[Network] 'mtr' tool : are these results abnormal ??
tony.arnold at manchester.ac.uk
Tue Sep 5 13:29:39 UTC 2006
On Tue, 2006-09-05 at 12:40 +0100, R Kimber wrote:
> > I'm an idiot! My firewall was stopping some of the ICMP traffic coming
> > back! Turn off the firewall and the figures look much more sensible.
> Yes, I get 0% at every step, except the last, to www.keele.ac.uk (25%)
> MY firewall doesn't seem to do ICMP filtering. It's a simple
> firestarter setup that just blocks external broadcasts. Is there
> anything to be gained from enabling ToS filtering? I don't really
> understand these things, but there seems to be a suggestion that you
> can maximise throughput.
I must admit I was confused by the figures. I'm not sure what mtr uses
to measure the packet loss, but if a firewall was blocking ICMP, I would
expect 100% loss, so it must be a bit more complicated than that.
I've just looked at my IP tables, and there is this line there:
ACCEPT icmp -- anywhere anywhere limit: avg
10/sec burst 5
So it looks like the firewall is limiting the rate of inbound ICMP
packets, which would explain the partial success of mtr.
Maybe there is similar filtering on the Keel WEB server?
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
More information about the ubuntu-users