TCP/IP: with tcpdump
myline

Here goes some basic steps in analyzing traffic.

Can you see the 3-way-handshake

Can you verify the 3-way-handshake? If you can't verify it, then there's some basic problem in the connectivity. You'll see something like: 
192.168.1.12.1051 > 192.168.1.11.23: S 4255483971:4255483971(0) 
                              win 65535  (DF)
192.168.1.11.23 > 192.168.1.12.1051: S 4279842714:4279842714(0) 
	                           ack 4255483972 win 32120  (DF)
192.168.1.12.1051 > 192.168.1.11.23: . ack 4279842715 win 65535 (DF)

Is there some kind of data transfer?

See whether you can find some data transfer. You'll see something like below (number of bytes in parentheses, after the sequence numbers): 
192.168.1.11.23 > 192.168.1.12.1051: P 4279842714:4279842717(3) 
	                           ack 4255483972 win 32120  (DF)

Who's the client & who's the server?

I mean who started to communicate first. And who ended the communication. Look for RESET and FIN packets.

myline
| Home | About myself | My resume | My interest | My links | FCC, memorable days | Chakma, a micro nation | Rangamati, My home town | Chittagong Hill Tracts, few facts | CPU, may be useful for TUT stu | COMPILER, may be useful for TUT students | Running Linux on BOOK-PC
myline

this page is maintained by:
[email protected]

Hosted by www.Geocities.ws

1