First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Tcpdump - any experts to explain exactly what the output means?

  • retag add tags

Hi,

I have a tcpdump where I'm not getting the reply I expect from the remote device. I'm just wondering what certain parts mean.

Source : 10.1.38.140

Destination : 10.11.12.20

Normal flow:

10.1.38.140 -> 10.11.12.20 port 1002

10.11.12.20 -> 10.1.38.140 port 3001

From destination to source : TELNET ok

But , From source to destination : TELNET is not working (port 1002)

tcpdump output on Source

tcpdump dst 10.11.12.20

13:00:43.662109 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [S], seq 2224499371, win 29200, options [mss 1460,sackOK,TS val 2012438406 ecr 0,nop,wscale 1], length 0
13:00:43.665029 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 4198684031, win 14600, options [nop,nop,TS val 2012438409 ecr 2158830375], length 0
13:00:43.666139 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438410 ecr 2158830375], length 155
13:00:43.870708 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438615 ecr 2158830375], length 155
13:00:44.078728 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438823 ecr 2158830375], length 155
13:00:44.486710 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012439231 ecr 2158830375], length 155
13:00:44.670877 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012439415 ecr 2158830375], length 0
13:00:45.310709 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012440055 ecr 2158830375], length 155
13:00:46.718804 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012441463 ecr 2158830375], length 0
13:00:46.974682 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012441719 ecr 2158830375], length 155
13:00:50.238692 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012444983 ecr 2158830375], length 155
13:00:50.750847 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012445495 ecr 2158830375], length 0
13:00:53.677026 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [F.], seq 155, ack ...
(more)
maxcoder88's avatar
1
maxcoder88
asked 2023-05-11 08:34:51 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

There's no reply at all in the capture, all the packets are from app01.contoso.com:44531 to 10.11.12.20:1002.

The traffic does seem to be flowing both ways though, so looks like something in your capture setup causing the issue.

P.S. as this is a Wireshark site, it makes much easier for folks to comment if you'd used a Wireshark tool to dump the traffic, e.g. tshark

grahamb's avatar
23.8k
grahamb
answered 2023-05-11 14:15:20 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer