From owner-freebsd-questions Sat Nov 10 0:55:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by hub.freebsd.org (Postfix) with ESMTP id 29E2237B41E for ; Sat, 10 Nov 2001 00:55:45 -0800 (PST) Received: from dialup-209.245.142.243.dial1.sanjose1.level3.net ([209.245.142.243] helo=blossom.cjclark.org) by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 162TvN-00030m-00; Sat, 10 Nov 2001 00:55:41 -0800 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id fAA8saZ55825; Sat, 10 Nov 2001 00:54:36 -0800 (PST) (envelope-from cjc) Date: Sat, 10 Nov 2001 00:54:36 -0800 From: "Crist J. Clark" To: GuRU Cc: freebsd-questions@FreeBSD.ORG Subject: Re: problems with clients behind ipf/ipnat firewall Message-ID: <20011110005436.G51003@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20011107132853.B7624@nubisci.net> <20011107231359.J301@blossom.cjclark.org> <20011109133729.A21217@nubisci.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011109133729.A21217@nubisci.net>; from guru@nubisci.net on Fri, Nov 09, 2001 at 01:37:29PM -0500 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Nov 09, 2001 at 01:37:29PM -0500, GuRU wrote: > Out of da blue Crist J. Clark aka (cristjc@earthlink.net) said: > > Just for kicks, what does, > > > > $ traceroute -Sn bantu.cl.msu.edu > > > > Return? > > > > Some comparitive tcpdump(8)s on the inner and outer interfaces would > > help too. > ok. i did the following: > tcpdump -s 1518 -i fxp0 -w tcpdump.fxp1 & > tcpdump -s 1518 -i fxp1 -w tcpdump.fxp1 & > > then i did > traceroute -Sn ftp.freebsd.org > ftp ftp.freebsd.org > > from my client box. after the above two commands finished i did the > following: > tcpshow < tcpdump.txt >tcpshow.fxp0 > tcpshow < tcpdump.fxp1 > tcpshow.fxp1 > > the results are shown at > http://www.nubisci.net/guru/tcpshow.fxp0 (public interface) > http://www.nubisci.net/guru/tcpshow.fxp1 (private interface) > > i'm still looking thru the output. if anything stands out, i'd like to know Ugh. tcpshow(1) output? How about the tcpdump.fxp[01] files? (a) tcpshow(1) is spammy when looking at more than a few packets. (b) It would be a lot easier if I could easily filter out ARP, SSH, and other noise easily. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message