Re: How to find a sick router with 2.6.17+ and tcp_window_scalingenabled

From: Mark Reidenbach
Date: Tue Aug 15 2006 - 13:45:08 EST

Phil Oester wrote:
On Tue, Aug 15, 2006 at 06:01:47PM +0100, Alan Cox wrote:
Ar Maw, 2006-08-15 am 11:05 -0500, ysgrifennodd Mark Reidenbach:
Does anyone have a way to find the broken router if you are not running the networks involved?
You are almost certainly looking for a broken/crap NAT box, firewall or
similar product. Routers that are just being routers don't touch the TCP
layer so even if they are broken/crap/ancient they won't do any harm to

The usual offenders are cheap NAT boxes and badly designed load
balancers. They may not even show up in a trace but you should expect
them to be at one end or the other, unless your ISP is providing you
with NATted addresses or some kind of managed security service.

Certain versions of BSD ipfilter are also broken. Try some of Apple's
websites for examples.

Is the destination box BSD or behind a BSD firewall?

I'm not sure what OS the T1 provider's box is running. I experience the same problems trying to access or one of my servers hosted at Verio in Sterling, VA.

Alan Cox says it's most likely a broken NAT box or firewall. I'm not aware of any firewalls in between my office and my servers in Sterling other than the Cisco 1811 here in the office, and it is performing NAT and firewall services for our office. I'm going to try a few cheapo home routers and see if the problem remains. I would think the Cisco router would be better off than a home Linksys or Xincom one, but I figure it's at least worth a try.

Thanks for your help.

Mark Reidenbach
Phone: (205)722-9112
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at