Captura de pacotes dúvida



  • Pessoal, estou com problemas em um site onde a conexão as vezes cai, usei a ferramenta de captura de pacotes do pfsense e retornou os dados abaixo não entendi o que significa tcp:0 quer dizer que houve problemas?
    Obs: fiz a captura com modo promiscuo habilitado:

    15:37:56.383699 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
    15:37:56.383717 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
    15:37:56.383831 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
    15:37:56.383840 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 77
    15:37:56.384130 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 459
    15:37:56.384485 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0
    15:37:56.384731 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0
    15:37:56.388417 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
    15:37:56.388427 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
    15:37:56.388437 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
    15:37:56.388556 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
    15:37:56.388565 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 77
    15:37:56.388574 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
    15:37:56.388662 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 536
    15:37:56.388672 IP 200.196.153.118.443 > 192.168.206.133.63672: tcp 382
    15:37:56.389356 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0
    15:37:56.389371 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0
    15:37:56.389603 IP 192.168.206.133.63672 > 200.196.153.118.443: tcp 0



  • Faz na console. tcpdump -ni interface host ip_do_host

    Tá faltando aparecer a fase da conexão ( S -> win, S-> ack, etc..)



  • Rodei o comando a mais de meia hora não para nem exibe nada na tela, existe alguma opção para parar e exibir os dados?



  • Substituiu a palavra interface pela interface de rede correspondente e a palavra ip_do_host pelo ip que quer monitorar?



  • Sim eu tinha usado mas esqueci que a interface era uma vlan corrigi e apareceu obrigado agora o resultado abaixo length 0 é erro ou sem dados?

    17:12:46.759825 IP 192.168.200.137.54818 > 200.196.153.118.443: Flags [.], seq 1674:3054, ack 182, win 64679, length 1380
    17:12:46.760020 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 374279:374815, ack 46471, win 48078, length 536
    17:12:46.760065 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 374815:375351, ack 46471, win 48078, length 536
    17:12:46.760117 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 375351:375887, ack 46471, win 48078, length 536
    17:12:46.760164 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [P.], seq 375887:376423, ack 46471, win 48078, length 536
    17:12:46.760200 IP 192.168.206.158.55206 > 200.196.153.118.443: Flags [.], ack 374815, win 65392, length 0
    17:12:46.760237 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 376423:376959, ack 46471, win 48078, length 536
    17:12:46.760285 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [P.], seq 376959:377495, ack 46471, win 48078, length 536
    17:12:46.760324 IP 192.168.206.158.55206 > 200.196.153.118.443: Flags [.], ack 375887, win 65392, length 0
    17:12:46.760335 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [.], seq 377495:378031, ack 46471, win 48078, length 536
    17:12:46.760383 IP 200.196.153.118.443 > 192.168.206.158.55206: Flags [P.], seq 378031:378567, ack 46471, win 48078, length 536
    17:12:46.760408 IP 192.168.206.158.55206 > 200.196.153.118.443: Flags [.], ack 376423, win 65392, length 0
    17:12:46.760419 IP 192.168.206.158.55206 > 200.196.153.118.443: Flags [.], ack 376959, win 65392, length 0




 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy