DNS 8000+ms, troubleshooting help
-
@srytryagn you can also dump the data from the file.. Just really need the headers and such.. but just to split it up to post if you have no where else to host it.. splitcap comes to mind.. https://www.netresec.com/?page=SplitCap
You should also be able to just zip it and split it up that way, 7z can do that really easy.. There is also a truncate option in that wrangler, which can cut out the data of large packets, we just really need to see the headers.
I just did a quick pcap of wan traffic and fired off a speedtest to make sure it was big.. 226MB, after truncated it down to 18MB.. so something like that could maybe shrink your 7MB file down to size to be able to upload.
-
@johnpoz I deleted post asking about split, it shrunk in wrangler and I posted it above.
-
@srytryagn ok what is this? 192.168.226.58 trying to talk to stuff and getting told that port is not reachable, etc.
Where exactly did you sniff this - on the lan interface where your bad guys are? On pfsense.
So for example in this session.. I see that a syn,ack was sent to
that 226.58 then you gavve what looks like answers back, but then see that seq=29.. that makes no sense they should be in order.. And clearly that 43.x guy never got answer because he is retrans his syn,ack..
Where exactly was this sniff taken? On pfsense interface?
edit: what exactly are you trying to run - is this something I could try and duplicate?
-
@johnpoz
Yes on PC on network 2 running both Apps.
Pcap is taken from within pfsense webgui (pointed to problematic Lan).
ICMP is me pining google.com from that same pc.I really appreciate your willingness to run it on your end and would happily walk you though how to do that. You will need a wallet address (or donation address), and a partition NVME or SSD with about 200Gb free to run the node and farmer.
How do want to proceed ?
-
@srytryagn have like 600GB free on my nmve drive, and like 850GB on my 1TB scratch SSD..
What coin is this? Prob not run it long enough to do anything of worth.. But could I just donate to your wallet?
Do you have a link to setup/guide - I am really curious on what the connection is suppose to do actually, etc. And also see if it takes down my network ;)
On a side note - do you have checksums and offloading enabled?
Under advanced networking, what specific nics do you have? Are they realtek?
-
@johnpoz Will keep this thread to pfsense/networking information for others. Will share info DM.
-
@johnpoz opened dm/room with you, please check.
-
@srytryagn saw your chat - so what about these settings for your offloading?
-
@johnpoz Which ones need to be enabled in pfgui?
{Running intel quad port NIC, well capable for offload. } -
@srytryagn I would still try disabling them.. Its not going to make it worse.. There have been known issues with offloading. Do what I have set in my picture.
You will need to reboot pfsense.. if I find some time tmrw will go through the setup, if not will try over the weekend.. But there is a lot of football on this weekend ;)
-
@johnpoz I have tried configuring hwoffloading as you mentioned, rebooted, and ... same thing, network dead when running apps.
-
@srytryagn I have a bunch of stuff going on with real work today.. But I looked at it does seem pretty easy to setup.. Prob do it tmrw before the games start ;)
-
@johnpoz Thought to mention that I am running a pppoe connection from my ISP.
Could this be a factor or some setting that is amiss? -
@johnpoz Any idea if pppoe passthrough is the potential issue ? Still struggling to find a solution, any input from you or others would be much appreciated.
-
As opposed to having the ISP device doing PPPoE?
There is an MTU reduction due to the overhead unless you can set 'mini-jumbo' frames upstream.
There is a single core restriction running PPPoE on pfSense itself so you can hit a CPU limit without realising it if you don't check the per-core usage.
-
@stephenw10 I do not understand what you mean, I am running a ISP combos box pfsense connects through pppoe. Could you expand on your suggestion as it may be helpful -> How do I set 'mini-jumbo' frames upstream ?
Is there any solution to the pppor restriction on pfsense or workwround ?
-
If the ISP router is terminating the PPPoE session then none of that applies. It only applies if that is bridging the PPPoE traffic to pfSense.
If PPPoE is terminated on pfSense then:
https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nicsPPPoE adds an 8 byte overhead so to carry the standard 1500B MTU the frames on the parent NIC must be 1508B. Those are referred to as mini-jumbo or baby-jumbo frames (RFC4638).
