Wireshark · Wireshark-users: Re: [Wireshark-users] tcpdump

Wireshark-users: Re: [Wireshark-users] tcpdump

From: Kaushal Shriyan <kaushalshriyan@xxxxxxxxx>

Date: Sat, 19 Jun 2010 06:23:06 +0530

On Sat, Jun 19, 2010 at 2:07 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Jun 17, 2010, at 11:14 PM, Kaushal Shriyan wrote:
>
>> http://www.tcpdump.org/#lists. It does not mention about end user mailing list.
>
> It's inaccurate - at least now, tcpdump-workers *is* the end-user mailing list, as well as the tcpdump developers' mailing list, *and* the libpcap users' mailing list (for people writing applications using libpcap), and the libpcap developers' mailing list (for people making changes to libpcap).
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>

Hi,

I have the following tcpdump details, the issue is that when i telnet IP 80 , I dont see any response from a particular host (host0130 in question) but for host0131 it works perfectly fine Please suggest.

root@host0131:~# tcpdump -i eth0 -s0 host 10.30.0.11 and host 125.22.61.162
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:19:28.153231 IP host0131.example.com.46377 > AES-Static-IP.airtel.in.www: S 4074084076:4074084076(0) win 5840 <mss 1460,sackOK,timestamp 584562238 0,nop,wscale 6>
18:19:28.287531 IP AES-Static-IP.airtel.in.www > host0131.example.com.46377: S 623762387:623762387(0) ack 4074084077 win 5792 <mss 1460,sackOK,timestamp 18424707 584562238,nop,wscale 7>
18:19:28.287548 IP host0131.example.com.46377 > AES-Static-IP.airtel.in.www: . ack 1 win 92 <nop,nop,timestamp 584562251 18424707>
18:19:31.673431 IP AES-Static-IP.airtel.in.www > host0131.example.com.46377: S 623762387:623762387(0) ack 4074084077 win 5792 <mss 1460,sackOK,timestamp 18425047 584562251,nop,wscale 7>
18:19:31.673441 IP host0131.example.com.46377 > AES-Static-IP.airtel.in.www: . ack 1 win 92 <nop,nop,timestamp 584562590 18425047,nop,nop,sack 1 {0:1}>
18:19:37.673197 IP AES-Static-IP.airtel.in.www > host0131.example.com.46377: S 623762387:623762387(0) ack 4074084077 win 5792 <mss 1460,sackOK,timestamp 18425647 584562590,nop,wscale 7>
18:19:37.673215 IP host0131.example.com.46377 > AES-Static-IP.airtel.in.www: . ack 1 win 92 <nop,nop,timestamp 584563190 18425647,nop,nop,sack 1 {0:1}>
18:19:49.872293 IP AES-Static-IP.airtel.in.www > host0131.example.com.46377: S 623762387:623762387(0) ack 4074084077 win 5792 <mss 1460,sackOK,timestamp 18426867 584563190,nop,wscale 7>
18:19:49.872311 IP host0131.example.com.46377 > AES-Static-IP.airtel.in.www: . ack 1 win 92 <nop,nop,timestamp 584564410 18426867,nop,nop,sack 1 {0:1}>

root@host0130:~# tcpdump -r tcpdump
reading from file tcpdump, link-type EN10MB (Ethernet)
13:51:20.256698 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052530663 0,nop,wscale 7>
13:51:23.254569 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052530963 0,nop,wscale 7>
13:51:29.254568 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052531563 0,nop,wscale 7>
13:51:41.254565 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052532763 0,nop,wscale 7>
13:52:05.254567 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052535163 0,nop,wscale 7>
13:52:35.633372 IP AES-Static-IP.airtel.in.www > host0130.example.com.36825: R 933727155:933727155(0) win 0
13:52:53.254571 IP host0130.example.com.36825 > AES-Static-IP.airtel.in.www: S 2400127911:2400127911(0) win 5840 <mss 1460,sackOK,timestamp 2052539963 0,nop,wscale 7>
13:53:23.464374 IP AES-Static-IP.airtel.in.www > host0130.example.com.36825: R 458396600:458396600(0) win 0
13:54:05.420054 IP host0130.example.com.35821 > AES-Static-IP.airtel.in.www: S 714058707:714058707(0) win 5840 <mss 1460,sackOK,timestamp 2052547179 0,nop,wscale 7>
root@host0130:~#

Thanks,

Kaushal

Follow-Ups:
- Re: [Wireshark-users] tcpdump
  - From: Guy Harris

References:
- [Wireshark-users] tcpdump
  - From: Kaushal Shriyan
- Re: [Wireshark-users] tcpdump
  - From: Jaap Keuter
- Re: [Wireshark-users] tcpdump
  - From: Kaushal Shriyan
- Re: [Wireshark-users] tcpdump
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] tcpdump
Next by Date: Re: [Wireshark-users] Need to be able to scrub sensitive data out of trace files
Previous by thread: Re: [Wireshark-users] tcpdump
Next by thread: Re: [Wireshark-users] tcpdump
Index(es):
- Date
- Thread