall exam the payload of the IP packages from my home
router and block the ones originated from the Linux PC.
| Quote: |
in this case, there are in fact ways a firewall can allow "linux" to
access certain network services, and deny "windows".
From http://www.openbsd.org/faq/pf/filter.html#osfp
pass in on $ext_if any os OpenBSD keep state
block in on $ext_if any os "Windows 2000"
block in on $ext_if any os "Linux 2.4 ts"
block in on $ext_if any os unknown
Google keywords: Passive Operating System Fingerprinting
That would block TCP but not ICMP, though. And the OP has problems
*pinging* too.
Yes, but ICMP comes wrapped in an IP header. While there isn't _as much_
information that can be used to identify the O/S, there most certainly is
a lot of clues there - and specifically "something" that will
differentiate
between nearly all versions of windoze verses Linux with a very high order
of probability. Both Fyodor and Michal know this, and use it well.
Old guy
|
|
|
| Back to top |
|
|
Moe Trin
Guest
|
| Posted:
Fri Jan 21, 2005 5:02 am Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
In article <csog3n$3og$1@news3.bu.edu>, nick wrote:
| Quote: | While I agree it seems to be something wrong with the home router/fw
I also agree
But my home Linux can ping/ssh/http all other hosts I tried successfully.
And my home Windows PC can access my office Win XP PC without any problem
while my home Linux has the problem. Sounds my office firewall problem.
Since both my home WinXP and Linux PC use NAT and the IP packages from my
home should be wrapped by my home firewall/gateway(Belkin) with the same
header (source IP address, etc) assigned to my home Belkin.
|
The only way to prove that would be to look at the packets from your
windoze and Linux boxes and compare them, then look at the packets
coming out of the Belkin that go to the Internet. It might be ECN,
but that's about the only thing I can think of.
echo 0 > /proc/sys/net/ipv4/tcp_ecn
on the Linux box would turn that off.
| Quote: | Looks my office firewall exam the payload of the IP packages from my home
router and block the ones originated from the Linux PC.
|
Highly unlikely, as for a ping, the only difference would be the TTL. You
could try using windoze TRACERT and seeing what a connection trace looks
like, then trying the same thing with Linux traceroute. One problem is
that the Linux version defaults to using UDP (windoze is using ICMP echos)
and you need to use the '-I' option on most versions to cause the Linux
version to use ICMP (SuSE broke this if you are trying to use their version).
On Fri, 14 Jan 2005, "John Mason Jr <notvalid@cox.net.invalid>" suggested
using 'tcptraceroute' from Linux. That's not a normal part of a distribution,
and he gave you the URL of where to find it. Try that as well.
For than matter, you could try using 'nmap' to see what your systems at
work are doing, but I'd recommend warning the network administrator there
BEFORE you try, as he might think the place is under attack, and call out
the National Guard or something.
Old guy |
|
| Back to top |
|
|
nick
Guest
|
| Posted:
Fri Jan 21, 2005 9:28 pm Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
Thanks. I've done some more testing.
On my home Linux box:
- cat /proc/sys/net/ipv4/tcp_ecn already shows 0
- run traceroute my_office_WinXP get "Socket: No such process" error
immediately. traceroute -I returen the same error
- tcptraceroute return "connect: No such process" immediately.
- when using nmap my_office_winxp, the screen keep scroll:
Strange read error from xxx.xxx.xxx.xxx: Transport endpoint is not connected
Strange read error from xxx.xxx.xxx.xxx: Transport endpoint is not connected
Strange read error from xxx.xxx.xxx.xxx: Transport endpoint is not connected
Looks like my office firewall block the everything from my home Linux PC,
even it's behind NAT? It's interesting to know what's the different between
Linux IP package and Windows IP package....
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrncv0hk6.cqp.ibuprofin@compton.phx.az.us...
| Quote: | In article <csog3n$3og$1@news3.bu.edu>, nick wrote:
While I agree it seems to be something wrong with the home router/fw
I also agree
But my home Linux can ping/ssh/http all other hosts I tried successfully.
And my home Windows PC can access my office Win XP PC without any problem
while my home Linux has the problem. Sounds my office firewall problem.
Since both my home WinXP and Linux PC use NAT and the IP packages from my
home should be wrapped by my home firewall/gateway(Belkin) with the same
header (source IP address, etc) assigned to my home Belkin.
The only way to prove that would be to look at the packets from your
windoze and Linux boxes and compare them, then look at the packets
coming out of the Belkin that go to the Internet. It might be ECN,
but that's about the only thing I can think of.
echo 0 > /proc/sys/net/ipv4/tcp_ecn
on the Linux box would turn that off.
Looks my office firewall exam the payload of the IP packages from my home
router and block the ones originated from the Linux PC.
Highly unlikely, as for a ping, the only difference would be the TTL. You
could try using windoze TRACERT and seeing what a connection trace looks
like, then trying the same thing with Linux traceroute. One problem is
that the Linux version defaults to using UDP (windoze is using ICMP echos)
and you need to use the '-I' option on most versions to cause the Linux
version to use ICMP (SuSE broke this if you are trying to use their
version).
On Fri, 14 Jan 2005, "John Mason Jr <notvalid@cox.net.invalid>" suggested
using 'tcptraceroute' from Linux. That's not a normal part of a
distribution,
and he gave you the URL of where to find it. Try that as well.
For than matter, you could try using 'nmap' to see what your systems at
work are doing, but I'd recommend warning the network administrator there
BEFORE you try, as he might think the place is under attack, and call out
the National Guard or something.
Old guy
|
|
|
| Back to top |
|
|
Moe Trin
Guest
|
| Posted:
Sat Jan 22, 2005 10:38 pm Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
In article <csragl$69j$1@news3.bu.edu>, nick wrote:
| Quote: | Thanks. I've done some more testing.
On my home Linux box:
- cat /proc/sys/net/ipv4/tcp_ecn already shows 0
|
OK - that was a long shot anyway.
| Quote: | - run traceroute my_office_WinXP get "Socket: No such process" error
immediately. traceroute -I returen the same error
- tcptraceroute return "connect: No such process" immediately.
|
without being able to see any response from intermediate hops - even your
home Belkin? That's something strange on your Linux setup.
| Quote: | - when using nmap my_office_winxp, the screen keep scroll:
Strange read error from xxx.xxx.xxx.xxx: Transport endpoint is not connected
|
The 'Strange read error from' message is from 'scan_engine.cc' or 'targets.cc'
and is a default when you don't get _any_ response (the other possible error
conditions in those sections are all related to ICMP error codes).
| Quote: | Looks like my office firewall block the everything from my home Linux PC,
even it's behind NAT?
|
I don't think so. Oh, boy - here comes the fun. On the Linux box, run
tcpdump, and attempt to connect (ping, ssh, what-ever - it doesn't matter as
we're only interested in attempting to make a connection) to your office
system. Cut and paste the EXACT output. If you are paranoid about showing
IP addresses, replace the first octet with AAA, and the second with BBB
(example 123.45.67.89 becomes AAA.BBB.67.89) but be careful when doing so.
If every packet you see has a first octet of 123, then always replace that
with AAA - if the octet is DIFFERENT from what you coded as AAA, replace it
with a different value, so that we know it's different, such as CCC. This
means (in this example) if 123.45.67.89 becomes AAA.BBB.67.89, a different
host with IP 45.67.89.123 would be disguised as BBB.CCC.89.123, and a host
at 126.22.33.44 would be DDD.EEE.33.44 because it shares no number in those
first two octets.
I've got a feeling that there is something strange with your Linux setup.
Perhaps, you've set the IP address of the office host to 127.0.0.1 in your
/etc/hosts file or some such. Hmmm, what happens if you grep for the IP
address of the office system in /etc/* then /etc/*/* then /etc/*/*/* and
so on?
| Quote: | It's interesting to know what's the different between Linux IP package and
Windows IP package....
|
Well, there's only 20 bytes in an IP header, and 8 of those are source and
destination IP addresses. 2 are a header checksum, 4 bytes are effectively
packet serial number and fragmentation offset, 2 1/2 are packet/header
length, 1 is protocol (TCP, UDP, ICMP, whatever), 1 is time to live (and
that does differ between Linux and windoze), and one is TOS, and the
remaining half id IP version number. While the stacks differ very much,
the resulting packets are very hard to tell apart - in fact it's _probably_
only going to differ in the TTL and possibly TOS flags. When you tried to
use 'traceroute -I' that _should_ have created an IP (ICMP) packet identical
to that produced by your windoze box.
Old guy |
|
| Back to top |
|
|
Arthur Hagen
Guest
|
| Posted:
Sat Jan 22, 2005 11:23 pm Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
Moe Trin <ibuprofin@painkiller.example.tld> wrote:
| Quote: | In article <csragl$69j$1@news3.bu.edu>, nick wrote:
Thanks. I've done some more testing.
On my home Linux box:
- cat /proc/sys/net/ipv4/tcp_ecn already shows 0
OK - that was a long shot anyway.
|
My #1 theory is still that his office is on ADSL with PPPoE/PPPoA (or other
similar setup that reduces the packet size), and his office router is
misconfigured to block ICMP type 3. By default, Linux will use PMTU and
PMTU blackhole detect, while Windows won't.
"ping -M dont re.mo.te.ip" should go through if that's the case.
Of course, there most certainly is a misconfiguration on his Linux box
anyhow, as the "connect: No such process" error message is not one that he
should get for this type of connection problem. If I were a betting man,
I'd guess at a misconfigured Linux firewall, most likely ipfilter.
Regards,
--
*Art |
|
| Back to top |
|
|
Moe Trin
Guest
|
| Posted:
Sun Jan 23, 2005 7:31 am Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
In article <csu5n5$atg$1@cauldron.broomstick.com>, Arthur Hagen wrote:
| Quote: | My #1 theory is still that his office is on ADSL with PPPoE/PPPoA (or other
similar setup that reduces the packet size), and his office router is
misconfigured to block ICMP type 3. By default, Linux will use PMTU and
PMTU blackhole detect, while Windows won't.
"ping -M dont re.mo.te.ip" should go through if that's the case.
|
None of my systems do PMTU on pings. A default ping is under a hundred byte
total, and I'd find it hard to believe that the MSS could be _that_ small.
Anyway, the nmap indications are normally based on a 3-way handshake, and
that DEFINITELY does not involve PMTU.
| Quote: | Of course, there most certainly is a misconfiguration on his Linux box
anyhow, as the "connect: No such process" error message is not one that he
should get for this type of connection problem. If I were a betting man,
I'd guess at a misconfigured Linux firewall, most likely ipfilter.
|
I don't have the whole thread here, but I thought one of us told him to
do '/sbin/iptables -L' and he reported no output. I'd agree that a firewall
set to drop would do this - I think he may also have somehow screwed up
the hosts file, and the system is looking at that and finding remote.host
is at 127.0.0.1 (a common windows antispam/spyware trick) and the firewall is
blocking incoming stuff. That's also why I wanted to see the tcpdump output.
Old guy |
|
| Back to top |
|
|
Arthur Hagen
Guest
|
| Posted:
Sun Jan 23, 2005 8:14 am Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
Moe Trin <ibuprofin@painkiller.example.tld> wrote:
| Quote: |
None of my systems do PMTU on pings.
|
SuSE seems to. From the ping man page:
-M hint
Select Path MTU Discovery strategy. hint may be
either do (prohibit fragmentation, even local one),
want (do PMTU discovery, fragment locally when
packet size is large), or dont (do not set DF
flag).
Regards,
--
*Art |
|
| Back to top |
|
|
Eirik Seim
Guest
|
| Posted:
Sun Jan 23, 2005 8:00 pm Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
On Sun, 23 Jan 2005 00:35:27 -0500, Arthur Hagen wrote:
| Quote: | Moe Trin <ibuprofin@painkiller.example.tld> wrote:
None of my systems do PMTU on pings.
SuSE seems to [...]
|
And so does all Linux or similar systems who use kuznetsov's
iputils (ftp://ftp.tux.org/people/alexey-kuznetsov/ip-routing).
NetKit used to be popular in the late nineties, but I don't know
if any major distro uses it these days. I know it's in Debians
apt system, but I don't know if its in the default install.
Inconsistencies like these are (part) of why I prefer *BSD over
Linux for my open source needs.
--
New and exciting signature! |
|
| Back to top |
|
|
nick
Guest
|
| Posted:
Mon Jan 24, 2005 9:15 pm Post subject:
Re: Linux PC cannot ping, but Windows can? |
|
|
Thanks everyone. I've found out what caused the problem.
I tried to install openswan on my home Linux box several weeks ago and
created a ipsec connect direct to my office Win XP. It works at the time. a
couple of weeks ago, I guess my office firewall is changed due to some spam
email sender try to send junk emails in my office server. And my home Linux
start to get the error.
It works fine now after I remove the IPSec connection.
Anyone know how IPSec connection cause the problem? |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in