Skip to content

Diagnostic Questions

Before revealing the investigation path:

  1. SSH hangs after "Authenticated" but before the shell prompt. UseDNS is no, /etc/profile is clean, and the server logs show the session opened successfully. What layer of the stack should you investigate next?

  2. Small HTTP requests (/ping) work instantly but SSH hangs and large HTTP requests hang. What does the payload-size dependency tell you about the nature of the problem?

  3. ping -M do -s 1472 (1500-byte packets with Don't Fragment) gets no response, but ping -M do -s 1372 works. What networking concept explains this behavior, and what ICMP message type is needed for it to work correctly?

  4. The new subnet's NACL allows ICMP echo (type 8) but not ICMP Destination Unreachable (type 3). Why is type 3 critical for PMTUD, and why did the Terraform module omit it?

  5. The immediate fix is an AWS CLI command, but the permanent fix is a Terraform module change. Why is IaC the correct place for this fix rather than a manual NACL update?