On Feb 29 2008 17:30, Nishit Shah wrote: >>>Now here original and reverse tuples are --> >>> Original tuple 192.168.206.200:63423->72.14.223.83:443 >>> Reply tuple 192.168.121.125:3128->192.168.206.200:46873 >>> >>>So, here destination port of reverse tuple is 46873. Is it correct ? >> >>You could compare with the output of tcpdump to capture the >>actual on-wire situation especially regarding port 46873. > >In tcpdump output I am seeing packets only with port 63423. No packets with >port 46873. Something like > > 192.168.206.200:63423->72.14.223.83:443 Syn > 72.14.223.83:443->192.168.206.200:63423 Syn Ack > 192.168.206.200:63423->72.14.223.83:443 Ack > >Also, this happens with heavy load only. In normal conditions destination >port of reverse tuple doesn't change. Then, also check the output of `lsof -Pn` and see if it has 46873. squid 5770 squid 20u IPv4 30336 TCP 192.168.206.200:46873->a.b.c.d:3128 (ESTABLISHED) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
