When `drill` works but `nc` doesn't

Marko Turk markoml at markoturk.info
Sun Sep 18 20:30:08 UTC 2016 

Hi,

On Sun, Sep 18, 2016 at 01:34:09PM +0200, Niklaas Baudet von Gersdorff wrote:
> Marko Turk [2016-09-17 21:23 +0200] :
> 
> > >   $ sudo jexec www1 truss -D -o /tmp/truss-hostname nc -z mysql2.box-hlm-03.klaas 3306
> > > 
> > >   $ sudo jexec www1 truss -D -o /tmp/truss-IP nc -z 10.3.5.3 3306
> > > [cut]
> > 
> > Can you also post truss output when doing drill and tcpdump when doing
> > netcat with hostname?
> 
> Of course. Please find attached "truss-drill" and
> "tcpdump-netcat". The first one I created with
> 
>   $ sudo jexec www1 truss -o /tmp/truss-drill drill mysql2.box-hlm-03.klaas
> 
> the second one with
> 
>      1    $ sudo tcpdump -nettti lo0 \
>      2      \( src host 10.3.4.1 or \
>      3      src host fd16:dcc0:f4cc:3::4:1 or \
>      4      src host fd16:dcc0:f4cc:77::4:1 \) \
>      5      and not \( dst host 10.77.2.1 \
>      6      or dst host fd16:dcc0:f4cc:77::2:1 \) \
>      7      and not port 8080 and not \
>      8      \( host 10.3.2.1 or fd16:dcc0:f4cc:3::2:1 \)  > \
>      9      /tmp/tcpdump-nc
> 

can you also add something like 'dst host 10.3.4.1' because (if I'm not
mistaken) you only capture packets originating from 10.3.4.1 and not the
replys.

> As you can see, I filtered out quite some packets in lines 5-8.
> 10.77.2.1 and 10.3.2.1 and the corresponding IPv6s are a proxy
> server that does health checks; plus I have a busy varnish-nginx
> set-up that communicates on port 8080. If I hadn't filtered out
> these packets, the dump would be unreadable.
> 
> Investigating the dump I came across the following line:
> 
>   00:00:00.000265 AF IPv4 (2), length 60: 10.3.4.1 > 10.3.3.1: ICMP 10.3.4.1 udp port 17918 unreachable, length 36
> [cut]

It seems you're getting the reply from the wrong IP (10.3.3.1). Can you
post you unbound config, specifically 'interface:' section?

-Marko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160918/9ccff097/attachment.sig>

More information about the freebsd-questions mailing list