lolaferrari
asked on
tshark
I recevie tcp/ip timeouts on one interface for a certain tcp port between two ip addresses using tcp/ip. the tcp/ip connection is being dropped intermittently. does anyone know how best to monitor for this with tshark. what would be the best capture to monitor for a connection that has died or timed out?
Personally I would still use tcpdump. To make sense of the traces from both systems, it's essential that their clocks are synchronised - I use netdate (if it's not in your distribution, connect to http://www.rpmfind.net and look for netdate).
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
If it isn't too much capture everything..., otherwise at least the TCP session identified with ports host and ALL ICMP traffic. (You may miss the ICMP is the come from something a little more near to your system otherwise).
I did have trouble in the past where a DSL line would drop the connection when it got loaded and cause to many ATM-layer fault, all connection (externaly) were actively removed because the DSLAM of the ISP would send a "No Route available" to all my connected site, causing a total breakdown in communication ins tead of only anoying pauses.