Ask Your Question

Revision history [back]

Tcpdump - any experts to explain exactly what the output means?

Hi,

I have a tcpdump where I'm not getting the reply I expect from the remote device. I'm just wondering what certain parts mean.

Source : 10.1.38.140

Destination : 10.11.12.20

Normal flow:

10.1.38.140 -> 10.11.12.20 port 1002

10.11.12.20 -> 10.1.38.140 port 3001

From destination to source : TELNET ok

But , From source to destination : TELNET is not working (port 1002)

tcpdump output on Source

tcpdump dst 10.11.12.20

13:00:43.662109 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [S], seq 2224499371, win 29200, options [mss 1460,sackOK,TS val 2012438406 ecr 0,nop,wscale 1], length 0
13:00:43.665029 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 4198684031, win 14600, options [nop,nop,TS val 2012438409 ecr 2158830375], length 0
13:00:43.666139 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438410 ecr 2158830375], length 155
13:00:43.870708 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438615 ecr 2158830375], length 155
13:00:44.078728 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012438823 ecr 2158830375], length 155
13:00:44.486710 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012439231 ecr 2158830375], length 155
13:00:44.670877 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012439415 ecr 2158830375], length 0
13:00:45.310709 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012440055 ecr 2158830375], length 155
13:00:46.718804 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012441463 ecr 2158830375], length 0
13:00:46.974682 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012441719 ecr 2158830375], length 155
13:00:50.238692 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012444983 ecr 2158830375], length 155
13:00:50.750847 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012445495 ecr 2158830375], length 0
13:00:53.677026 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [F.], seq 155, ack 1, win 14600, options [nop,nop,TS val 2012448421 ecr 2158830375], length 0
13:00:53.677418 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012448421 ecr 2158840387], length 155
13:00:53.680822 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 1449, win 16048, options [nop,nop,TS val 2012448425 ecr 2158840390], length 0
13:00:53.681263 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 2897, win 17496, options [nop,nop,TS val 2012448425 ecr 2158840391], length 0
13:00:53.681300 IP app01.contoso.com.44531 > 10.11.12.20.1002: Flags [.], ack 3094, win 18944, options [nop,nop,TS val 2012448425 ecr 2158840391], length 0
13:01:03.877179 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [S], seq 3729101177, win 29200, options [mss 1460,sackOK,TS val 2012458621 ecr 0,nop,wscale 1], length 0
13:01:03.880213 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [.], ack 1931356801, win 14600, options [nop,nop,TS val 2012458624 ecr 2158850590], length 0
13:01:03.881774 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012458626 ecr 2158850590], length 155
13:01:04.086707 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012458831 ecr 2158850590], length 155
13:01:04.294677 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012459039 ecr 2158850590], length 155
13:01:04.710684 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012459455 ecr 2158850590], length 155
13:01:04.894878 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012459639 ecr 2158850590], length 0
13:01:05.534699 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012460279 ecr 2158850590], length 155
13:01:06.942901 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012461687 ecr 2158850590], length 0
13:01:07.198708 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012461943 ecr 2158850590], length 155
13:01:10.526699 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012465271 ecr 2158850590], length 155
13:01:10.974838 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [.], ack 1, win 14600, options [nop,nop,TS val 2012465719 ecr 2158850590], length 0
13:01:13.892902 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [F.], seq 155, ack 1, win 14600, options [nop,nop,TS val 2012468637 ecr 2158850590], length 0
13:01:13.893349 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [P.], seq 0:155, ack 1, win 14600, options [nop,nop,TS val 2012468637 ecr 2158860603], length 155
13:01:13.895692 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [.], ack 1449, win 16048, options [nop,nop,TS val 2012468640 ecr 2158860605], length 0
13:01:13.896278 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [.], ack 2897, win 17496, options [nop,nop,TS val 2012468640 ecr 2158860606], length 0
13:01:13.896289 IP app01.contoso.com.33557 > 10.11.12.20.1002: Flags [.], ack 3094, win 18944, options [nop,nop,TS val 2012468640 ecr 2158860606], length 0
13:01:24.888424 IP app01.contoso.com.41807 > 10.11.12.20.1002: Flags [S], seq 3406443899, win 29200, options [mss 1460,sackOK,TS val 2012479632 ecr 0,nop,wscale 1], length 0