Ask Your Question
0

Tcpdump - any experts to explain exactly what the output means?

asked 2023-05-11 08:34:51 +0000

maxcoder88 gravatar image

Hi,

I have a tcpdump where I'm not getting the reply I expect from the remote device. I'm just wondering what certain parts mean.

Source : 10.1.38.140

Destination : 10.11.12.20

Normal flow:

10.1.38.140 -> 10.11.12.20 port 1002

10.11.12.20 -> 10.1.38.140 port 3001

From destination to source : TELNET ok

But , From source to destination : TELNET is not working (port 1002)

tcpdump output on Source

tcpdump dst 10.11.12.20

13:00:43.662109 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [S], seq 2224499371, win 29200, options [mss 1460,sackOK,TS val 2012438406 ecr 0,nop,wscale 1], length 0
13:00:43.665029 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 4198684031, win 14600, options [nop,nop,TS val 2012438409 ecr 2158830375], length 0
13:00:43.666139 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438410 ecr 2158830375], length 155
13:00:43.870708 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438615 ecr 2158830375], length 155
13:00:44.078728 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438823 ecr 2158830375], length 155
13:00:44.486710 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012439231 ecr 2158830375], length 155
13:00:44.670877 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012439415 ecr 2158830375], length 0
13:00:45.310709 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012440055 ecr 2158830375], length 155
13:00:46.718804 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012441463 ecr 2158830375], length 0
13:00:46.974682 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012441719 ecr 2158830375], length 155
13:00:50.238692 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012444983 ecr 2158830375], length 155
13:00:50.750847 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012445495 ecr 2158830375], length 0
13:00:53.677026 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [F.], seq 155, ack ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-05-11 14:15:20 +0000

grahamb gravatar image

There's no reply at all in the capture, all the packets are from app01.contoso.com:44531 to 10.11.12.20:1002.

The traffic does seem to be flowing both ways though, so looks like something in your capture setup causing the issue.

P.S. as this is a Wireshark site, it makes much easier for folks to comment if you'd used a Wireshark tool to dump the traffic, e.g. tshark

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-05-11 08:34:51 +0000

Seen: 954 times

Last updated: May 11 '23