Diagnosing Bonjour problems
in [UK Mac]
|
From: Chris Ridd on 5 Sep 2009 12:29 On 2009-08-30 18:25:30 +0100, Martin S Taylor <mst(a)hRyEpMnOoVtEiTsHm.cIo.uSk> said: >> This is getting into the realm where I would use a tool like Wireshark >> or tcpdump to monitor the network traffic seen by each computer, looking >> for differences in mDNS behaviour. > > OK, I'm running tcpdump as Bonjour is playing up. Should the output be the > same on both computers? Because it's not. The packets being sent from one machine should be visible on the other. So what's interesting about the packets that are getting lost? Start with the IP addresses... -- Chris
From: Martin S Taylor on 7 Sep 2009 05:11 Chris Ridd wrote >> OK, I'm running tcpdump as Bonjour is playing up. Should the output be the >> same on both computers? Because it's not. > > The packets being sent from one machine should be visible on the other. > So what's interesting about the packets that are getting lost? Start > with the IP addresses... So I need to know how to read this output from tcpdump. Sample lines: 08:41:35.456992 IP 192.168.0.102.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/6 PTR[|domain] 08:41:35.457373 IP6 fe80::20d:93ff:feb6:b04a.5353 > ff02::fb.5353: 0*- [0q] 2/0/6[|domain] 08:54:49.598688 IP 192.168.0.101.5353 > 224.0.0.251.5353: 0 [1a] [7q] PTR (QM)? _ptp._tcp.local. PTR (QM)? _afpovertcp._tcp.local.[|domain] Obviously it starts with the time. The IP address before the > is presumably the IP address the packet is sent from, followed by the port. So what's the IP6 fe80::20d:93ff:feb6:b04a.5353 ? I'm puzzled in that the MAC address of Vt's iMac is 00-0d-93-b6-b0-4a, and the second half of this address is part of the string. MST
From: Chris Ridd on 7 Sep 2009 05:25 On 2009-09-07 10:11:19 +0100, Martin S Taylor <mst(a)hRyEpMnOoVtEiTsHm.cIo.uSk> said: > Chris Ridd wrote >>> OK, I'm running tcpdump as Bonjour is playing up. Should the output be the >>> same on both computers? Because it's not. >> >> The packets being sent from one machine should be visible on the other. >> So what's interesting about the packets that are getting lost? Start >> with the IP addresses... > > So I need to know how to read this output from tcpdump. Sample lines: > > 08:41:35.456992 IP 192.168.0.102.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/6 > PTR[|domain] > 08:41:35.457373 IP6 fe80::20d:93ff:feb6:b04a.5353 > ff02::fb.5353: 0*- [0q] > 2/0/6[|domain] > 08:54:49.598688 IP 192.168.0.101.5353 > 224.0.0.251.5353: 0 [1a] [7q] PTR > (QM)? _ptp._tcp.local. PTR (QM)? _afpovertcp._tcp.local.[|domain] > > Obviously it starts with the time. The IP address before the > is presumably > the IP address the packet is sent from, followed by the port. So what's the Right, and > is followed by the destination. Everything after these will depend on the protocol being used - it looks quite like DNS queries, which would make sense because MDNS is multicast DNS. > > IP6 fe80::20d:93ff:feb6:b04a.5353 > > ? > > I'm puzzled in that the MAC address of Vt's iMac is 00-0d-93-b6-b0-4a, and > the second half of this address is part of the string. It is an IPv6 address. Is it worth disabling IPv6 on both machines? (Network > Ethernet > Advanced > TCP/IP tab > Configure IPv6: off) It would at least reduce the packet logging "noise", and it *may* possibly be the problem anyway. -- Chris
From: Sak Wathanasin on 7 Sep 2009 05:29 On 7 Sep, 10:11, Martin S Taylor <m...(a)hRyEpMnOoVtEiTsHm.cIo.uSk> wrote: > Obviously it starts with the time. The IP address before the > is presumably > the IP address the packet is sent from, followed by the port. Yup; 224.0.0.251 is a multicast addr, so it looks as if both .102 and . 101 are sending out Bonjour m-cast announcements., and what's more they are both sending to the same m-cast group. > So what's the > > IP6 fe80::20d:93ff:feb6:b04a.5353 That's an IPv6 addr and as you probably gathered, the MAC addr is incorporated to ensure that it's unique. An IPv6 guru will be along in a minute, but it looks as if IPv6 m-cast is working too. What I can glean from the above that is that the networking side is fine: pkts are getting through OK. But something is stopping the application (iTunes, whatever) from seeing them, which points the finger at the firewall. Which you've disabled, so I'm even more puzzled than before.
|
Pages: 1 Prev: Download helper for Safari? Next: iCal repeated events on leap years |