[lug] can ping the host, but can't ssh for a few seconds

Michael Hirsch mdhirsch at gmail.com
Tue Jul 10 09:25:16 MDT 2012

On Mon, Jul 9, 2012 at 6:18 PM, David L. Anselmi <anselmi at anselmi.us> wrote:

> I agree with Steve.
> Information from traceroute may be helpful, and descriptions about the
> devices along the way.

There's no interesting network that I can see.  They are on the same subnet:

[software at saratoga build-jaws-svn]$ traceroute warsaw
traceroute to warsaw.stirlingsystems.net (, 30 hops max, 38
byte packets
 1  warsaw (  0.205 ms !<10>  0.181 ms !<10>  0.138 ms !<10>

Everything is Linux.  Warsaw is a rather old Fedora Core 4 (!) system.  I
don't believe either is running a firewall.


> Michael Hirsch wrote:
> > ssh: connect to host warsaw port 22: No route to host
> The message means you got an ICMP host unreachable message.  So you got to
> the router for the host's
> network but then the host didn't answer when ARPed for its MAC.  (If you
> hadn't gotten to the end of
> the trail you'd have gotten a network unreachable message.)
> So, is there a reason the host is slow to answer ARP?  Or
> misses/mis-answers the first ARP?
> Of course in this day and age there are lots of other possibilities.
>  Perhaps SSH says host
> unreachable for more than one kind of ICMP.
> Sometimes firewalls will send an ICMP rather than dropping packets (REJECT
> vs DROP in iptables).  So
> it could be any device along the way interfering.  It's weird to get
> intermittent behavior but who
> knows--all kinds of state can be kept in iptables, and it can behave
> differently for ping and TCP.
> What does wireshark show on both ends?
> Here's a mean trick: you could probably set up iptables to send echo
> replies to any echo request
> that comes in, and drop all TCP traffic.  "I can ping everyone on the
> Internet but can't connect to
> anyone."
> Dave
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20120710/53d6ef72/attachment.html>

More information about the LUG mailing list