In this trace we were trying to determine why an HP-UX 11.00.03 system (172.16.32.90) acting as a web server (yes, I realize the address is from the private range but you don't expect me to display the real address do you :)) would work for a few minutes right after it was booted then stop working. But it only stopped working for some web clients not others. This trace shows one of the non-working clients (172.16.32.5).
Other important things to know are that the subnet mask is 255.255.255.192 so the server and client are on different subnets and the default router is 172.16.32.65. The web client that continued to work was 172.16.32.67, which is on the same subnet as the server.
Packets 1 thru 59 show a working HTTP connection right after the server was booted. I left out most of those frames in the interests of brevity. We then have a series of pings from the server to the default router -- which go unanswered. The next HTTP connection attempt starting at frame 64 (in red) does not get a response. We then have a series of pings to from the server to the router at roughly 3 minute intervals followed by HTTP and FTP connection attempts - both of which fail.
The key is the unanswered pings to the default router at 3 minute intervals. HP-UX 11x detects a dead gateway by pinging it. If the ping fails it doesn't even try to send a packet. The default gateway was configured to ignore pings for security reasons.
Packet Source Destination Time Protocol Details
1 IP-172.16.32.5 IP-172.16.32.90 20:44:58.784351 HTTP Src=38073,Dst= 80,....S.,S=3188083764,L= 0,A= 0,W=65535
2 IP-172.16.32.90 IP-172.16.32.5 20:44:58.784807 HTTP Src= 80,Dst=38073,.A..S.,S=2034399939,L= 0,A=3188083765,W=32768
3 IP-172.16.32.5 IP-172.16.32.90 20:44:58.787039 HTTP Src=38073,Dst= 80,.A....,S=3188083765,L= 0,A=2034399940,W=65535
4 IP-172.16.32.5 IP-172.16.32.90 20:44:58.792324 HTTP C PORT=38073 GET /
. . .
51 IP-172.16.32.90 IP-172.16.32.5 20:44:59.151841 HTTP R PORT=38074 HTML Data
52 IP-172.16.32.5 IP-172.16.32.90 20:44:59.286310 HTTP Src=38073,Dst= 80,.A....,S=3188086738,L= 0,A=2034415905,W=64866
53 IP-172.16.32.5 IP-172.16.32.90 20:44:59.286560 HTTP Src=38074,Dst= 80,.A....,S=3188176851,L= 0,A=2034537018,W=65535
54 IP-172.16.32.90 IP-172.16.32.5 20:45:14.837015 HTTP Src= 80,Dst=38073,.A...F,S=2034415905,L= 0,A=3188086738,W=32768
55 IP-172.16.32.90 IP-172.16.32.5 20:45:14.837067 HTTP Src= 80,Dst=38074,.A...F,S=2034537018,L= 0,A=3188176851,W=32768
56 IP-172.16.32.5 IP-172.16.32.90 20:45:14.838025 HTTP Src=38073,Dst= 80,.A....,S=3188086738,L= 0,A=2034415906,W=64866
57 IP-172.16.32.5 IP-172.16.32.90 20:45:14.838374 HTTP Src=38074,Dst= 80,.A....,S=3188176851,L= 0,A=2034537019,W=65535
58 IP-172.16.32.5 IP-172.16.32.90 20:45:19.151762 HTTP Src=38073,Dst= 80,...R..,S=3188086738,L= 0,A=2686592550,W= 0
59 IP-172.16.32.5 IP-172.16.32.90 20:45:19.152092 HTTP Src=38074,Dst= 80,...R..,S=3188176851,L= 0,A=2686592550,W= 0
60 IP-172.16.32.90 IP-172.16.32.65 20:46:18.395616 PING Req Echo: 172.16.32.65
61 IP-172.16.32.90 IP-172.16.32.65 20:46:20.445531 PING Req Echo: 172.16.32.65
62 IP-172.16.32.90 IP-172.16.32.65 20:46:22.495485 PING Req Echo: 172.16.32.65
63 IP-172.16.32.90 IP-172.16.32.65 20:46:24.545452 PING Req Echo: 172.16.32.65
64 IP-172.16.32.5 IP-172.16.32.90 20:46:57.493632 HTTP Src=38081,Dst= 80,....S.,S=3218618761,L= 0,A= 0,W=65535
65 IP-172.16.32.5 IP-172.16.32.90 20:47:00.487466 HTTP Src=38081,Dst= 80,....S.,S=3218618761,L= 0,A= 0,W=65535
66 IP-172.16.32.5 IP-172.16.32.90 20:47:06.522312 HTTP Src=38081,Dst= 80,....S.,S=3218618761,L= 0,A= 0,W=65535
67 IP-172.16.32.90 IP-172.16.32.65 20:49:21.532282 PING Req Echo: 172.16.32.65
68 IP-172.16.32.90 IP-172.16.32.65 20:52:24.588644 PING Req Echo: 172.16.32.65
69 IP-172.16.32.90 IP-172.16.32.65 20:55:27.645180 PING Req Echo: 172.16.32.65
70 IP-172.16.32.90 IP-172.16.32.65 20:58:30.701697 PING Req Echo: 172.16.32.65
71 IP-172.16.32.90 IP-172.16.32.65 21:01:33.758253 PING Req Echo: 172.16.32.65
72 IP-172.16.32.90 IP-172.16.32.65 21:04:36.814916 PING Req Echo: 172.16.32.65
73 IP-172.16.32.90 IP-172.16.32.65 21:07:39.871301 PING Req Echo: 172.16.32.65
74 IP-172.16.32.90 IP-172.16.32.65 21:10:42.927851 PING Req Echo: 172.16.32.65
75 IP-172.16.32.90 IP-172.16.32.65 21:13:45.984367 PING Req Echo: 172.16.32.65
76 IP-172.16.32.90 IP-172.16.32.65 21:16:49.040923 PING Req Echo: 172.16.32.65
77 IP-172.16.32.90 IP-172.16.32.65 21:19:52.097455 PING Req Echo: 172.16.32.65
78 IP-172.16.32.5 IP-172.16.32.90 21:20:59.817574 HTTP Src=38107,Dst= 80,....S.,S=3727604722,L= 0,A= 0,W=65535
79 IP-172.16.32.5 IP-172.16.32.90 21:21:02.793794 HTTP Src=38107,Dst= 80,....S.,S=3727604722,L= 0,A= 0,W=65535
80 IP-172.16.32.5 IP-172.16.32.90 21:21:08.828631 HTTP Src=38107,Dst= 80,....S.,S=3727604722,L= 0,A= 0,W=65535
81 IP-172.16.32.5 IP-172.16.32.90 21:21:34.380122 FTP Ctl Src=38108,Dst= 21,....S.,S=3736405817,L= 0,A= 0,W=65535
82 IP-172.16.32.5 IP-172.16.32.90 21:21:37.393791 FTP Ctl Src=38108,Dst= 21,....S.,S=3736405817,L= 0,A= 0,W=65535
83 IP-172.16.32.5 IP-172.16.32.90 21:21:43.436505 FTP Ctl Src=38108,Dst= 21,....S.,S=3736405817,L= 0,A= 0,W=65535
84 IP-172.16.32.90 IP-172.16.32.65 21:22:55.154001 PING Req Echo: 172.16.32.65
85 IP-172.16.32.5 IP-172.16.32.90 21:22:55.636727 FTP Ctl Src=38109,Dst= 21,....S.,S=3756684707,L= 0,A= 0,W=65535
86 IP-172.16.32.5 IP-172.16.32.90 21:22:58.563610 FTP Ctl Src=38109,Dst= 21,....S.,S=3756684707,L= 0,A= 0,W=65535
87 IP-172.16.32.5 IP-172.16.32.90 21:23:04.603527 FTP Ctl Src=38109,Dst= 21,....S.,S=3756684707,L= 0,A= 0,W=65535
88 IP-172.16.32.5 IP-172.16.32.90 21:25:52.845861 HTTP Src=38111,Dst= 80,....S.,S=3800826573,L= 0,A= 0,W=65535
89 IP-172.16.32.5 IP-172.16.32.90 21:25:55.788522 HTTP Src=38111,Dst= 80,....S.,S=3800826573,L= 0,A= 0,W=65535
90 IP-172.16.32.90 IP-172.16.32.65 21:25:58.211234 PING Req Echo: 172.16.32.65
91 IP-172.16.32.5 IP-172.16.32.90 21:26:01.822399 HTTP Src=38111,Dst= 80,....S.,S=3800826573,L= 0,A= 0,W=65535
You can display the current setting for "dead gateway detection" in the HP-UX system by getting the
value of the ip_ire_gw_probe flag. A value of 1 indicates that the system is doing dead gateway detection,
a value of 0 indicates that it won't.
# ndd -get /dev/ip ip_ire_gw_probe 1To set the flag to zero do:
# ndd -set /dev/ip ip_ire_gw_probe 0There is also an ip_ire_gw_probe_interval variable which control the probe interval. To get more details on these values do a
# ndd -h dev/ip ip_ire_gw_probe or # ndd -h ip_ire_gw_probe_interval