Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captura de pacotes dúvida

    Scheduled Pinned Locked Moved Portuguese
    6 Posts 2 Posters 692 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dreivi
      last edited by

      Pessoal, estou com problemas em um site onde a conexão as vezes cai, usei a ferramenta de captura de pacotes do pfsense e retornou os dados abaixo não entendi o que significa tcp:0 quer dizer que houve problemas?
      Obs: fiz a captura com modo promiscuo habilitado:

      15:37:56.383699 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
      15:37:56.383717 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
      15:37:56.383831 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
      15:37:56.383840 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 77
      15:37:56.384130 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 459
      15:37:56.384485 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0
      15:37:56.384731 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0
      15:37:56.388417 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
      15:37:56.388427 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
      15:37:56.388437 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
      15:37:56.388556 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
      15:37:56.388565 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 77
      15:37:56.388574 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
      15:37:56.388662 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
      15:37:56.388672 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 382
      15:37:56.389356 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0
      15:37:56.389371 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0
      15:37:56.389603 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by marcelloc

        Faz na console. tcpdump -ni interface host ip_do_host

        Tá faltando aparecer a fase da conexão ( S -> win, S-> ack, etc..)

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • D
          dreivi
          last edited by

          Rodei o comando a mais de meia hora não para nem exibe nada na tela, existe alguma opção para parar e exibir os dados?

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Substituiu a palavra interface pela interface de rede correspondente e a palavra ip_do_host pelo ip que quer monitorar?

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • D
              dreivi
              last edited by

              Sim eu tinha usado mas esqueci que a interface era uma vlan corrigi e apareceu obrigado agora o resultado abaixo length 0 é erro ou sem dados?

              17:12:46.759825 IP 192.168.200.137.54818 > 200.196.153.118.443: Flags [.], seq 1674:3054, ack 182, win 64679, length 1380
              17:12:46.760020 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 374279:374815, ack 46471, win 48078, length 536
              17:12:46.760065 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 374815:375351, ack 46471, win 48078, length 536
              17:12:46.760117 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 375351:375887, ack 46471, win 48078, length 536
              17:12:46.760164 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [P.], seq 375887:376423, ack 46471, win 48078, length 536
              17:12:46.760200 IP 192.168.206.158.55206 > 200.196.153.118.443: Flags [.], ack 374815, win 65392, length 0
              17:12:46.760237 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 376423:376959, ack 46471, win 48078, length 536
              17:12:46.760285 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [P.], seq 376959:377495, ack 46471, win 48078, length 536
              17:12:46.760324 IP 192.168.206.158.55206 > 200.196.153.118.443: Flags [.], ack 375887, win 65392, length 0
              17:12:46.760335 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 377495:378031, ack 46471, win 48078, length 536
              17:12:46.760383 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [P.], seq 378031:378567, ack 46471, win 48078, length 536
              17:12:46.760408 IP 192.168.206.158.55206 > 200.196.153.118.443: Flags [.], ack 376423, win 65392, length 0
              17:12:46.760419 IP 192.168.206.158.55206 > 200.196.153.118.443: Flags [.], ack 376959, win 65392, length 0

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                https://stackoverflow.com/questions/33626531/is-tcpdump-reliable-why-there-are-so-many-packets-with-length-0

                https://osqa-ask.wireshark.org/questions/52702/why-are-0-length-tcp-packets-returned-on-some-http-tcp-sessions

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.