Subject: Re: routing/pppd? LARGE DUMPS
To: None <macbsd-general@NetBSD.ORG>
From: noud de brouwer <noud@knot.nl>
List: macbsd-general
Date: 08/24/1995 03:06:52
Please, if anyone can shed some light on this.:
dn# cat /etc/ppp/ip-down
#!/bin/sh
#ip-down
#$1 interface-name
#$2 tty-device
#$3 speed
#$4 local-IP-address
#$5 remote-IP-address
#echo ip-down > /dev/ttyp0
echo $2 > /etc/ppp/tty.$1
clienttty=`sed -n -e "/\/dev\// s/\/dev\/:*//p" < /etc/ppp/tty.$1`
echo `who | grep ${clienttty}` " on" $5 "out at : " `date` >> /var/log/ppp
route delete $5
ifconfig $1 down
ifconfig $1 delete
arp -d $5
route delete $5
sleep 2
route delete $5
#(sleep 1 | route delete $5 ) &
exit 0
***DUMP*********************************************************************
*****
dn# tcpdump -ne arp > /etc/tcpdump.ne &
[1] 2270
dn# tcpdump: listening on ae0
dn# netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Interface
default Gateway.KnoT.nl UGS 0 788 ae0
localhost localhost UH 1 0 lo0
193.78.85 link#1 UC 0 0 ae0
Gateway.KnoT.nl 0:0:94:60:70:e6 UHL 1 0 ae0
renning.KnoT.nl 8:0:7:fc:cf:e8 UHL 1 2764 ae0
www.KnoT.nl link#1 UHL 1 25 ae0
dn.KnoT.nl localhost UGHS 1 24 lo0
XNS:
Destination Gateway Flags Refs Use Interface
dn# netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Interface
default Gateway.KnoT.nl UGS 0 788 ae0
localhost localhost UH 1 0 lo0
193.78.85 link#1 UC 0 0 ae0
Gateway.KnoT.nl 0:0:94:60:70:e6 UHL 1 0 ae0
renning.KnoT.nl 8:0:7:fc:cf:e8 UHL 1 2783 ae0
dns.KnoT.nl 0:0:94:60:71:40 UHL 0 1 ae0
www.KnoT.nl 0:80:19:3:33:54 UHL 0 91 ae0
dn.KnoT.nl localhost UGHS 1 24 lo0
pppclntthree.Kno link#1 UHL 1 3 ae0
XNS:
Destination Gateway Flags Refs Use Interface
dn# cat tcpdump.ne
cat: tcpdump.ne: No such file or directory
dn# cat /etc/tcpdump.ne
dn# ps
PID TT STAT TIME COMMAND
99 p0 S 0:17.62 -csh (csh)
2270 p0 R 0:01.90 tcpdump -ne arp
2343 p0 R+ 0:00.60 ps
94 e0 IWs+ 0:00.87 (getty)
2335 00 IWs+ 0:00.70 (getty)
96 01 IWs+ 0:00.56 (getty)
dn# kill -1 2270
dn#
3050 packets received by filter
0 packets dropped by kernel
[1] Done tcpdump -ne arp > /etc/tcpdump.ne
dn# cat /etc/tcpdump.ne
19:21:48.481386 8:0:7:fc:cf:e8 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.7 (ff:ff:ff:ff:ff:ff) tell 193.78.85.5
19:21:48.482234 0:0:94:60:71:40 8:0:7:fc:cf:e8 0806 64: arp reply
193.78.85.7 is-at 0:0:94:60:71:40
19:25:16.289124 8:0:7:fc:cf:e8 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.3 (ff:ff:ff:ff:ff:ff) tell 193.78.85.5
19:25:16.290013 0:0:94:60:70:e6 8:0:7:fc:cf:e8 0806 64: arp reply
193.78.85.3 is-at 0:0:94:60:70:e6
19:25:19.642268 0:80:19:17:db:42 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.7 (ff:ff:ff:ff:ff:ff) tell 193.78.85.4
19:25:19.643820 0:0:94:60:71:40 0:80:19:17:db:42 0806 64: arp reply
193.78.85.7 is-at 0:0:94:60:71:40
19:32:08.645401 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.26 tell 193.78.85.26 <<< pppclntthree
comming in
19:32:11.970742 0:80:19:17:db:42 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.3 (ff:ff:ff:ff:ff:ff) tell 193.78.85.4
19:32:11.971144 0:0:94:60:70:e6 0:80:19:17:db:42 0806 64: arp reply
193.78.85.3 is-at 0:0:94:60:70:e6
19:32:26.624126 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.7 tell 193.78.85.12
19:32:26.625876 0:0:94:60:71:40 0:0:94:7:ee:b2 0806 64: arp reply
193.78.85.7 is-at 0:0:94:60:71:40
19:32:26.637348 0:0:94:60:71:40 ff:ff:ff:ff:ff:ff 0806 64: arp who-has
193.78.85.26 tell 193.78.85.7 <<< pppclntthree to
DNS
19:32:26.638149 0:0:94:7:ee:b2 0:0:94:60:71:40 0806 64: arp reply
193.78.85.26 is-at 0:0:94:7:ee:b2
19:32:27.241531 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.9 tell 193.78.85.12
19:32:27.242250 0:80:19:3:33:54 0:0:94:7:ee:b2 0806 60: arp reply
193.78.85.9 is-at 0:80:19:3:33:54
19:32:27.254867 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9 <<< pppclntthree to
WWW
19:32:27.255640 0:0:94:7:ee:b2 0:80:19:3:33:54 0806 60: arp reply
193.78.85.26 is-at 0:0:94:7:ee:b2
19:33:11.907142 0:80:19:17:db:42 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.3 (ff:ff:ff:ff:ff:ff) tell 193.78.85.4 <<< gateway and pop
19:33:11.907994 0:0:94:60:70:e6 0:80:19:17:db:42 0806 64: arp reply
193.78.85.3 is-at 0:0:94:60:70:e6
19:33:21.523308 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.26 tell 193.78.85.12 <<< pppclntthree gone
19:33:24.418903 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.26 tell 193.78.85.12
19:33:25.501979 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.26 tell 193.78.85.12
19:33:43.284747 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9 <<< WWW still asking
19:33:43.841079 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9 (i deliberatly
19:33:44.506696 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9 disconnec half
19:33:45.172287 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9 way a page)
19:34:43.466823 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
19:34:44.103424 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
19:34:44.769030 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
19:34:45.434635 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
....
19:35:13.097841 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
19:35:13.763470 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
19:35:14.422680 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
dn# netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Interface
default Gateway.KnoT.nl UGS 0 788 ae0
localhost localhost UH 1 0 lo0
193.78.85 link#1 UC 0 0 ae0
Gateway.KnoT.nl 0:0:94:60:70:e6 UHL 1 0 ae0
renning.KnoT.nl 8:0:7:fc:cf:e8 UHL 2 2921 ae0
dns.KnoT.nl 0:0:94:60:71:40 UHL 0 1 ae0
www.KnoT.nl 0:80:19:3:33:54 UHL 0 91 ae0
dn.KnoT.nl localhost UGHS 1 24 lo0
pppclntthree.Kno link#1 UHL 1 3 ae0
XNS:
Destination Gateway Flags Refs Use Interface
dn#
dn# arp -a
Gateway.KnoT.nl (193.78.85.3) at (incomplete)
renning.KnoT.nl (193.78.85.5) at 8:0:7:fc:cf:e8
dns.KnoT.nl (193.78.85.7) at 0:0:94:60:71:40
pppclntthree.KnoT.nl (193.78.85.26) at (incomplete)
pop.KnoT.nl (193.78.85.4) at 0:80:19:17:db:42
www.KnoT.nl (193.78.85.9) at 0:80:19:3:33:54
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< asker
And my /var/log/ppp:
ppp tty00 Aug 23 16:32 on 193.78.85.26 in at : Wed Aug 23 16:32:13 PDT 1995
ppp tty00 Aug 23 16:32 on 193.78.85.26 out at : Wed Aug 23 16:33:26 PDT 1995
But this could have happend with another WWW-server as well.
And:
routed_flags="-q"
rarpd_flags="-a"
I will now try routed_flags="-s" again:
dn# netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Interface
default Gateway.KnoT.nl UGS 0 0 ae0
localhost localhost UH 1 0 lo0
193.78.85 link#1 UC 0 0 ae0
Gateway.KnoT.nl 0:0:94:60:70:e6 UHL 1 0 ae0
renning.KnoT.nl 8:0:7:fc:cf:e8 UHL 1 189 ae0
dn.KnoT.nl localhost UGHS 1 25 lo0
XNS:
Destination Gateway Flags Refs Use Interface
dn# tcpdump -ne arp > /etc/tcpdump.ne &
[1] 116
dn# tcpdump: listening on ae0
dn# echo "connect" >> /etc/tcpdump.ne <<<<<<<<<<ehum
dn# echo "disconnect" >> /etc/tcpdump.ne <<<<<<<<<<ehum
dn# sleep 2
dn# ps
PID TT STAT TIME COMMAND
105 p0 S 0:03.40 -csh (csh)
116 p0 S 0:01.49 tcpdump -ne arp
160 p0 R+ 0:00.73 ps
94 e0 IWs+ 0:00.83 (getty)
156 00 Ss+ 0:00.90 /usr/libexec/getty sfm57600 tty00
96 01 IWs+ 0:00.55 (getty)
dn# kill -1 116
dn#
374 packets received by filter
0 packets dropped by kernel
[1] Done tcpdump -ne arp > /etc/tcpdump.ne
dn# cat /etc/tcpdump.ne
20:51:25.782242 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.26 tell 193.78.85.26
20:51:41.548002 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.9 tell 193.78.85.12
20:51:41.548727 0:80:19:3:33:54 0:0:94:7:ee:b2 0806 60: arp reply
193.78.85.9 is-at 0:80:19:3:33:54
20:51:41.921684 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
20:51:41.921685 0:0:94:7:ee:b2 0:80:19:3:33:54 0806 60: arp reply
193.78.85.26 is-at 0:0:94:7:ee:b2
20:52:14.763764 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.26 tell 193.78.85.12
20:52:15.528324 0:0:94:7:ee:b2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
193.78.85.26 tell 193.78.85.12
20:52:37.711421 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
20:52:38.259803 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
20:52:38.919014 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
20:52:39.584617 0:80:19:3:33:54 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
193.78.85.26 (ff:ff:ff:ff:ff:ff) tell 193.78.85.9
dn# netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Interface
default Gateway.KnoT.nl UGS 0 0 ae0
localhost localhost UH 1 0 lo0
193.78.85 link#1 UC 0 0 ae0
Gateway.KnoT.nl 0:0:94:60:70:e6 UHL 1 0 ae0
renning.KnoT.nl 8:0:7:fc:cf:e8 UHL 1 319 ae0
www.KnoT.nl 0:80:19:3:33:54 UHL 0 12 ae0
dn.KnoT.nl localhost UGHS 1 25 lo0
pppclntthree.Kno link#1 UHL 1 2 ae0
XNS:
Destination Gateway Flags Refs Use Interface
dn# route delete pppclntthree
delete host pppclntthree
dn#
~n