We have been having some network clog ups. Initially I needed to
MAKEDEV pfilt in order for tcpdump to function (My kernel already
had support compiled into it for packetfiliter).
When I run tcpdump as itself to display all network activity. I can
see my lat connections from the terminal server to the alpha and
some misc router activity on another part of the network, however
I have yet to see the telnet session traffic, why wouldn't tcpdump
show those? I have read the man's (many times), I have tried
different switches, I tried tcpdump ip to filter out the lat's, still
no luck.
I probably am not running it correctly. I can see the telnet connections
with netstat, but I want to see if there is some kind of denial of
service
attack going on during the clog ups, so I figured tcpdump would
show what traffic is slowing it down.
If there was a short on the network, would that show up in any form
under tcpdump?
Are there any other programs (public domain or gnu) which would help
to determine the slowdowns.
The problem is that the if the terminal servers can't talk to our alpha
server
for over 1 second and LAT drops all the sessions (logging anyone on
the terminal server off from unix - not a good thing).
Could a denial of service clog up a network enough to knock out the
LAT connections apparantly if LAT can't contact it's connection after
1 second it drops the connection, where as telnet will wait much much
longer.
Thanx
George Gallen
ggallen_at_slackinc.com
Received on Fri Jun 05 1998 - 15:23:56 NZST