On Fri, 15 Aug 2008 10:06:39 +0300 (EEST) "Ilpo Järvinen" <ilpo.jarvinen@xxxxxxxxxxx> wrote: > I would be better to have tcpdump running at least a bit back (2-3 windows > back is long enough for me), but obviously that might not be possible > option because it occurs so rarely. ...It should be possible to have > tcpdump restarted once in a while to avoid a one huge log if you'd just > keep running tcpdump from beginning. Ok. > What do you mean by "come back alive"...? ...In eth0 log I found this > connection 189.38.18.122.995 > 192.168.0.2.35477, the ip matches with > abusar's. But I'm not sure if the connection in the tunnel is the > interesting one, since it's going to/from port 119 but the ip addresses > (10.195.195.2 and 10.195.195.1) don't tell anything to me, I guess you > know their meaning (ie., if 10.195.195.2 is the one with which the > connection stalls)? ...You're probably right that this wasn't very useful > log, the longest "stall" I find is only 1.111328 seconds long (and it > might be due to some processing that is made by 10.195.195.2). By "come back alive" I mean when the connection isn't stalled anymore. 189.38.18.122 -> server 10.195.195.1 -> my local VPN ip (tun1) 10.195.195.2 -> remote VPN ip (on the server) 192.168.0.2 -> my local ip (eth0) Should I run tcpdump on the server too, or is it sufficient to dump just on my client machine? Thank you very much again. -- -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
