In an effort to make it easier for people to report broken sites, we are providing instructions on how to check if a site is broken. Checking is not an easy thing to do, nor is it an easy thing to explain, but we will do the best we can.
Please realize that if you only have one box connected to your Broadband connection, the problem is not a PMTUD Blackhole. You may still find these instructions helpful in tracking down what the problem is, but it's not a PMTUD Blackhole. Please also note that if you don't have access to your gateway (login/root), these instructions will be of little help to you.
tcpdump
if you're using linux or a BSD. If you are using Solaris, this is snoop
.
Start by logging into your gateway, and then become the root user (via su -
[unless you want to use sudo]). Then, if you're not already, get familiar with your packet sniffer. You want to be able to tell it to sniff on your external (facing the internet) interface and display only the packets you want. You also want to make it display all the information you need about each packet. Information you'll want to see includes source and destination, packet size, and offset if the packet is fragmented. For example, if you're in Solaris and want to check to see if www.example.com was broken, you would do:
# snoop -d sppp0 -V 192.0.34.72 port 80
# tcpdump -i ppp0 host 192.0.34.72 port 80
Where sppp0 or ppp0 is your external interface, and 192.0.34.72 is the IP for example.com.
It may be advisable to have your sniffer output to a file for later inspection (-w file
for tcpdump
and -o file
for snoop
). Once you're comfortable, get the workstation ready. You may want to open up your web browser before you start sniffing to avoid seeing the traffic to whatever the default page is. When you're ready, start sniffing on the gateway, and then on the workstation go to the website (or anything else) you suspect is broken. Watch the packets fly by. Very shortly they should come to a stop. Here's some things you might see and what they mean:
If you were Case 2 above, you'll know want to try the experiment again, except displaying more information. We don't have you do this in the original step because having too much information about each packet on your screen can make it nearly impossible to read. This time around you will want to tell your packet sniffer to display the TCP flags. With either snoop
or tcpdump
, you want the -v
switch to make it do this. If you see the same thing as you did last time, AND the "Don't Fragment" (DF) bit is set, then the problem is most likely a PMTUD Blackhole.
Keep in mind you can always use sites listed on the main page as examples to see what broken sites look like. Also keep in mind that occasionally a site will be broken from one place but not another (in this case it's not the firewall directly in front of the webserver but instead a router somewhere on the path between your network and the server).
We hope this page has been helpful. If you are confused by something, let us know.
This page is © Phil Dibowitz 2001 - 2009