[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2799
  • Last Modified:

How to detect dropped UDP packets?

So far the Cisco forum could not tell me or find interest in how to detect dropped UDP packets specifically routing between two Domain Controllers DNS over a VPN Tunnel.

Supposedly some CISCO devices will drop UDP packets if they are too large.

If anybody knows please spill the beans.

Thanks
0
snyderkv
Asked:
snyderkv
  • 3
  • 3
  • 2
  • +1
3 Solutions
 
Dusan_BajicCommented:
Do you want to know if they are sometimes being dropped or you need exactly to detect it in real time?
0
 
moorhouselondonCommented:
I thought that UDP was designed to be a lossy method of sending packets.  See for example this link:-

http://www.devhood.com/messages/message_view-2.aspx?thread_id=94790

With UDP there is no sequence number associated with each packet, as there is with TCP, so the only way to get close to lossless transmission is to make sure the rate of transmission is pegged to the capacity of the transmission "pipe"

http://www.javvin.com/protocol/rfc768.pdf
0
 
snyderkvAuthor Commented:
I will read Moorhouse link but to answer the first posters question, our issue is with UDP packets over a VPN. Some folks think enough UDP packets are being dropped to cause DNS/* replication issues by some of the CISCO devices through the VPN Tunnel howevr, I have my doubts.. I need to know how to test it out before saying no to the UDP to TCP change over.

Any thoughts?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
moorhouselondonCommented:
Using Wireshark at both ends will tell you the quantity of packets at both ends - configure Wireshark to count only the packets you are interested in - you however need to have a "marker" to indicate the start and stop points for measuring purposes - you could use a ping to start and stop the test, everyting in between is to be counted.

www.wireshark.org
0
 
Dusan_BajicCommented:
I believe that only DNS client queries are UDP traffic; DNS zone transfers and AD replication are over TCP.
0
 
snyderkvAuthor Commented:
Moorhouse, thanks

Dusan, do you have a link to prove this? I'm going to search tonight when I have free time. That would be good for me to know :)
0
 
larsgaCommented:
I would agree with Moorehouse, do a network traffic sniff on both ends of the connection and compare would be the best way to determine whether packets (and which packets) are being dropped.

You could also look at the interface statistics on the Ciscos and see if they show dropped packets on the vpn interface.

Still, UDP packets shouldn't be dropped unless path mtu discovery is broken for some reason. That is, the end-stations should automatically detect the maximum packet size and not send packets that are too large. If the network sniff shows that UDP packets above a certain size is dropped, you either need to manually lower the mtu on the domain controllers or fix whatever is breaking pmtu discovery (probably on the Cisco VPNs).
0
 
Dusan_BajicCommented:
snyderk,

1.
"Zone transfer operates on top of the Transmission Control Protocol (TCP), and takes the form of a client-server transaction" from http://en.wikipedia.org/wiki/DNS_zone_transfer , but I am sure you can find five million links supporting this in less then five minutes of googling...

2.
"Network Ports Used by Active Directory Replication:
RPC replication uses dynamic port mapping as per the default setting. When you need to connect to an RPC endpoint during Active Directory replication, RPC uses TCP port 135"
http://www.windowsnetworking.com/articles_tutorials/Active-Directory-Troubleshooting-Part1.html
http://technet.microsoft.com/en-us/library/bb727063.aspx

Unless you have connectivity problems, there is no reason to suspect that (only) UDP packets are being dropped. You can run simple ping test (with -t option) and even that will give you pretty good picture about network reliability.
I think your problem lies somewhere else....


0
 
snyderkvAuthor Commented:
Lars, Dusan, Moor

Thanks you guys thats all good info. Now I have enough info for my report back to the folks telling me that UDP packets are being dropped causing DNS replication issues and that Cisco devices are dropping large UDP packets without proof.

Thanks again
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now