[NTLUG:Discuss] Network 'passthru' viewer
Preston Hagar
prestonh at gmail.com
Wed Jan 26 11:49:49 CST 2011
On Mon, Jan 17, 2011 at 9:44 PM, David Simmons <dave at dgnal.net> wrote:
> Guys/Gals,
>
> Help me to understand what software/hardware is necessary to compete the
> following task.
>
> I have Verizon FIOS...recently the quality of service has been bad (meaning
> I try to go to a website and it times out)..but at times of the it works
> great. Even when I believe it's not working well (as indicated by trying to
> log into the local Verizon router and it taking ALONG time to respond) I see
> the lights flickering. SO, I think to myself, "Who's fault is this?" Do I
> have a hacked machine that's spitting out spam/junk? Is it my side or their
> side?
>
> So I figure if I had a system/laptop/whatever with two network cards - I
> could setup network pass-through or bridging so that I could
> see/categorize all of the packets that are flowing through (seeing their
> source & destination IP address.....and having some sense of the content of
> the packet - beit email, web, etc, etc).
>
> I was originally thinking an IPCop setup...but realized that I don't want
> ANY firewalling going on...just want the data to flow through and
> watch/sniff/see what it is?
>
> Any help / ideas / webpages would be appreciated,
>
> -dave
>
At the company I work for, we have Verizon "Business" Fios on a 35
down / 35 up plan. A few months back, seemingly random (we figured
out later they weren't random) webpages seemed to load, time out or
have other weird issues. We were, at the time, using a custom built
FreeBSD router that had a Cat 5 run from the ONT to the router. We
figured maybe something was wrong with the router, or DNS or our LAN
and spent forever trying to find the answer. Finally, we came across
it, MTU.
Apparently on the peers that our Verizon FIOS hops through, there is a
MTU black hole. The peer with the black hole was part of the route
for a lot of major sites, but the most reliable (to break that is)
that I found were provantage.com, newegg.com, and microsoft.com. We
found empirically (we ran traceroutes and pings, gradually increasing
the packet size until it it would be dropped) that by setting the MTU
of our router and machines to 1400 (instead of the default 1500) the
issues went away. To confirm it wasn't faulty hardware anywhere under
our control, we tried using our Logix T1 connection and would have no
issues accessing any site (including the 3 mentioned) with the same
router and same hardware. We also tried using Verizon's Actiontec
router and it experienced the same issues as our FreeBSD router. We
tried talking to tech support and generally just got "we'll look into
it, or everything looks fine on our end". In the end, we just set the
MTU to 1400 for everything and gave up trying to get Verizon to fix
it. We haven't noticed any major decrease in performance using a
smaller max packet size and now all sites load quickly and normally.
Anyway, if you experience issues with time outs again, you might try
lowering the MTU of your machine and router to 1400 (or somewhere
along those lines) and see if that helps.
For Linux machines, the command to change the MTU is
ifconfig <network device> mtu 1400
where <network device> is eth0 or whatever your network card is named.
Where to configure it permanatly depends on your distro.
If it doesn't help or make any difference, you can always set it back
to 1500 and no harm done.
Preston
More information about the Discuss
mailing list