Hello Grant Taylor,
thanks for your reply. As I told, my knowledge about networking is basic, not advanced. I had tcpdump used before so far but was always unable to interpret the output. So ... Good Luck (see above).
I could not find any special but I found a bug in Ubuntu that looks a bit like that behavior. As described there, the ip address of the hop is printed in reverse order. To explain, here is the route as printed from ping called on Host1:
ping -R 192.168.150.139
PING 192.168.150.139 (192.168.150.139) 56(124) Bytes Daten.
64 Bytes von
192.168.150.139: icmp_seq=1 ttl=63 Zeit=1.37 ms
RR: 192.168.1.20 (Host 1)
192.168.1.1 (router and dhcp server)
192.168.150.1 ?? guess a virtual router on host2 that hosts the vm
192.168.150.139 (vm)
192.168.150.139
192.168.1.18 (host2)
192.168.1.20 (host1)
So the route backwards from ..139 to ..1.20 takes another route. The nexthop printed out by ping ist 18.1.168.192 (so in reverse order). Magic.
See the bug described here:
https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1892108
And here are tcpdumps:
TCP Dump on the vm while ssh from Zuse2016
-------------------------------------------------------------------
franz@TrainUB20:~$ sudo tcpdump host 192.168.1.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp1s0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:41:57.359875 IP Zuse2016.localdomain.43514 > TrainUB20.network.ssh: Flags [S], seq 2909393996, win 64240, options [mss 1460,sackOK,TS val 3232087362 ecr 0,nop,wscale 7], length 0
13:41:57.359974 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq
2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859469818 ecr 3232087362,nop,wscale 7], length 0
13:41:58.383658 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq
2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859470842 ecr 3232087362,nop,wscale 7], length 0
13:42:00.399674 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq
2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859472858 ecr 3232087362,nop,wscale 7], length 0
13:42:04.431668 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq
2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859476890 ecr 3232087362,nop,wscale 7], length 0
13:42:12.623670 IP TrainUB20.network.ssh > Zuse2016.localdomain.43514: Flags [S.], seq
2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859485082 ecr 3232087362,nop,wscale 7], length 0
TCP Dump from Zuse2016
------------------------------------------------------------------
@Zuse2016:~$ sudo tcpdump host 192.168.150.139 -i enp0s31f6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes
13:41:57.358577 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [S], seq 2909393996, win 64240, options [mss 1460,sackOK,TS val 3232087362 ecr 0,nop,wscale 7], length 0
13:41:57.359719 IP 192.168.150.139.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859469818 ecr 3232087362,nop,wscale 7], length 0
13:41:57.359736 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [.], ack 1, win 502, options [nop,nop,TS val 3232087363 ecr 2859469818], length 0
13:41:57.359954 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232087363 ecr 2859469818], length 41
13:41:57.564064 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232087567 ecr 2859469818], length 41
13:41:57.772060 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232087775 ecr 2859469818], length 41
13:41:58.184075 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232088187 ecr 2859469818], length 41
13:41:58.383423 IP 192.168.150.139.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859470842 ecr 3232087362,nop,wscale 7], length 0
13:41:58.383451 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [.], ack 1, win 502, options [nop,nop,TS val 3232088387 ecr 2859469818], length 0
13:41:59.016148 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232089019 ecr 2859469818], length 41
13:42:00.399470 IP 192.168.150.139.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859472858 ecr 3232087362,nop,wscale 7], length 0
13:42:00.399509 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [.], ack 1, win 502, options [nop,nop,TS val 3232090403 ecr 2859469818], length 0
13:42:00.680063 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232090683 ecr 2859469818], length 41
13:42:04.200110 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232094203 ecr 2859469818], length 41
13:42:04.431533 IP 192.168.150.139.ssh > Zuse2016.localdomain.43514: Flags [S.], seq 2705827111, ack 2909393997, win 65160, options [mss 1460,sackOK,TS val 2859476890 ecr 3232087362,nop,wscale 7], length 0
13:42:04.431566 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [.], ack 1, win 502, options [nop,nop,TS val 3232094435 ecr 2859469818], length 0
13:42:10.856057 IP Zuse2016.localdomain.43514 > 192.168.150.139.ssh: Flags [P.], seq 1:42, ack 1, win 502, options [nop,nop,TS val 3232100859 ecr 2859469818], length 41
So, any idea?
And: How to change the MTU for the communication?