On 26/05/07, Andrew Suffield <[EMAIL PROTECTED]> wrote: > On Fri, May 25, 2007 at 05:17:09PM -0400, Roberto C. S?nchez wrote: > > On Fri, May 25, 2007 at 08:24:00PM +0100, Jonathan Underwood wrote: > > > > > > oh. Duh. I'm dumb - they're obviously the messages corresponding to > > > the ssh session I have open to examine the logs on the remote server > > > :) > > > > > > So it seems the stalled scp transfer isn't causing anything to be logged. > > > > > I'm completely baffled. > > Capturing the traffic with tcpdump -s 4096 -w (simultaneously on all > involved hosts) may be more informative.
I've never managed to climb the tcpdump learning curve, but I just fired up wireshark on the client machine and set it to filter all packets to/from the server machine. What jumps out at me is this: a) When I hit a stall in the scp transfer, the first suspect packet I see contains "A segment before this frame was lost" in the TCP analysis flags. This packet has source being the server and destination being the local machine. b) Then the next packet's TCP analysis flags contains "Duplicate to the ACK in frame 299". This packet has source being the local client machine, and destination being the server. Frame 299 is the packet before the packet flagged as "A segment before this frame was lost" that I mentioned in (a) above. c) The I see a continual sequence of packets of type (b), followed by a packet from the server to the client with protocol SSHv2 and seemingly being an ACK to the previous packet. d) After a while of (c), I see packets tagged as retransmission. I'm afraid I don't know enough to interpret all this. If it's useful to send over the wireshark capture file, let me know. J ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
