Return to Question

Recently I've found on my firewall logs growing count of dropped packets going from and to the same lan network...

I've checked everything twice, netmask is ok, no additional routes...

If I ping host 10.0.0.1/24 from host 10.0.0.2/24 and this hosts exists in network everything is working fine, and the router doesn't know about it (packets are going straight from host A to B), but if host B disappear from network packets are going to default gateway...

I've observed this only for Windows machines - all linuxes are ok...

Anyone knows why windows is doing such thing and since when?

EDIT

Here is some log of fireHOL

Feb 5 20:36:26 black PASS-unknown: IN=lan0.20 OUT=lan0.20 MAC=(..) SRC=10.0.0.2 DST=10.0.0.3 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=14503 DF PROTO =TCP SPT=62931 DPT=3050 SEQ=3210101748 ACK=0 WINDOW=8192 SYN URGP=0 MARK=0

Dropped packet is not ICMP - it's TCP SYN packet - one of our applications it trying to connect to firebird database

Recently I've found on my firewall logs growing count of dropped packets going from and to the same lan network...

I've checked everything twice, netmask is ok, no additional routes...

If I ping host 10.0.0.3/24 from host 10.0.0.2/24 and this hosts exists in network everything is working fine, and the router doesn't know about it (packets are going straight from host A to B), but if host B disappear from network packets are going to default gateway...

I've observed this only for Windows machines - all linuxes are ok...

Anyone knows why windows is doing such thing and since when?

EDIT

Here is some log of fireHOL

Feb 5 20:36:26 black PASS-unknown: IN=lan0.20 OUT=lan0.20 MAC=(..) SRC=10.0.0.2 DST=10.0.0.3 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=14503 DF PROTO =TCP SPT=62931 DPT=3050 SEQ=3210101748 ACK=0 WINDOW=8192 SYN URGP=0 MARK=0

Dropped packet is not ICMP - it's TCP SYN packet - one of our applications it trying to connect to firebird database

Rescently I've found on my firewall logs growing count of droped packets going from and to the same lan network...

I've checked everything twice, net mask is ok, no additional routes... If I ping host 10.0.0.1/24 from host 10.0.0.2/24 and this hosts exists in network everything is OK and router doesn't know about it (packets are going straight from host A to B), but if host B disappear from network packets are going to default gateway...

I've observed this only for Windows machines - all linuxes are ok...

Anyone knows why windows is doing such thing and since when?

EDIT Here is some log of fireHOL

Feb 5 20:36:26 black PASS-unknown: IN=lan0.20 OUT=lan0.20 MAC=(..) SRC=10.0.0.2 DST=10.0.0.3 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=14503 DF PROTO =TCP SPT=62931 DPT=3050 SEQ=3210101748 ACK=0 WINDOW=8192 SYN URGP=0 MARK=0

Droped packet is not ICMP - it's TCP SYN packet - one of our applications it trying to connect to firebird database

Recently I've found on my firewall logs growing count of dropped packets going from and to the same lan network...

I've checked everything twice, netmask is ok, no additional routes... 

If I ping host 10.0.0.1/24 from host 10.0.0.2/24 and this hosts exists in network everything is working fine, and the router doesn't know about it (packets are going straight from host A to B), but if host B disappear from network packets are going to default gateway...

I've observed this only for Windows machines - all linuxes are ok...

Anyone knows why windows is doing such thing and since when?

EDIT

Here is some log of fireHOL

Feb 5 20:36:26 black PASS-unknown: IN=lan0.20 OUT=lan0.20 MAC=(..) SRC=10.0.0.2 DST=10.0.0.3 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=14503 DF PROTO =TCP SPT=62931 DPT=3050 SEQ=3210101748 ACK=0 WINDOW=8192 SYN URGP=0 MARK=0

Dropped packet is not ICMP - it's TCP SYN packet - one of our applications it trying to connect to firebird database

Rescently I've found on my firewall logs growing count of droped packets going from and to the same lan network...

I've checked everything twice, net mask is ok, no additional routes... If I ping host 10.0.0.1/24 from host 10.0.0.2/24 and this hosts exists in network everything is OK and router doesn't know about it (packets are going straight from host A to B), but if host B disappear from network packets are going to default gateway...

I've observed this only for Windows machines - all linuxes are ok...

Anyone knows why windows is doing such thing and since when?

Rescently I've found on my firewall logs growing count of droped packets going from and to the same lan network...

I've checked everything twice, net mask is ok, no additional routes... If I ping host 10.0.0.1/24 from host 10.0.0.2/24 and this hosts exists in network everything is OK and router doesn't know about it (packets are going straight from host A to B), but if host B disappear from network packets are going to default gateway...

I've observed this only for Windows machines - all linuxes are ok...

Anyone knows why windows is doing such thing and since when?

EDIT Here is some log of fireHOL

Feb 5 20:36:26 black PASS-unknown: IN=lan0.20 OUT=lan0.20 MAC=(..) SRC=10.0.0.2 DST=10.0.0.3 LEN=48 TOS=00 PREC=0x00 TTL=127 ID=14503 DF PROTO =TCP SPT=62931 DPT=3050 SEQ=3210101748 ACK=0 WINDOW=8192 SYN URGP=0 MARK=0

Droped packet is not ICMP - it's TCP SYN packet - one of our applications it trying to connect to firebird database