[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a question about firewalls (or whatever else that might cause packet drop)

On 11/29/2012 12:21 AM, Pascal Hambourg wrote:
> Hello,
> 
> Matej Kosik a écrit :
>>
>> I am experiencing some deterministic packet drop:
>> - when I tcpreplay on "lo" some pcap (0.pcap) file,
>>   that traffic does not reach listening applications
>> - when I change source IP address from whatever it was to, e.g.,
>>   10.0.10.6, 10.0.10.7 etc,
> 
> Why these addresses ? What's special with them ?
> What is the original source address ?

I have discovered the following regularity:
- if source IP address in given pcap is one of "my" IP addresses,
  then when I try to tcpreplay given pcap, the data is not delivered
  to applications
- if I change all source IP addresses to any other non-local
  IP addresses (e.g. 10.0.10.6, 10.0.10.7, ...
  or if I use whatever other address from local network
  except for my address), then when I tcpreplay modified pcap file,
  then data is delivered to applications.

> 
>>   then when I try to replay the modified pcap file (1.pcap),
>>   that traffic does reache applications.
>>
>> I would like to find out the cause of this.
>> The only thing which could be causing thing I was aware of was
>> "iptables". However, when I apt-get removed it, nothing changed.
> 
> You can display the active ruleset with iptables-save.
> 
> 

iptables-save does not print anything so the list of rules might be
empty, I guess.
Reply to: