[NTLUG:Discuss] Network 'passthru' viewer

[David Simmons]

Preston - wow...that's some great intel to try...thanks!   - dave

On Wed, Jan 26, 2011 at 11:49 AM, Preston Hagar <prestonh at gmail.com> wrote:

> On Mon, Jan 17, 2011 at 9:44 PM, David Simmons <dave at dgnal.net> wrote:
> > Guys/Gals,
> >
> > Help me to understand what software/hardware is necessary to compete the
> > following task.
> >
> > I have Verizon FIOS...recently the quality of service has been bad
> (meaning
> > I try to go to a website and it times out)..but at times of the it works
> > great.  Even when I believe it's not working well (as indicated by trying
> to
> > log into the local Verizon router and it taking ALONG time to respond) I
> see
> > the lights flickering.  SO, I think to myself, "Who's fault is this?"  Do
> I
> > have a hacked machine that's spitting out spam/junk?  Is it my side or
> their
> > side?
> >
> > So I figure if I had a system/laptop/whatever with two network cards - I
> > could setup network pass-through or bridging so that I could
> > see/categorize all of the packets that are flowing through (seeing their
> > source & destination IP address.....and having some sense of the content
> of
> > the packet - beit email, web, etc, etc).
> >
> > I was originally thinking an IPCop setup...but realized that I don't want
> > ANY firewalling going on...just want the data to flow through and
> > watch/sniff/see what it is?
> >
> > Any help / ideas / webpages would be appreciated,
> >
> > -dave
> >
>
> At the company I work for, we have Verizon "Business" Fios on a 35
> down / 35 up plan.  A few months back, seemingly random (we figured
> out later they weren't random) webpages seemed to load, time out or
> have other weird issues.  We were, at the time, using a custom built
> FreeBSD router that had a Cat 5 run from the ONT to the router.  We
> figured maybe something was wrong with the router, or DNS or our LAN
> and spent forever trying to find the answer.  Finally, we came across
> it, MTU.
>
> Apparently on the peers that our Verizon FIOS hops through, there is a
> MTU black hole.  The peer with the black hole was part of the route
> for a lot of major sites, but the most reliable (to break that is)
> that I found were provantage.com, newegg.com, and microsoft.com.  We
> found empirically (we ran traceroutes and pings, gradually increasing
> the packet size until it it would be dropped) that by setting the MTU
> of our router and machines to 1400 (instead of the default 1500) the
> issues went away.  To confirm it wasn't faulty hardware anywhere under
> our control, we tried using our Logix T1 connection and would have no
> issues accessing any site (including the 3 mentioned) with the same
> router and same hardware.  We also tried using Verizon's Actiontec
> router and it experienced the same issues as our FreeBSD router.  We
> tried talking to tech support and generally just got "we'll look into
> it, or everything looks fine on our end".  In the end, we just set the
> MTU to 1400 for everything and gave up trying to get Verizon to fix
> it.  We haven't noticed any major decrease in performance using a
> smaller max packet size and now all sites load quickly and normally.
>
> Anyway, if you experience issues with time outs again, you might try
> lowering the MTU of your machine and router to 1400 (or somewhere
> along those lines) and see if that helps.
>
> For Linux machines, the command to change the MTU is
>
> ifconfig <network device> mtu 1400
>
> where <network device> is eth0 or whatever your network card is named.
>  Where to configure it permanatly depends on your distro.
>
> If it doesn't help or make any difference, you can always set it back
> to 1500 and no harm done.
>
> Preston
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>



-- 
Those with sight believe what's believable. Those with vision know what's
unbelievable.