Wireshark mailing list archives
Re: tcpdump
From: Andrew Hood <ajhood () fl net au>
Date: Sun, 20 Jun 2010 11:51:12 +1000
Guy Harris wrote:
On Jun 18, 2010, at 5:53 PM, Kaushal Shriyan wrote:root@host0130:~# tcpdump -r tcpdump reading from file tcpdump, link-type EN10MB (Ethernet) 13:51:20.256698 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052530663 0,nop,wscale 7> 13:51:23.254569 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052530963 0,nop,wscale 7> 13:51:29.254568 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052531563 0,nop,wscale 7> 13:51:41.254565 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052532763 0,nop,wscale 7> 13:52:05.254567 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052535163 0,nop,wscale 7>Those appear to be repeated retransmissions of the same TCP segment.13:52:35.633372 IP AES-Static-IP.airtel.in.www > host0130.example.com.36825: R 933727155:933727155(0) win 0
This is pretty much the behaviour we see when ICMP Frag Required packets are being blocked. Multiple retransmits of packets followed by an RST. I've given up trying to get the ICMP packets permitted through our firewalls - paranoia rules. I slowly reduce the MTU at the server until the traffic gets delivered. The first MTU to try below 1500 is 1492 - allowing for a SNAP/LLC header to be added at an ADSL router. -- There's no point in being grown up if you can't be childish sometimes. -- Dr. Who ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tcpdump Kaushal Shriyan (Jun 17)
- Re: tcpdump Jaap Keuter (Jun 17)
- Re: tcpdump Kaushal Shriyan (Jun 17)
- Re: tcpdump Jaap Keuter (Jun 18)
- Re: tcpdump Guy Harris (Jun 18)
- Re: tcpdump Kaushal Shriyan (Jun 18)
- Re: tcpdump Guy Harris (Jun 19)
- Re: tcpdump Andrew Hood (Jun 19)
- Re: tcpdump Guy Harris (Jun 19)
- Re: tcpdump Guy Harris (Jun 19)
- Re: tcpdump Andrew Hood (Jun 21)
- Re: tcpdump Guy Harris (Jun 21)
- Re: tcpdump Kaushal Shriyan (Jun 17)
- Re: tcpdump Jaap Keuter (Jun 17)