TCPDUMP to x.x.x.x results from server: need detail explanation...
Posted on 2001-06-15
My server AAAAA recently had a problem routing packets to x.x.x.x (a remote internet site) from AAAA through the local gateway. The problem lies in the local gateway because of some routing rules to this destination.
I used TCPDUMP to trace packets from server AAAAA to this destination and there were many packets (refer to PART A below) which does NOT appear if there are NO problems during normal operation... PART B comes from a traceroute to x.x.x.x.
what does the result mean below (PART A and PART B)...?
Is it trying to do a SYN but keeps on failing (PART A)?
Please explain in as much detail as possible. :)
Is there also any good online tutorial for "tcpdump" besides the "man".
AAAAA# tcpdump -n -i fxp0 host x.x.x.x (PROBLEM IP)
tcpdump: listening on fxp0
>>>>>>>>> PART A result >>>>>>>>
11:58:39.271607 172.17.7.x.25807 > x.x.x.x.80: S 4188981893:4188981893(0) win 16384 <mss 1460> (DF)
11:58:39.571609 172.17.7.x.25812 > x.x.x.x.80: S 4197969350:4197969350(0) win 16384 <mss 1460> (DF)
11:58:39.751609 172.17.7.x.25810 > x.x.x.x.80: S 4194147698:4194147698(0) win 16384 <mss 1460> (DF)
11:58:43.191664 172.17.7.x.25811 > x.x.x.x.80: S 4197359568:4197359568(0) win 16384 <mss 1460> (DF)
>>>>>> END OF PART A >>>>>>
>>>>>> RESULTS FROM TRACEROUTE (PART B)>>>>>>>>
11:58:43.505905 172.17.7.x.38038 > x.x.x.x.33435: udp 12 [ttl 1]
11:58:43.511176 172.17.7.x.38038 > x.x.x.x.33436: udp 12 [ttl 1]
11:58:43.518859 172.17.7.x.38038 > x.x.x.x.33437: udp 12 [ttl 1]
11:58:43.526274 172.17.7.x.38038 > x.x.x.x.33438: udp 12
11:58:43.530802 172.17.7.x.38038 > x.x.x.x.33439: udp 12
11:58:43.534002 172.17.7.x.38038 > x.x.x.x.33440: udp 12
11:58:43.538140 172.17.7.x.38038 > x.x.x.x.33441: udp 12
>>>>>>> END OF PART B
552 packets received by filter
0 packets dropped by kernel