Tcpdump - any experts to explain exactly what the output means?
Hi,
I have a tcpdump where I'm not getting the reply I expect from the remote device. I'm just wondering what certain parts mean.
Source : 10.1.38.140
Destination : 10.11.12.20
Normal flow:
10.1.38.140 -> 10.11.12.20 port 1002
10.11.12.20 -> 10.1.38.140 port 3001
From destination to source : TELNET ok
But , From source to destination : TELNET is not working (port 1002)
tcpdump output on Source
tcpdump dst 10.11.12.20
13:00:43.662109 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [S], seq 2224499371, win 29200, options [mss 1460,sackOK,TS val 2012438406 ecr 0,nop,wscale 1], length 0
13:00:43.665029 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 4198684031, win 14600, options [nop,nop,TS val 2012438409 ecr 2158830375], length 0
13:00:43.666139 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438410 ecr 2158830375], length 155
13:00:43.870708 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438615 ecr 2158830375], length 155
13:00:44.078728 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438823 ecr 2158830375], length 155
13:00:44.486710 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012439231 ecr 2158830375], length 155
13:00:44.670877 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012439415 ecr 2158830375], length 0
13:00:45.310709 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012440055 ecr 2158830375], length 155
13:00:46.718804 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012441463 ecr 2158830375], length 0
13:00:46.974682 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012441719 ecr 2158830375], length 155
13:00:50.238692 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012444983 ecr 2158830375], length 155
13:00:50.750847 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012445495 ecr 2158830375], length 0
13:00:53.677026 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [F.], seq 155, ack ...