On Sat, May 26, 2007 at 11:46:27AM +0100, Jonathan Underwood wrote: > On 26/05/07, Andrew Suffield <[EMAIL PROTECTED]> wrote: > > On Fri, May 25, 2007 at 05:17:09PM -0400, Roberto C. S?nchez wrote: > > > On Fri, May 25, 2007 at 08:24:00PM +0100, Jonathan Underwood wrote: > > > > > > > > oh. Duh. I'm dumb - they're obviously the messages corresponding to > > > > the ssh session I have open to examine the logs on the remote server > > > > :) > > > > > > > > So it seems the stalled scp transfer isn't causing anything to be > > > > logged. > > > > > > > I'm completely baffled. > > > > Capturing the traffic with tcpdump -s 4096 -w (simultaneously on all > > involved hosts) may be more informative. > > I've never managed to climb the tcpdump learning curve, but I just > fired up wireshark on the client machine and set it to filter all > packets to/from the server machine.
> I'm afraid I don't know enough to interpret all this. If it's useful > to send over the wireshark capture file, let me know. tcpdump -w just saves the traffic to a file. Saving the wireshark capture does exactly the same thing, it's just easier to install tcpdump; either way will work fine. Posting the captures so we can look at it is probably the only thing left to do at this point, given how bizarre this problem is. Remember - it's important to get a capture of the *same* session from all the interesting points (at least the server, client, and both interfaces of the firewall). We'll also need the output of 'shorewall dump' (I don't think you posted that yet). Follow #3 on http://shorewall.net/support.htm > a) When I hit a stall in the scp transfer, the first suspect packet I > see contains "A segment before this frame was lost" in the TCP > analysis flags. This packet has source being the server and > destination being the local machine. This part tells you that something is going wrong at a point closer to the server than the one where you captured. The next thing you would want to do is to look at the packet that was dropped and figure out what made it different from all the other ones, so you would need to compare this to a capture from the other end - hence why you need to capture at multiple points (one to tell you which packet is dropped, the other to show you that packet's contents). ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
