Sometime it is essential to dig into how packets are being transmitted from source to destination to identify issues. Let's say imagine client is getting frequent timeout and from services side network admin would like to take a glance at how the machine is serving the network request.
Some of the useful commands:
List all networking hardware connected
networksetup -listallhardwareports
Taking tcp dump:
sudo tcpdump -ttttnnr ~/tcp_dumpFile.pcap
Reading tcpdump file on command prompt:
sudo tcpdump -ttttnnr tcp_dumpFile.pcap
Analysing the tcp dump:
22:24:18.910372 IP (tos 0x10, ttl 64, id 9792, offset 0, flags [DF], proto TCP (6), length 88)
78.47.105.76.ssh > 82.132.219.219.55495: Flags [P.], cksum 0xcb29 (correct), seq 497880562:497880610(48), ack 1593322765, win 379, length 48
Source IP address and Port: 78.47.105.76.ssh
Destination IP address and Port: 82.132.219.219.55495
Length 88 – the IP packet length, including all headers, in Bytes (16 bits, 3rd and 4th octets)
proto TCP (6) – the higher layer (four) protocol and it’s number (8 bits, 10th octet)
offset 0 – the fragment offset, used with fragmented packets, should be 0 or a multiple of 8, displayed in bytes (13 bits of the 7th and 8th octets)
cksum 0xcb29 (correct) – the packet’s TCP checksum value
win 379 – the source host’s TCP window
ack 1593322765 – the TCP packet’s acknowledgement number
seq 497880562:497880610(48) – the TCP packet’s starting and ending sequence numbers, the value in brackets indicates the difference and thus the amount of data carried (in Bytes); this should match the length field
No comments:
Post a Comment