bakdong@hotmail.com
Guest
|
 Posted:
Mon Jan 10, 2005 10:36 pm Post subject:
Help with tcpdump output |
|
|
I've got a problem with an internet connection that is causing corrupt
downloads from selected locations notably the Norton antivirus update
site.
I'm getting the following output from tcpdump when downloading:
eg. wget http://definitions.symantec.com/defs/20050109-003-i32-1.exe
]# tcpdump port 80
tcpdump: listening on eth0
00:15:02.467793 srv-001.34278 > 203.147.56.230.http: S
893928169:893928169(0) win 5840 <mss 1460,sackOK,timestamp 1227266425
0,nop,wscale 0> (DF)
00:15:02.505943 203.147.56.230.http > srv-001.34278: S
2745254075:2745254075(0) ack 893928170 win 5792 <mss
1452,sackOK,timestamp 793312392 1227266425,nop,wscale 0> (DF)
00:15:02.506041 srv-001.34278 > 203.147.56.230.http: . ack 1 win 5840
<nop,nop,timestamp 1227266429 793312392> (DF)
00:15:02.506901 srv-001.34278 > 203.147.56.230.http: P 1:139(138) ack 1
win 5840 <nop,nop,timestamp 1227266429 793312392> (DF)
00:15:02.559360 203.147.56.230.http > srv-001.34278: . ack 139 win 5792
<nop,nop,timestamp 793312447 1227266429> (DF)
00:15:02.608380 203.147.56.230.http > srv-001.34278: . 1:1401(1400) ack
139 win 5792 <nop,nop,timestamp 793312468 1227266429> (frag
48159:1432@0+)
00:15:02.609319 srv-001.34278 > 203.147.56.230.http: . ack 1441 win
8640 <nop,nop,timestamp 1227266439 793312468> (DF)
00:15:02.637621 203.147.56.230.http > srv-001.34278: . 1441:2841(1400)
ack 139 win 5792 <nop,nop,timestamp 793312468 1227266429> (frag
48160:1432@0+)
00:15:02.638452 srv-001.34278 > 203.147.56.230.http: . ack 2881 win
11520 <nop,nop,timestamp 1227266442 793312468> (DF)
00:15:02.666490 203.147.56.230.http > srv-001.34278: P 2881:4281(1400)
ack 139 win 5792 <nop,nop,timestamp 793312468 1227266429> (frag
48161:1432@0+)
00:15:02.667565 srv-001.34278 > 203.147.56.230.http: . ack 4321 win
14400 <nop,nop,timestamp 1227266445 793312468> (DF)
00:15:02.754391 203.147.56.230.http > srv-001.34278: . 4321:5721(1400)
ack 139 win 5792 <nop,nop,timestamp 793312612 1227266439> (frag
48162:1432@0+)
00:15:02.755739 srv-001.34278 > 203.147.56.230.http: . ack 5761 win
17280 <nop,nop,timestamp 1227266454 793312612> (DF)
00:15:02.783075 203.147.56.230.http > srv-001.34278: . 5761:7161(1400)
ack 139 win 5792 <nop,nop,timestamp 793312612 1227266439> (frag
48163:1432@0+)
00:15:02.784486 srv-001.34278 > 203.147.56.230.http: . ack 7201 win
20160 <nop,nop,timestamp 1227266456 793312612> (DF)
00:15:02.812262 203.147.56.230.http > srv-001.34278: P 7201:8601(1400)
ack 139 win 5792 <nop,nop,timestamp 793312612 1227266442> (frag
48164:1432@0+)
00:15:02.813098 srv-001.34278 > 203.147.56.230.http: . ack 8641 win
23040 <nop,nop,timestamp 1227266459 793312612> (DF)
00:15:02.841202 203.147.56.230.http > srv-001.34278: . 8641:10041(1400)
ack 139 win 5792 <nop,nop,timestamp 793312612 1227266442> (frag
48165:1432@0+)
and so on until:
00:15:25.127738 203.147.56.230.http > srv-001.34278: P
1023841:1025241(1400) ack 139 win 5792 <nop,nop,timestamp 793334338
1227268620> (frag 48870:1432@0+)
00:15:25.156780 203.147.56.230.http > srv-001.34278: P
1025281:1026681(1400) ack 139 win 5792 <nop,nop,timestamp 793334338
1227268620> (frag 48871:1432@0+)
00:15:25.156854 srv-001.34278 > 203.147.56.230.http: . ack 1026714 win
34560 <nop,nop,timestamp 1227268694 793334338> (DF)
00:15:25.159200 srv-001.34278 > 203.147.56.230.http: F 139:139(0) ack
1026714 win 34560 <nop,nop,timestamp 1227268694 793334338> (DF)
00:15:25.210642 203.147.56.230.http > srv-001.34278: F
1026714:1026714(0) ack 140 win 5792 <nop,nop,timestamp 793335104
1227268694> (DF)
00:15:25.210696 srv-001.34278 > 203.147.56.230.http: . ack 1026715 win
34560 <nop,nop,timestamp 1227268699 793335104> (DF)
There appears to be some strange fragmentation problem here, but I'm at
a loss as to how to troubleshoot it further - any suggestions on
decyphering this output, or where to go from here? |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in