When `drill` works but `nc` doesn't
markoml at markoturk.info
Sun Sep 18 20:30:08 UTC 2016
On Sun, Sep 18, 2016 at 01:34:09PM +0200, Niklaas Baudet von Gersdorff wrote:
> Marko Turk [2016-09-17 21:23 +0200] :
> > > $ sudo jexec www1 truss -D -o /tmp/truss-hostname nc -z mysql2.box-hlm-03.klaas 3306
> > >
> > > $ sudo jexec www1 truss -D -o /tmp/truss-IP nc -z 10.3.5.3 3306
> > > [cut]
> > Can you also post truss output when doing drill and tcpdump when doing
> > netcat with hostname?
> Of course. Please find attached "truss-drill" and
> "tcpdump-netcat". The first one I created with
> $ sudo jexec www1 truss -o /tmp/truss-drill drill mysql2.box-hlm-03.klaas
> the second one with
> 1 $ sudo tcpdump -nettti lo0 \
> 2 \( src host 10.3.4.1 or \
> 3 src host fd16:dcc0:f4cc:3::4:1 or \
> 4 src host fd16:dcc0:f4cc:77::4:1 \) \
> 5 and not \( dst host 10.77.2.1 \
> 6 or dst host fd16:dcc0:f4cc:77::2:1 \) \
> 7 and not port 8080 and not \
> 8 \( host 10.3.2.1 or fd16:dcc0:f4cc:3::2:1 \) > \
> 9 /tmp/tcpdump-nc
can you also add something like 'dst host 10.3.4.1' because (if I'm not
mistaken) you only capture packets originating from 10.3.4.1 and not the
> As you can see, I filtered out quite some packets in lines 5-8.
> 10.77.2.1 and 10.3.2.1 and the corresponding IPv6s are a proxy
> server that does health checks; plus I have a busy varnish-nginx
> set-up that communicates on port 8080. If I hadn't filtered out
> these packets, the dump would be unreadable.
> Investigating the dump I came across the following line:
> 00:00:00.000265 AF IPv4 (2), length 60: 10.3.4.1 > 10.3.3.1: ICMP 10.3.4.1 udp port 17918 unreachable, length 36
It seems you're getting the reply from the wrong IP (10.3.3.1). Can you
post you unbound config, specifically 'interface:' section?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the freebsd-questions