Link to home
Create AccountLog in
Avatar of lolaferrari
lolaferrariFlag for United Kingdom of Great Britain and Northern Ireland

asked on

tshark

I recevie tcp/ip timeouts on one interface for a certain tcp port between two ip addresses using tcp/ip. the tcp/ip connection is being dropped intermittently. does anyone know how best to monitor for this with tshark. what would be the best capture to monitor for a connection that has died or timed out?
Avatar of noci
noci

You need to capture on BOTH sides, and besides the traffic at hand you need to look for TCP Resets or ICMP packets that indicate various invalid host, no route to host or such.
If it isn't too much capture everything..., otherwise at least the TCP session identified with ports host and ALL ICMP traffic.  (You may miss the ICMP is the come from something a little more near to your system otherwise).

I did have trouble in the past where a DSL line would drop the connection when it got loaded and cause to many ATM-layer fault, all connection (externaly) were actively removed because the DSLAM of the ISP would send a "No Route available" to all my connected site, causing a total breakdown in communication ins tead of only anoying pauses.
Personally I would still use tcpdump. To make sense of the traces from both systems, it's essential that their clocks are synchronised - I use netdate (if it's not in your distribution, connect to http://www.rpmfind.net and look for netdate).
ASKER CERTIFIED SOLUTION
Avatar of noci
noci

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer