tcptrace-bugs connection tracking problem or something else?

From: Sami Farin (safari+tcptrace@iki.fi)
Date: 10/09/03

• Next message: Shawn Ostermann: "Re: tcptrace-bugs connection tracking problem or something else?"
• Previous message: The Savvy Investor Newsletter: "tcptrace-bugs Before the Bell: (TDST) Enabling the Telemedical Revolution."
• Next in thread: Shawn Ostermann: "Re: tcptrace-bugs connection tracking problem or something else?"
• Maybe reply: Shawn Ostermann: "Re: tcptrace-bugs connection tracking problem or something else?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 10 Oct 2003 03:38:01 +0300
From: Sami Farin <safari+tcptrace@iki.fi>
Subject: tcptrace-bugs connection tracking problem or something else?
Message-ID: <20031010003801.GA8126@safari.homelinux.net>

I have tarpitted (Linux 2.4 netfilter) several ports which
I also record with tcpdump..
However, this connection isn't recognized as one connection, why?

$ tcptrace -n 61.250.205.100-21-tarpit.bin
1 arg remaining, starting with '61.250.205.100-21-tarpit.bin'
Ostermann's tcptrace -- version 6.4.13 -- Tue Oct 7, 2003

72 packets seen, 72 TCP packets traced
elapsed wallclock time: 0:00:00.016398, 4390 pkts/sec analyzed
trace file elapsed time: 1:55:26.682185
TCP connection info:
  1: 61.250.205.100:1480 - 62.236.236.161:21 (a2b) 9> 9<
  2: 61.250.205.100:1480 - 62.236.236.161:21 (c2d) 1> 1<
  3: 61.250.205.100:1480 - 62.236.236.161:21 (e2f) 1> 1<
  4: 61.250.205.100:1480 - 62.236.236.161:21 (g2h) 1> 1<
  5: 61.250.205.100:1480 - 62.236.236.161:21 (i2j) 1> 1<
  6: 61.250.205.100:1480 - 62.236.236.161:21 (k2l) 1> 1<
  7: 61.250.205.100:1480 - 62.236.236.161:21 (m2n) 1> 1<
  8: 61.250.205.100:1480 - 62.236.236.161:21 (o2p) 1> 1<
  9: 61.250.205.100:1480 - 62.236.236.161:21 (q2r) 1> 1<
 10: 61.250.205.100:1480 - 62.236.236.161:21 (s2t) 1> 1<
 11: 61.250.205.100:1480 - 62.236.236.161:21 (u2v) 1> 1<
 12: 61.250.205.100:1480 - 62.236.236.161:21 (w2x) 1> 1<
 13: 61.250.205.100:1480 - 62.236.236.161:21 (y2z) 1> 1<
 14: 61.250.205.100:1480 - 62.236.236.161:21 (aa2ab) 1> 1<
 15: 61.250.205.100:1480 - 62.236.236.161:21 (ac2ad) 1> 1<
 16: 61.250.205.100:1480 - 62.236.236.161:21 (ae2af) 1> 1<
 17: 61.250.205.100:1480 - 62.236.236.161:21 (ag2ah) 1> 1<
 18: 61.250.205.100:1480 - 62.236.236.161:21 (ai2aj) 1> 1<
 19: 61.250.205.100:1480 - 62.236.236.161:21 (ak2al) 1> 1<
 20: 61.250.205.100:1480 - 62.236.236.161:21 (am2an) 1> 1<
 21: 61.250.205.100:1480 - 62.236.236.161:21 (ao2ap) 1> 1<
 22: 61.250.205.100:1480 - 62.236.236.161:21 (aq2ar) 1> 1<
 23: 61.250.205.100:1480 - 62.236.236.161:21 (as2at) 1> 1<
 24: 61.250.205.100:1480 - 62.236.236.161:21 (au2av) 1> 1<
 25: 61.250.205.100:1480 - 62.236.236.161:21 (aw2ax) 1> 1<
 26: 61.250.205.100:1480 - 62.236.236.161:21 (ay2az) 1> 1<
 27: 61.250.205.100:1480 - 62.236.236.161:21 (ba2bb) 1> 1<
 28: 61.250.205.100:1480 - 62.236.236.161:21 (bc2bd) 1> 1<

-- 
Safari - safari+tcptrace@iki.fi - PGP key 0x427E7914 - http://iki.fi/safari/
"Really, I'm not out to destroy Microsoft.
 That will just be a completely unintentional side effect." - Linus Torvalds

• application/octet-stream attachment: 61.250.205.100-21-tarpit.bin

• Next message: Shawn Ostermann: "Re: tcptrace-bugs connection tracking problem or something else?"
• Previous message: The Savvy Investor Newsletter: "tcptrace-bugs Before the Bell: (TDST) Enabling the Telemedical Revolution."
• Next in thread: Shawn Ostermann: "Re: tcptrace-bugs connection tracking problem or something else?"
• Maybe reply: Shawn Ostermann: "Re: tcptrace-bugs connection tracking problem or something else?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : 10/10/03 EDT