New Fiber install, fresh Pfsense install, only getting 20Mbps up/down
-
@cool_corona Yes, they wont allow it.
-
@jddoxtator Have you tried to spoof the mac of the org router?
-
@cool_corona Yes, the spoof has been enabled since the start.
-
Are there any dip switches in the converter?
-
Ok, testing this locally I expect to be able to see the tagged traffic in the GUI packet capture if the view detail is set to full however there is some oddness there. I'm digging into that but it will show there if you do not filter like:
19:36:07.585799 90:ec:77:1f:8a:5f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 229, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.229.5.10 tell 10.229.5.1, length 28
There is no question of which VLAN is in use there.
You can also run at the CLI something like:
tcpdump -nvve -i ix0
And you will see all the traffic on the interface including vlan tags.
Steve
-
@stephenw10 Alright tried the console code and got a different VLAN again
15:21:32.364086 3c:ec:ef:70:19:a6 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 1, p 0, ethertype IPv4, (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 3c:ec:ef:70:19:a6, length 300, xid 0xa6981c02, Flags [none] (0x0000) Client-Ethernet-Address 3c:ec:ef:70:19:a6 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 3c:ec:ef:70:19:a6 Hostname Option 12, length 7: "pfSense" Parameter-Request Option 55, length 10: Subnet-Mask, BR, Time-Zone, Classless-Static-Route Default-Gateway, Domain-Name, Domain-Name-Server, Hostname Option 119, MTU 15:21:32.865804 10:f9:20:89:a0:f6 > 01:00:0c:cc:cc:cc, 802.3, length 40: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid DTP (0x2004), length 38: DTPv1, length 38 Domain TLV (0x0001) TLV, length 11, Packet Status TLV (0x0002) TLV, length 5, 0x81 DTP type TLV (0x0003) TLV, length 5, 0xa5 Neighbor TLV (0x0004) TLV, length 10, 10:f9:20:89:a0:f6 15:21:33.395704 3c:ec:ef:70:19:a6 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 1, p 0, ethertype IPv4, (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 3c:ec:ef:70:19:a6, length 300, xid 0xa6981c02, secs 1, Flags [none] (0x0000) Client-Ethernet-Address 3c:ec:ef:70:19:a6 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 3c:ec:ef:70:19:a6 Hostname Option 12, length 7: "pfSense" Parameter-Request Option 55, length 10: Subnet-Mask, BR, Time-Zone, Classless-Static-Route Default-Gateway, Domain-Name, Domain-Name-Server, Hostname Option 119, MTU 15:21:33.865863 10:f9:20:89:a0:f6 > 01:00:0c:cc:cc:cc, 802.3, length 40: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid DTP (0x2004), length 38: DTPv1, length 38 Domain TLV (0x0001) TLV, length 11, Packet Status TLV (0x0002) TLV, length 5, 0x81 DTP type TLV (0x0003) TLV, length 5, 0xa5 Neighbor TLV (0x0004) TLV, length 10, 10:f9:20:89:a0:f6 15:21:34.410039 3c:ec:ef:70:19:a6 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 1, p 0, ethertype IPv4, (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 3c:ec:ef:70:19:a6, length 300, xid 0xa6981c02, secs 2, Flags [none] (0x0000) Client-Ethernet-Address 3c:ec:ef:70:19:a6 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 3c:ec:ef:70:19:a6 Hostname Option 12, length 7: "pfSense" Parameter-Request Option 55, length 10: Subnet-Mask, BR, Time-Zone, Classless-Static-Route Default-Gateway, Domain-Name, Domain-Name-Server, Hostname Option 119, MTU 15:21:35.057589 3c:ec:ef:70:1c:f5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 3c:ec:ef:70:1c:f5, length 300, xid 0xc9c42930, Flags [none] (0x0000) Client-Ethernet-Address 3c:ec:ef:70:1c:f5 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 3c:ec:ef:70:1c:f5 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.23.1" 15:21:35.108688 10:f9:20:89:a0:f6 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 560: vlan 1, p 7, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid CDP (0x2000), length 534: CDPv2, ttl: 180s, checksum: 0x72f9 (unverified), length 534 Device-ID (0x01), value length: 32 bytes: 'MtBrydges-4507-2.nftctelecom.com' Version String (0x05), value length: 285 bytes: Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.09.00.E RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Tue 19-Jul-16 12:34 by prod_rel_team Platform (0x06), value length: 17 bytes: 'cisco WS-C4507R+E' Address (0x02), value length: 13 bytes: IPv4 (1) 172.31.16.2 Port-ID (0x03), value length: 19 bytes: 'GigabitEthernet6/15' Capability (0x04), value length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping Prefixes (0x07), value length: 10 bytes: IPv4 Prefixes (2): 172.31.16.0/22 192.168.3.0/24 VTP Management Domain (0x09), value length: 6 bytes: 'Packet' Native VLAN ID (0x0a), value length: 2 bytes: 85 Duplex (0x0b), value length: 1 byte: full AVVID trust bitmap (0x12), value length: 1 byte: 0x00 AVVID untrusted ports CoS (0x13), value length: 1 byte: 0x00 Management Addresses (0x16), value length: 13 bytes: IPv4 (1) 172.31.16.2 unknown field type (0x1a), value length: 12 bytes: 0x0000: 0000 0001 0000 0000 ffff ffff unknown field type (0x1b), value length: 1 byte: 0x0000: 00 unknown field type (0x1f), value length: 1 byte: 0x0000: 00 unknown field type (0x1005), value length: 20 bytes: 0x0000: 5753 2d58 3435 2d53 5550 382d 4500 2830 0x0010: 2972 3f7c unknown field type (0x1004), value length: 15 bytes: 0x0000: 6530 3266 2e36 6461 352e 3136 3830 00 unknown field type (0x1003), value length: 1 byte: 0x0000: 31
I copied everything from connection until response from a cisco router. I see VLAN 1 but I tried that and it gives me no IP. Same as any other VLAN I have tried.
-
That's after setting VLAN1? It looks like dhcp requests from pfSense tagged as that.
You might try switching the ISP router in and back out before the pcap to try to get some tagged traffic from the ISP as you did before with the ARP packet.
Ultimately the only way to know for sure is to setup a switch with a mirror port so you can capture exactly what the ISP router is doing.
The other thing is that you are almost certainly not the first person trying this. Someone else may have documented what's required for that ISP. Somewhere.
Steve
-
@jddoxtator To make this easy on yourself, try and connect a switch between the media converter and the original ISP router.
Connect your pfSense to one switchport and set its WAN port to either no IP address, or a fixed random private IP address.
Start a packet capture on WAN, and connect the ISP router to the switch.When the ISP router is connected it will attempt to get a IP address via DHCP frames which is broadcasted - and include the VLAN tag the ISP router is using.
Those broadcasts should also reach your pfSense if the switch is a dumb non-managed Layer2 switch. If it is a smart VLAN capable/managed switch, this will not work, and you will have to setup a mirrorport/spanport on the switch which mirrors the ISP router port to your pfsense port. -
@stephenw10 Before setting VLAN 1
I set the pfsense router back to stock and switched the WAN port from the ISP router to the pfsense router after the ISP router had connected.
-
Update: My old switch died, would not resolve DHCP anymore for some reason. Long story short, got a Cisco CBS220-24FP-4X capable of VLAN's and specifically PVST+
Some interesting behavior after getting this switch installed and running.
I set up a VLAN across one of the SFP 10Gbe ports and one of the copper 1Gbe ports. I then connected the fiber line directly to the switch SFP port and routers to the copper port.
Pfsense picked up the WAN signal and did it's usual thing connecting at 20Mb/s. However, the ISP router would not connect at all with the switch routing the fiber to the copper port on the VLAN.
There is something fundamentally different in how these two routers are connecting and I have no idea what.
-
@jddoxtator I still suspect putting a managed switch with port mirroring on the WAN line of your ISP router would be the most efficient way of finding out what works.
-
@patch I tried multiple setups and most gave me nothing at all on packet capture.
I used multicast on 3 ports across a single VLAN and only once I captured the ISP router sending an ARP request for the same gateway that Pfsense uses, but it could not connect.
Every other time there was no traffic to record.
This was all the packets I got:
1 0.000000 Calix_7a:06:4a Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.17.83 2 1.917011 172.31.16.23 224.0.0.1 ICMP 60 Mobile IP Advertisement (Normal router advertisement) 3 10.450749 Calix_4c:f9:11 Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.19.81
Just a reminder, when the ISP router is connected directly, it connects with Gateway 192.24.57.1 not 172.31.16.1
-
@jddoxtator said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
Cisco CBS220-24FP-4X
That switch does port mirroring. Remove the VLANs from the switch. It needs to pass the tagged traffic from the ISP router so put two ports in port-vlan mode or whatever Cisco has renamed that.
Then mirror one of those ports and capture on it.
Steve
-
@stephenw10 Ok, I deleted all VLAN's and my multicast's. Only problem is I'm not sure where port mirroring is in this switch. I'm guessing that this is more on the physical level under Port configuration. The only thing I see there that involves multiple ports is Link Aggregation. Could this be what I am looking for?
Edit: Found the manual online. I was looking in the wrong spot apparently. They put SPAN which is their port mirroring under the statistics tab.... strange choice but OK. Now the SPAN interface says I require a VLAN to define the mirror, so I'm guessing this is where I go to VLAN and select the two ports to have in the same VLAN group.
-
Nope not LAG. Looks like Cisco are using some combination of the terms mirroring, port monitoring and span port.
https://www.cisco.com/c/en/us/td/docs/switches/lan/csbss/CBS220/Adminstration-Guide/cbs-220-admin-guide/status-and-statistics.html?bookSearch=true#Cisco_Concept.dita_86e4dbba-7744-408d-b5e2-c55428a982b6
or
https://www.cisco.com/c/en/us/td/docs/switches/lan/csbss/CBS220/CLI-Guide/b_220CLI/port_monitor_commands.htmlSteve
-
@stephenw10 Think I almost have this figured out.
I have to list the two data ports as source then the listening port as destination all under the same session ID. Then they have to be in the same VLAN group and I think that should work. I hope, lets see.
-
Ok, so this setup gives me a bunch of local network ARP requests
1 0.000000 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.121 2 0.106019 Cisco_f4:83:3a Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.155 3 0.320230 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.121 4 0.609572 ASUSTekC_8c:16:e1 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.116 5 0.814689 ASUSTekC_f5:1f:a0 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.154 6 1.013517 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.121 7 1.105998 Cisco_f4:83:3a Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.155 8 1.330691 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.121 9 1.622972 ASUSTekC_8c:16:e1 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.116 10 1.828057 ASUSTekC_f5:1f:a0 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.154 11 2.346824 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.121 12 2.636239 ASUSTekC_8c:16:e1 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.116 13 3.357319 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.121 14 3.649568 ASUSTekC_8c:16:e1 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.116 15 4.106170 Cisco_f4:83:3a Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.155 16 4.370852 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.121 17 4.874859 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.121 18 5.105890 Cisco_f4:83:3a Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.155 19 5.384213 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.121 20 5.809578 ASUSTekC_8c:16:e1 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.116 21 5.881565 ASUSTekC_f5:1f:a0 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.154 22 5.893358 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.121 23 6.105790 Cisco_f4:83:3a Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.155 24 6.397349 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.121 25 6.822939 ASUSTekC_8c:16:e1 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.116 26 6.876218 ASUSTekC_8c:16:e1 Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.116 27 6.894748 ASUSTekC_f5:1f:a0 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.154 28 6.904138 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.121 29 7.411112 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.121 30 7.836240 ASUSTekC_8c:16:e1 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.116 31 7.889569 ASUSTekC_8c:16:e1 Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.116 32 7.908081 ASUSTekC_f5:1f:a0 Broadcast ARP 60 Who has 192.168.1.1? Tell 192.168.1.154 33 8.423936 RivetNet_c8:5f:5d Broadcast ARP 60 Who has 192.168.1.134? Tell 192.168.1.121 34 8.453629 Calix_0c:ae:2c Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.17.249 35 8.453633 Calix_0c:ae:2c Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.17.249
ISP router still would not connect through this method. I think the VLAN isolation is not working as I am getting all my network devices.
-
I've never tried that on a Cisco switch but....
It seems like you just need to set a session destination and choose a session ID and a local port.
Then set session source using the same session ID and set it to Rx and Tx.
Then as long as the ISP router traffic is passing the session source port you should see it on the destination port. -
@stephenw10 My mistake, I had some other ports still trunked into the VLAN. I have it isolated now and got much more useful information
1 0.000000 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x163b8778 2 3.070015 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x163b8778 3 6.130010 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x163b8778 4 9.200069 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x163b8778 5 12.260068 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x163b8778 6 15.560215 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x163b8778 7 15.560238 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x163b8778 8 15.584241 172.31.16.1 172.31.17.42 DHCP 398 DHCP Offer - Transaction ID 0x163b8778 9 15.584268 172.31.16.1 172.31.17.42 DHCP 398 DHCP Offer - Transaction ID 0x163b8778 10 15.584554 172.31.16.1 172.31.17.42 DHCP 398 DHCP Offer - Transaction ID 0x163b8778 11 15.584578 172.31.16.1 172.31.17.42 DHCP 398 DHCP Offer - Transaction ID 0x163b8778 12 15.630099 0.0.0.0 255.255.255.255 DHCP 342 DHCP Request - Transaction ID 0x163b8778 13 15.630121 0.0.0.0 255.255.255.255 DHCP 342 DHCP Request - Transaction ID 0x163b8778 14 15.633695 172.31.16.1 172.31.17.42 DHCP 398 DHCP ACK - Transaction ID 0x163b8778 15 15.633706 172.31.16.1 172.31.17.42 DHCP 398 DHCP ACK - Transaction ID 0x163b8778 16 15.634197 172.31.16.1 172.31.17.42 DHCP 398 DHCP ACK - Transaction ID 0x163b8778 17 15.634208 172.31.16.1 172.31.17.42 DHCP 398 DHCP ACK - Transaction ID 0x163b8778 18 15.951848 Calix_1c:4f:67 Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.19.199 19 15.951853 Calix_1c:4f:67 Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.19.199 20 18.610414 Calix_6b:e8:f7 Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.17.42 21 18.610417 Calix_6b:e8:f7 Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.17.42 22 18.613395 Cisco_f2:da:7f Calix_6b:e8:f7 ARP 60 172.31.16.1 is at 7c:69:f6:f2:da:7f 23 18.613400 Cisco_f2:da:7f Calix_6b:e8:f7 ARP 60 172.31.16.1 is at 7c:69:f6:f2:da:7f 24 18.618696 64.235.98.226 172.31.17.42 DNS 93 Standard query response 0x5f81 A stun-ca.calix.com A 99.79.144.131 25 18.618739 64.235.98.226 172.31.17.42 DNS 93 Standard query response 0x5f81 A stun-ca.calix.com A 99.79.144.131 26 18.635840 8.8.8.8 172.31.17.42 DNS 93 Standard query response 0x5f81 A stun-ca.calix.com A 99.79.144.131 27 18.635870 8.8.8.8 172.31.17.42 DNS 93 Standard query response 0x5f81 A stun-ca.calix.com A 99.79.144.131 28 18.645352 99.79.144.131 172.31.17.42 CLASSIC-STUN 86 Message: Binding Response 29 18.645384 99.79.144.131 172.31.17.42 CLASSIC-STUN 86 Message: Binding Response 30 21.478185 Calix_07:31:f7 Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.17.28 31 21.478190 Calix_07:31:f7 Broadcast ARP 60 Who has 172.31.16.1? Tell 172.31.17.28 32 28.670541 64.235.98.226 172.31.17.42 DNS 141 Standard query response 0x8b10 A 0.ca.pool.ntp.org A 198.27.76.102 A 162.159.200.1 A 205.206.70.40 A 217.180.209.214 33 28.670575 64.235.98.226 172.31.17.42 DNS 141 Standard query response 0x8b10 A 0.ca.pool.ntp.org A 198.27.76.102 A 162.159.200.1 A 205.206.70.40 A 217.180.209.214 34 28.670688 64.235.98.226 172.31.17.42 DNS 132 Standard query response 0xbbba AAAA 0.ca.pool.ntp.org SOA b.ntpns.org 35 28.670717 64.235.98.226 172.31.17.42 DNS 132 Standard query response 0xbbba AAAA 0.ca.pool.ntp.org SOA b.ntpns.org 36 28.677733 64.235.98.226 172.31.17.42 DNS 141 Standard query response 0xe1d8 A 1.ca.pool.ntp.org A 205.206.70.42 A 216.232.132.102 A 149.56.37.32 A 207.210.46.249 37 28.677747 64.235.98.226 172.31.17.42 DNS 141 Standard query response 0xe1d8 A 1.ca.pool.ntp.org A 205.206.70.42 A 216.232.132.102 A 149.56.37.32 A 207.210.46.249 38 28.677932 64.235.98.226 172.31.17.42 DNS 132 Standard query response 0xe409 AAAA 1.ca.pool.ntp.org SOA b.ntpns.org 39 28.677946 64.235.98.226 172.31.17.42 DNS 132 Standard query response 0xe409 AAAA 1.ca.pool.ntp.org SOA b.ntpns.org 40 28.684459 64.235.98.226 172.31.17.42 DNS 152 Standard query response 0x3d28 A 0.north-america.pool.ntp.org A 65.108.76.171 A 206.108.0.132 A 216.6.2.70 A 198.199.14.18 41 28.684489 64.235.98.226 172.31.17.42 DNS 152 Standard query response 0x3d28 A 0.north-america.pool.ntp.org A 65.108.76.171 A 206.108.0.132 A 216.6.2.70 A 198.199.14.18 42 28.684607 64.235.98.226 172.31.17.42 DNS 143 Standard query response 0x5359 AAAA 0.north-america.pool.ntp.org SOA b.ntpns.org 43 28.684648 64.235.98.226 172.31.17.42 DNS 143 Standard query response 0x5359 AAAA 0.north-america.pool.ntp.org SOA b.ntpns.org 44 28.691310 64.235.98.226 172.31.17.42 DNS 141 Standard query response 0x7977 A 0.us.pool.ntp.org A 50.205.244.24 A 162.159.200.1 A 162.159.200.123 A 162.248.241.94 45 28.691340 64.235.98.226 172.31.17.42 DNS 141 Standard query response 0x7977 A 0.us.pool.ntp.org A 50.205.244.24 A 162.159.200.1 A 162.159.200.123 A 162.248.241.94 46 28.691468 64.235.98.226 172.31.17.42 DNS 132 Standard query response 0x6d87 AAAA 0.us.pool.ntp.org SOA b.ntpns.org 47 28.691498 64.235.98.226 172.31.17.42 DNS 132 Standard query response 0x6d87 AAAA 0.us.pool.ntp.org SOA b.ntpns.org 48 28.693444 8.8.8.8 172.31.17.42 DNS 141 Standard query response 0x8b10 A 0.ca.pool.ntp.org A 199.182.221.110 A 205.206.70.42 A 192.95.27.155 A 194.0.5.123 49 28.693478 8.8.8.8 172.31.17.42 DNS 141 Standard query response 0x8b10 A 0.ca.pool.ntp.org A 199.182.221.110 A 205.206.70.42 A 192.95.27.155 A 194.0.5.123 50 28.693535 8.8.8.8 172.31.17.42 DNS 132 Standard query response 0xbbba AAAA 0.ca.pool.ntp.org SOA c.ntpns.org 51 28.693550 8.8.8.8 172.31.17.42 DNS 132 Standard query response 0xbbba AAAA 0.ca.pool.ntp.org SOA c.ntpns.org 52 28.700935 8.8.8.8 172.31.17.42 DNS 141 Standard query response 0xe1d8 A 1.ca.pool.ntp.org A 216.197.156.83 A 162.159.200.123 A 217.180.209.214 A 208.81.1.244 53 28.700967 8.8.8.8 172.31.17.42 DNS 141 Standard query response 0xe1d8 A 1.ca.pool.ntp.org A 216.197.156.83 A 162.159.200.123 A 217.180.209.214 A 208.81.1.244 54 28.701152 8.8.8.8 172.31.17.42 DNS 132 Standard query response 0xe409 AAAA 1.ca.pool.ntp.org SOA i.ntpns.org 55 28.701182 8.8.8.8 172.31.17.42 DNS 132 Standard query response 0xe409 AAAA 1.ca.pool.ntp.org SOA i.ntpns.org 56 28.701736 8.8.8.8 172.31.17.42 DNS 143 Standard query response 0x5359 AAAA 0.north-america.pool.ntp.org SOA e.ntpns.org 57 28.701767 8.8.8.8 172.31.17.42 DNS 143 Standard query response 0x5359 AAAA 0.north-america.pool.ntp.org SOA e.ntpns.org 58 28.708145 8.8.8.8 172.31.17.42 DNS 141 Standard query response 0x7977 A 0.us.pool.ntp.org A 64.251.10.152 A 50.205.244.113 A 204.93.207.12 A 69.164.213.136 59 28.708147 8.8.8.8 172.31.17.42 DNS 152 Standard query response 0x3d28 A 0.north-america.pool.ntp.org A 38.229.62.9 A 66.220.9.122 A 144.172.118.20 A 129.250.35.251 60 28.708160 8.8.8.8 172.31.17.42 DNS 141 Standard query response 0x7977 A 0.us.pool.ntp.org A 64.251.10.152 A 50.205.244.113 A 204.93.207.12 A 69.164.213.136 61 28.708165 8.8.8.8 172.31.17.42 DNS 152 Standard query response 0x3d28 A 0.north-america.pool.ntp.org A 38.229.62.9 A 66.220.9.122 A 144.172.118.20 A 129.250.35.251 62 28.714399 8.8.8.8 172.31.17.42 DNS 132 Standard query response 0x6d87 AAAA 0.us.pool.ntp.org SOA f.ntpns.org 63 28.714429 8.8.8.8 172.31.17.42 DNS 132 Standard query response 0x6d87 AAAA 0.us.pool.ntp.org SOA f.ntpns.org 64 37.872289 64.235.98.226 172.31.17.42 DNS 93 Standard query response 0xa7dc A gcs6-ca.calix.com A 52.60.181.28 65 37.872307 64.235.98.226 172.31.17.42 DNS 93 Standard query response 0xa7dc A gcs6-ca.calix.com A 52.60.181.28 66 37.896074 8.8.8.8 172.31.17.42 DNS 93 Standard query response 0xa7dc A gcs6-ca.calix.com A 52.60.181.28 67 37.896104 8.8.8.8 172.31.17.42 DNS 93 Standard query response 0xa7dc A gcs6-ca.calix.com A 52.60.181.28 68 38.030652 52.60.181.28 172.31.17.42 TCP 74 8443 → 39182 [SYN, ACK] Seq=0 Ack=1 Win=62643 Len=0 MSS=1460 SACK_PERM=1 TSval=236259536 TSecr=5140577 WS=128 69 38.030679 52.60.181.28 172.31.17.42 TCP 74 [TCP Out-Of-Order] 8443 → 39182 [SYN, ACK] Seq=0 Ack=1 Win=62643 Len=0 MSS=1460 SACK_PERM=1 TSval=236259536 TSecr=5140577 WS=128 70 38.056085 52.60.181.28 172.31.17.42 TLSv1.2 203 Server Hello, Change Cipher Spec, Encrypted Handshake Message 71 38.056112 52.60.181.28 172.31.17.42 TCP 203 [TCP Retransmission] 8443 → 39182 [PSH, ACK] Seq=1 Ack=518 Win=62208 Len=137 TSval=236259561 TSecr=5140580 72 38.083558 52.60.181.28 172.31.17.42 TCP 66 8443 → 39182 [ACK] Seq=138 Ack=822 Win=61952 Len=0 TSval=236259589 TSecr=5140582 73 38.083584 52.60.181.28 172.31.17.42 TCP 66 [TCP Dup ACK 72#1] 8443 → 39182 [ACK] Seq=138 Ack=822 Win=61952 Len=0 TSval=236259589 TSecr=5140582 74 38.086084 52.60.181.28 172.31.17.42 TCP 66 8443 → 39182 [ACK] Seq=138 Ack=2270 Win=60544 Len=0 TSval=236259591 TSecr=5140583 75 38.086096 52.60.181.28 172.31.17.42 TCP 66 [TCP Dup ACK 74#1] 8443 → 39182 [ACK] Seq=138 Ack=2270 Win=60544 Len=0 TSval=236259591 TSecr=5140583 76 38.086141 52.60.181.28 172.31.17.42 TCP 66 8443 → 39182 [ACK] Seq=138 Ack=3718 Win=59136 Len=0 TSval=236259591 TSecr=5140583 77 38.086143 52.60.181.28 172.31.17.42 TCP 66 [TCP Dup ACK 76#1] 8443 → 39182 [ACK] Seq=138 Ack=3718 Win=59136 Len=0 TSval=236259591 TSecr=5140583 78 38.086540 52.60.181.28 172.31.17.42 TCP 66 8443 → 39182 [ACK] Seq=138 Ack=4326 Win=58624 Len=0 TSval=236259592 TSecr=5140583 79 38.086543 52.60.181.28 172.31.17.42 TCP 66 [TCP Dup ACK 78#1] 8443 → 39182 [ACK] Seq=138 Ack=4326 Win=58624 Len=0 TSval=236259592 TSecr=5140583 80 38.087740 52.60.181.28 172.31.17.42 TLSv1.2 340 Application Data 81 38.087767 52.60.181.28 172.31.17.42 TCP 340 [TCP Retransmission] 8443 → 39182 [PSH, ACK] Seq=138 Ack=4326 Win=58624 Len=274 TSval=236259593 TSecr=5140583 82 38.120573 52.60.181.28 172.31.17.42 TCP 66 8443 → 39182 [ACK] Seq=412 Ack=4357 Win=58624 Len=0 TSval=236259626 TSecr=5140586 83 38.120599 52.60.181.28 172.31.17.42 TCP 66 [TCP Dup ACK 82#1] 8443 → 39182 [ACK] Seq=412 Ack=4357 Win=58624 Len=0 TSval=236259626 TSecr=5140586 84 38.120613 52.60.181.28 172.31.17.42 TLSv1.2 97 Encrypted Alert 85 38.120620 52.60.181.28 172.31.17.42 TCP 97 [TCP Retransmission] 8443 → 39182 [PSH, ACK] Seq=412 Ack=4357 Win=58624 Len=31 TSval=236259626 TSecr=5140586 86 38.120625 52.60.181.28 172.31.17.42 TCP 66 8443 → 39182 [FIN, ACK] Seq=443 Ack=4357 Win=58624 Len=0 TSval=236259626 TSecr=5140586 87 38.120629 52.60.181.28 172.31.17.42 TCP 66 [TCP Out-Of-Order] 8443 → 39182 [FIN, ACK] Seq=443 Ack=4357 Win=58624 Len=0 TSval=236259626 TSecr=5140586 88 38.121583 52.60.181.28 172.31.17.42 TCP 66 8443 → 39182 [ACK] Seq=444 Ack=4358 Win=58624 Len=0 TSval=236259627 TSecr=5140586 89 38.121595 52.60.181.28 172.31.17.42 TCP 66 [TCP Dup ACK 88#1] 8443 → 39182 [ACK] Seq=444 Ack=4358 Win=58624 Len=0 TSval=236259627 TSecr=5140586 90 38.146682 52.60.181.28 172.31.17.42 TCP 74 8443 → 33372 [SYN, ACK] Seq=0 Ack=1 Win=62643 Len=0 MSS=1460 SACK_PERM=1 TSval=236259652 TSecr=5140589 WS=128 91 38.146708 52.60.181.28 172.31.17.42 TCP 74 [TCP Out-Of-Order] 8443 → 33372 [SYN, ACK] Seq=0 Ack=1 Win=62643 Len=0 MSS=1460 SACK_PERM=1 TSval=236259652 TSecr=5140589 WS=128 92 38.172161 52.60.181.28 172.31.17.42 TLSv1.2 203 Server Hello, Change Cipher Spec, Encrypted Handshake Message 93 38.172188 52.60.181.28 172.31.17.42 TCP 203 [TCP Retransmission] 8443 → 33372 [PSH, ACK] Seq=1 Ack=518 Win=62208 Len=137 TSval=236259678 TSecr=5140591 94 38.199727 52.60.181.28 172.31.17.42 TCP 66 8443 → 33372 [ACK] Seq=138 Ack=1101 Win=61696 Len=0 TSval=236259705 TSecr=5140594 95 38.199753 52.60.181.28 172.31.17.42 TCP 66 [TCP Dup ACK 94#1] 8443 → 33372 [ACK] Seq=138 Ack=1101 Win=61696 Len=0 TSval=236259705 TSecr=5140594 96 38.202039 52.60.181.28 172.31.17.42 TCP 66 8443 → 33372 [ACK] Seq=138 Ack=2549 Win=60288 Len=0 TSval=236259707 TSecr=5140594 97 38.202065 52.60.181.28 172.31.17.42 TCP 66 [TCP Dup ACK 96#1] 8443 → 33372 [ACK] Seq=138 Ack=2549 Win=60288 Len=0 TSval=236259707 TSecr=5140594 98 38.202077 52.60.181.28 172.31.17.42 TCP 66 8443 → 33372 [ACK] Seq=138 Ack=3997 Win=58880 Len=0 TSval=236259707 TSecr=5140594 99 38.202084 52.60.181.28 172.31.17.42 TCP 66 [TCP Dup ACK 98#1] 8443 → 33372 [ACK] Seq=138 Ack=3997 Win=58880 Len=0 TSval=236259707 TSecr=5140594 100 38.202619 52.60.181.28 172.31.17.42 TCP 66 8443 → 33372 [ACK] Seq=138 Ack=4560 Win=58368 Len=0 TSval=236259708 TSecr=5140594
the ISP router still didn't connect, but at least we have relevant info about it.
-
If you have the source port in an 802.1q VLAN though it will not pass anything but that VLAN so whatever VLAN tagging the ISP router may or may not be using would get dropped and not appear there.
The ports the ISP router traffic is using need to pass all tagged traffic.