Mike Chirico on 12 Dec 2003 18:59:02 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] (tcpdump and telnet) for network troubleshooting


I'm never sure with ping.  Maybe some router is filtering ICMP packets
preventing ping from getting to the computer in question.  Another option is
telnet and tcpdump.

If you run tcpdump on the server in question as root

# tcpdump -i eth0 -nN -vvv -xX -s 1500 port not 22

It doesn't matter what IP address or port the personal firewall drops.
Tcpdump will still show  packets.

Obviously the above statement does not filter port 22, so you can connect to
the computer via ssh without seeing that connection.

Next, launch telnet from some client

telnet <ip address of computer> 80

And see if you get any data..if you get tcpdump data and you're not getting
any pages back on the web server, at least you know data is getting to the
server ok...maybe apache has a bad IP address wired into it or maybe it's
not set for port 80, not loaded hung  etc.  Anyway, it get's you closer to
the problem.

If you're not using eth0 and want to check all connections, the following
works too

# tcpdump  -nN -vvv -xX -s 1500 port not 22

Of course, there are other uses for the above command... it will show
content and activity of any port, including downloading web pages, IRC
chats, unencrypted passwords or mail going to and from the server.

Regards,

Mike Chirico

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug