How to check if a packet reached an interface in a multi-interface context?
Consider the following topology:
I am sending ICMP (ping) packets from host B to 10.0.1.1. They reach the target and the target answers with a reply. The connectivity works fine.
When running, on host A
tcpdump -i eth1 icmp: I do not see any packets
tcpdump -i eth2 icmp: I see the packets
Is there a way to check if a packet intended to interface eth1 did reach that interface?
I vaguely remember reading one day that the kernel was handing the reply at eth2 level (which is the first interface the packet reaches) so that could explain why monitoring eth1 does not yield any results.
As for why I would need to check such specific case: I have cases where a packet arrives on an interface of a host (the first one on its way) but does not seem to reach the intended interface (the actual application is not brought up). Such a test would ensure that the firewalling/forwarding is OK and that the problem is elsewhere (in the configuration of the app, a bug in the app, etc)
networking network-interface forwarding packet
asked Jan 3 at 10:19
WoJWoJ
410213
add a comment |
Consider the following topology:
I am sending ICMP (ping) packets from host B to 10.0.1.1. They reach the target and the target answers with a reply. The connectivity works fine.
When running, on host A
tcpdump -i eth1 icmp: I do not see any packets
tcpdump -i eth2 icmp: I see the packets
Is there a way to check if a packet intended to interface eth1 did reach that interface?
I vaguely remember reading one day that the kernel was handing the reply at eth2 level (which is the first interface the packet reaches) so that could explain why monitoring eth1 does not yield any results.
As for why I would need to check such specific case: I have cases where a packet arrives on an interface of a host (the first one on its way) but does not seem to reach the intended interface (the actual application is not brought up). Such a test would ensure that the firewalling/forwarding is OK and that the problem is elsewhere (in the configuration of the app, a bug in the app, etc)
networking network-interface forwarding packet
asked Jan 3 at 10:19
WoJWoJ
410213
add a comment |
Consider the following topology:
I am sending ICMP (ping) packets from host B to 10.0.1.1. They reach the target and the target answers with a reply. The connectivity works fine.
When running, on host A
tcpdump -i eth1 icmp: I do not see any packets
tcpdump -i eth2 icmp: I see the packets
Is there a way to check if a packet intended to interface eth1 did reach that interface?
I vaguely remember reading one day that the kernel was handing the reply at eth2 level (which is the first interface the packet reaches) so that could explain why monitoring eth1 does not yield any results.
As for why I would need to check such specific case: I have cases where a packet arrives on an interface of a host (the first one on its way) but does not seem to reach the intended interface (the actual application is not brought up). Such a test would ensure that the firewalling/forwarding is OK and that the problem is elsewhere (in the configuration of the app, a bug in the app, etc)
networking network-interface forwarding packet
asked Jan 3 at 10:19
WoJWoJ
410213
Consider the following topology:
I am sending ICMP (ping) packets from host B to 10.0.1.1. They reach the target and the target answers with a reply. The connectivity works fine.
When running, on host A
tcpdump -i eth1 icmp: I do not see any packets
tcpdump -i eth2 icmp: I see the packets
Is there a way to check if a packet intended to interface eth1 did reach that interface?
I vaguely remember reading one day that the kernel was handing the reply at eth2 level (which is the first interface the packet reaches) so that could explain why monitoring eth1 does not yield any results.
As for why I would need to check such specific case: I have cases where a packet arrives on an interface of a host (the first one on its way) but does not seem to reach the intended interface (the actual application is not brought up). Such a test would ensure that the firewalling/forwarding is OK and that the problem is elsewhere (in the configuration of the app, a bug in the app, etc)
networking network-interface forwarding packet
networking network-interface forwarding packet
asked Jan 3 at 10:19
WoJWoJ
410213
asked Jan 3 at 10:19
WoJWoJ
410213
asked Jan 3 at 10:19
WoJWoJ
410213
asked Jan 3 at 10:19
WoJWoJ
410213
asked Jan 3 at 10:19
WoJWoJ
410213
410213
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
The subject you're talking about is weak/strong Host model and Linux uses weak one by default.
Is there a way to check if a packet intended to interface eth1 did reach that interface?
I'd say that firewall would allow to put such a constraint.
I have cases where a packet arrives on an interface of a host (the first one on its way) but does not seem to reach the intended interface (the actual application is not brought up). Such a test would ensure that the firewalling/forwarding is OK and that the problem is elsewhere (in the configuration of the app, a bug in the app, etc)
You've mentioned ICMP in your example earlier. What's wrong with using exactly it to verify there's connectivity for real?
Also, at this point you're pretty close to practice of using loopback interfaces for services — it's mainly used coupled with dynamic routing but the main idea is pretty simple: it shouldn't matter what was the interface the request came from, it only matters that it found its way at all and reply can be sent as well. Loopback interfaces are never down unless manually told so — "real" interfaces OTOH can change theirs state due link loss and so on.
answered Jan 3 at 11:40
poigepoige
4,0621543
add a comment |
In Linux, an incoming packet is routed by checking whether a packet should be handled by the local machine or not. If it should, it is processed directly without first routing it through the "correct interface". The IP address is kindof just an alias for the machine and it doesn't matter which interface the packet arrived on.
The same happens if you locally do telnet 10.0.1.1 - it doesn't appear on eth1 but instead on lo which handles all packets going from the local machine to itself.
For outbound packets however it does make a difference which interface an address belongs to. The kernel first decides how to route a packet and then picks the best source IP for the packets based on that.
If you need to see "all packets" with tcpdump, you can do tcpdump -i any icmp. It will not show you the interface(s), but you will see all packets going for e.g. 10.0.1.1.
edited Jan 3 at 12:05
WoJ
410213
answered Jan 3 at 10:47
Jonas BerlinJonas Berlin
43147
I want to add that all these things are "normal behaviour" and most of them can be tweaked to achieve some special effect. But I don't think you could achieve the packet to appear on "eth1" unless it also was sent out over that interface..
– Jonas Berlin
Jan 3 at 10:51
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f492205%2fhow-to-check-if-a-packet-reached-an-interface-in-a-multi-interface-context%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The subject you're talking about is weak/strong Host model and Linux uses weak one by default.
Is there a way to check if a packet intended to interface eth1 did reach that interface?
I'd say that firewall would allow to put such a constraint.
I have cases where a packet arrives on an interface of a host (the first one on its way) but does not seem to reach the intended interface (the actual application is not brought up). Such a test would ensure that the firewalling/forwarding is OK and that the problem is elsewhere (in the configuration of the app, a bug in the app, etc)
You've mentioned ICMP in your example earlier. What's wrong with using exactly it to verify there's connectivity for real?
Also, at this point you're pretty close to practice of using loopback interfaces for services — it's mainly used coupled with dynamic routing but the main idea is pretty simple: it shouldn't matter what was the interface the request came from, it only matters that it found its way at all and reply can be sent as well. Loopback interfaces are never down unless manually told so — "real" interfaces OTOH can change theirs state due link loss and so on.
answered Jan 3 at 11:40
poigepoige
4,0621543
add a comment |
The subject you're talking about is weak/strong Host model and Linux uses weak one by default.
Is there a way to check if a packet intended to interface eth1 did reach that interface?
I'd say that firewall would allow to put such a constraint.
I have cases where a packet arrives on an interface of a host (the first one on its way) but does not seem to reach the intended interface (the actual application is not brought up). Such a test would ensure that the firewalling/forwarding is OK and that the problem is elsewhere (in the configuration of the app, a bug in the app, etc)
You've mentioned ICMP in your example earlier. What's wrong with using exactly it to verify there's connectivity for real?
Also, at this point you're pretty close to practice of using loopback interfaces for services — it's mainly used coupled with dynamic routing but the main idea is pretty simple: it shouldn't matter what was the interface the request came from, it only matters that it found its way at all and reply can be sent as well. Loopback interfaces are never down unless manually told so — "real" interfaces OTOH can change theirs state due link loss and so on.
answered Jan 3 at 11:40
poigepoige
4,0621543
add a comment |
The subject you're talking about is weak/strong Host model and Linux uses weak one by default.
Is there a way to check if a packet intended to interface eth1 did reach that interface?
I'd say that firewall would allow to put such a constraint.
I have cases where a packet arrives on an interface of a host (the first one on its way) but does not seem to reach the intended interface (the actual application is not brought up). Such a test would ensure that the firewalling/forwarding is OK and that the problem is elsewhere (in the configuration of the app, a bug in the app, etc)
You've mentioned ICMP in your example earlier. What's wrong with using exactly it to verify there's connectivity for real?
Also, at this point you're pretty close to practice of using loopback interfaces for services — it's mainly used coupled with dynamic routing but the main idea is pretty simple: it shouldn't matter what was the interface the request came from, it only matters that it found its way at all and reply can be sent as well. Loopback interfaces are never down unless manually told so — "real" interfaces OTOH can change theirs state due link loss and so on.
answered Jan 3 at 11:40
poigepoige
4,0621543
The subject you're talking about is weak/strong Host model and Linux uses weak one by default.
Is there a way to check if a packet intended to interface eth1 did reach that interface?
I'd say that firewall would allow to put such a constraint.
I have cases where a packet arrives on an interface of a host (the first one on its way) but does not seem to reach the intended interface (the actual application is not brought up). Such a test would ensure that the firewalling/forwarding is OK and that the problem is elsewhere (in the configuration of the app, a bug in the app, etc)
You've mentioned ICMP in your example earlier. What's wrong with using exactly it to verify there's connectivity for real?
Also, at this point you're pretty close to practice of using loopback interfaces for services — it's mainly used coupled with dynamic routing but the main idea is pretty simple: it shouldn't matter what was the interface the request came from, it only matters that it found its way at all and reply can be sent as well. Loopback interfaces are never down unless manually told so — "real" interfaces OTOH can change theirs state due link loss and so on.
answered Jan 3 at 11:40
poigepoige
4,0621543
edited Jan 3 at 11:59
answered Jan 3 at 11:40
poigepoige
4,0621543
answered Jan 3 at 11:40
poigepoige
4,0621543
answered Jan 3 at 11:40
poigepoige
4,0621543
4,0621543
add a comment |
add a comment |
In Linux, an incoming packet is routed by checking whether a packet should be handled by the local machine or not. If it should, it is processed directly without first routing it through the "correct interface". The IP address is kindof just an alias for the machine and it doesn't matter which interface the packet arrived on.
The same happens if you locally do telnet 10.0.1.1 - it doesn't appear on eth1 but instead on lo which handles all packets going from the local machine to itself.
For outbound packets however it does make a difference which interface an address belongs to. The kernel first decides how to route a packet and then picks the best source IP for the packets based on that.
If you need to see "all packets" with tcpdump, you can do tcpdump -i any icmp. It will not show you the interface(s), but you will see all packets going for e.g. 10.0.1.1.
edited Jan 3 at 12:05
WoJ
410213
answered Jan 3 at 10:47
Jonas BerlinJonas Berlin
43147
I want to add that all these things are "normal behaviour" and most of them can be tweaked to achieve some special effect. But I don't think you could achieve the packet to appear on "eth1" unless it also was sent out over that interface..
– Jonas Berlin
Jan 3 at 10:51
add a comment |
In Linux, an incoming packet is routed by checking whether a packet should be handled by the local machine or not. If it should, it is processed directly without first routing it through the "correct interface". The IP address is kindof just an alias for the machine and it doesn't matter which interface the packet arrived on.
The same happens if you locally do telnet 10.0.1.1 - it doesn't appear on eth1 but instead on lo which handles all packets going from the local machine to itself.
For outbound packets however it does make a difference which interface an address belongs to. The kernel first decides how to route a packet and then picks the best source IP for the packets based on that.
If you need to see "all packets" with tcpdump, you can do tcpdump -i any icmp. It will not show you the interface(s), but you will see all packets going for e.g. 10.0.1.1.
edited Jan 3 at 12:05
WoJ
410213
answered Jan 3 at 10:47
Jonas BerlinJonas Berlin
43147
I want to add that all these things are "normal behaviour" and most of them can be tweaked to achieve some special effect. But I don't think you could achieve the packet to appear on "eth1" unless it also was sent out over that interface..
– Jonas Berlin
Jan 3 at 10:51
add a comment |
In Linux, an incoming packet is routed by checking whether a packet should be handled by the local machine or not. If it should, it is processed directly without first routing it through the "correct interface". The IP address is kindof just an alias for the machine and it doesn't matter which interface the packet arrived on.
The same happens if you locally do telnet 10.0.1.1 - it doesn't appear on eth1 but instead on lo which handles all packets going from the local machine to itself.
For outbound packets however it does make a difference which interface an address belongs to. The kernel first decides how to route a packet and then picks the best source IP for the packets based on that.
If you need to see "all packets" with tcpdump, you can do tcpdump -i any icmp. It will not show you the interface(s), but you will see all packets going for e.g. 10.0.1.1.
edited Jan 3 at 12:05
WoJ
410213
answered Jan 3 at 10:47
Jonas BerlinJonas Berlin
43147
In Linux, an incoming packet is routed by checking whether a packet should be handled by the local machine or not. If it should, it is processed directly without first routing it through the "correct interface". The IP address is kindof just an alias for the machine and it doesn't matter which interface the packet arrived on.
The same happens if you locally do telnet 10.0.1.1 - it doesn't appear on eth1 but instead on lo which handles all packets going from the local machine to itself.
For outbound packets however it does make a difference which interface an address belongs to. The kernel first decides how to route a packet and then picks the best source IP for the packets based on that.
If you need to see "all packets" with tcpdump, you can do tcpdump -i any icmp. It will not show you the interface(s), but you will see all packets going for e.g. 10.0.1.1.
edited Jan 3 at 12:05
WoJ
410213
answered Jan 3 at 10:47
Jonas BerlinJonas Berlin
43147
edited Jan 3 at 12:05
WoJ
410213
edited Jan 3 at 12:05
WoJ
410213
edited Jan 3 at 12:05
WoJ
410213
410213
answered Jan 3 at 10:47
Jonas BerlinJonas Berlin
43147
answered Jan 3 at 10:47
Jonas BerlinJonas Berlin
43147
answered Jan 3 at 10:47
Jonas BerlinJonas Berlin
43147
43147
I want to add that all these things are "normal behaviour" and most of them can be tweaked to achieve some special effect. But I don't think you could achieve the packet to appear on "eth1" unless it also was sent out over that interface..
– Jonas Berlin
Jan 3 at 10:51
add a comment |
I want to add that all these things are "normal behaviour" and most of them can be tweaked to achieve some special effect. But I don't think you could achieve the packet to appear on "eth1" unless it also was sent out over that interface..
– Jonas Berlin
Jan 3 at 10:51
I want to add that all these things are "normal behaviour" and most of them can be tweaked to achieve some special effect. But I don't think you could achieve the packet to appear on "eth1" unless it also was sent out over that interface..
– Jonas Berlin
Jan 3 at 10:51
I want to add that all these things are "normal behaviour" and most of them can be tweaked to achieve some special effect. But I don't think you could achieve the packet to appear on "eth1" unless it also was sent out over that interface..
– Jonas Berlin
Jan 3 at 10:51
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f492205%2fhow-to-check-if-a-packet-reached-an-interface-in-a-multi-interface-context%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
