From: Jeroen Doorschodt (j.doorschodt@corp.csnet.nl)
Date: 08/03/04
Message-ID: <000a01c479a3$0b98a600$9600000a@joenix.xs4all.nl> From: "Jeroen Doorschodt" <j.doorschodt@corp.csnet.nl> Subject: tcptrace-bugs (real) TCP-session does not match tcptrace logging Date: Tue, 3 Aug 2004 23:44:19 +0200
Version: Ostermann's tcptrace -- version 6.6.1 -- Wed Nov 19, 2003
I've a tcp session as described here:
tcptracer devides it into 2 sessions. how is dat possible. I can't find any
difference from a normal tcp session.
(although the 'mistakes' only happens from my NUTos machine, all other
machines-traces seems fine)
But only my first tcp session goes well.
What I discoverd is dat all tcp sessions begin with a SYN with
1000000:1000000.
Is this a bug in the program of the tcp stack of my NUTos machine?
tcpdump -r logfile1 -vvvv :
19:24:43.479125 10.129.2.124.4100 > 10.16.1.35.8000: S [tcp sum ok]
1000000:1000000(0) win 4288 <mss 536> (ttl 63, id 22, len 44)
19:24:43.479210 10.16.1.35.8000 > 10.129.2.124.4100: S [tcp sum ok]
3798836187:3798836187(0) ack 1000001 win 5840 <mss 1460> (DF) (ttl 64, id 0,
len 44)
19:24:43.614171 10.129.2.124.4100 > 10.16.1.35.8000: . [tcp sum ok] 1:1(0)
ack 1 win 4288 (ttl 63, id 23, len 40)
19:24:43.724201 10.129.2.124.4100 > 10.16.1.35.8000: P 1:199(198) ack 1 win
4288 (ttl 63, id 24, len 238)
19:24:43.724923 10.16.1.35.8000 > 10.129.2.124.4100: . [tcp sum ok] 1:1(0)
ack 199 win 6432 (DF) (ttl 64, id 18404, len 40)
19:24:43.725753 10.16.1.35.8000 > 10.129.2.124.4100: P [tcp sum ok] 1:18(17)
ack 199 win 6432 (DF) (ttl 64, id 18405, len 57)
19:24:43.874127 10.129.2.124.4100 > 10.16.1.35.8000: . [tcp sum ok]
199:199(0) ack 18 win 4271 (ttl 63, id 25, len 40)
19:24:43.874250 10.16.1.35.8000 > 10.129.2.124.4100: P 18:381(363) ack 199
win 6432 (DF) (ttl 64, id 18406, len 403)
19:24:44.079120 10.129.2.124.4100 > 10.16.1.35.8000: . [tcp sum ok]
199:199(0) ack 381 win 3925 (ttl 63, id 26, len 40)
19:24:46.202846 10.16.1.35.8000 > 10.129.2.124.4100: . 381:917(536) ack 199
win 6432 (DF) (ttl 64, id 18407, len 576)
tcpdump -r logfile2:
19:16:51.750356 10.129.2.97.4101 > stream11.kerkomroep.nl.8000: S
1000000:1000000(0) win 4288 <mss 536>
19:16:51.750440 stream11.kerkomroep.nl.8000 > 10.129.2.97.4101: S
3310709626:3310709626(0) ack 1000001 win 5840 <mss 1460> (DF)
19:16:51.950360 10.129.2.97.4101 > stream11.kerkomroep.nl.8000: . ack 1 win
4288
19:16:52.055341 10.129.2.97.4101 > stream11.kerkomroep.nl.8000: P 1:199(198)
ack 1 win 4288
19:16:52.056072 stream11.kerkomroep.nl.8000 > 10.129.2.97.4101: . ack 199
win 6432 (DF)
19:16:52.056923 stream11.kerkomroep.nl.8000 > 10.129.2.97.4101: P 1:18(17)
ack 199 win 6432 (DF)
19:16:52.210258 10.129.2.97.4101 > stream11.kerkomroep.nl.8000: . ack 18 win
4271
----tcptrace logfile1
TCP connection 72:
host em: 10.129.2.124:4100
host en: 10.16.1.35:8000
complete conn: no (SYNs: 1) (FINs: 0)
first packet: Tue Aug 3 19:24:43.479125 2004
last packet: Tue Aug 3 21:06:01.917881 2004
elapsed time: 1:41:18.438756
total packets: 35657
filename: tcpdump.hex
em->en: en->em:
total packets: 35657 total packets: 0
ack pkts sent: 35656 ack pkts sent: 0
pure acks sent: 35655 pure acks sent: 0
sack pkts sent: 0 sack pkts sent: 0
dsack pkts sent: 0 dsack pkts sent: 0
max sack blks/ack: 0 max sack blks/ack: 0
unique bytes sent: 198 unique bytes sent: 0
actual data pkts: 1 actual data pkts: 0
actual data bytes: 198 actual data bytes: 0
SYN/FIN pkts sent: 1/0 SYN/FIN pkts sent: 0/0
...
================================
TCP connection 73:
host eo: 10.16.1.35:8000
host ep: 10.129.2.124:4100
complete conn: no (SYNs: 1) (FINs: 1)
first packet: Tue Aug 3 19:24:43.479210 2004
last packet: Tue Aug 3 21:08:32.863199 2004
elapsed time: 1:43:49.383989
total packets: 35696
filename: tcpdump.hex
eo->ep: ep->eo:
total packets: 35696 total packets: 0
ack pkts sent: 35696 ack pkts sent: 0
pure acks sent: 1 pure acks sent: 0
sack pkts sent: 0 sack pkts sent: 0
dsack pkts sent: 0 dsack pkts sent: 0
max sack blks/ack: 0 max sack blks/ack: 0
unique bytes sent: 18321712 unique bytes sent: 0
actual data pkts: 35687 actual data pkts: 0
actual data bytes: 18366656 actual data bytes: 0
rexmt data pkts: 92 rexmt data pkts: 0
rexmt data bytes: 44950 rexmt data bytes: 0
zwnd probe pkts: 0 zwnd probe pkts: 0
zwnd probe bytes: 0 zwnd probe bytes: 0
outoforder pkts: 0 outoforder pkts: 0
pushed data pkts: 8641 pushed data pkts: 0
SYN/FIN pkts sent: 1/7 SYN/FIN pkts sent: 0/0
This archive was generated by hypermail 2.1.7 : 08/04/04 EDT