Basically it was suggested to use either tcpdump with a controlled
login/logout to see the logout packets, or to use hunt under linux
for network analysis.
I wasn't able to get the binary for hunt to work, and didn't have
the time to really work with it getting it running/compiled.
http://www.cri.cz/kra/index.html
As Well tcpdump was suggested for viewing the packets of a test IP
PC when logging in and logging out.
>From the above, the FIN packets were noted as the last packets sent
I then tracked only FIN packets showing from & to to determine the
originator of the packet, and as well displayed the results of 'w'
from the previous minute (via a cron job) to determine the idle time
when the FIN was sent.
It turned out unix was dropping the telnet connections, but from
more digging was because the PC's went into sleep mode and dropped
their network connection first.
George
-----Original Message-----
From: George Gallen
Sent: Wednesday, December 08, 1999 9:42 AM
To: 'tru64-unix-managers_at_ornl.gov'
Subject: Tracing dropped connections...
We have a section of our building that keeps losing their
telnet connection
unless they are typing, even then sometimes they still get dropped. As
far as I know, it only happens in one area of the building. Is there any
way to monitor the packets to see why the connection is being
dropped? I'm
familar with tcpdump, but what would I be looking for? I don't
think it's
our machine initiating the drop, my feeling is it's in the
network switches
getting to our machine, but I'm not positive (autologout is not active).
>From what is described to me is, they will use telnet (from
Windows), get
a connection (without a problem), login (without a problem),
turn around to
get something, then turn back and have "connection to host lost" box on
their screen, having to start over.
Occaisionally, if they lose it while attempting a login, I get an error
message from tcpwrappers that someone at 0.0.0.0 attempted a login. and
the sia logs will log a ttl peer reset, which I have received prior when
our hub was powered off by accident or if an active line is pulled from
the hub.
Any ideas or things to check/try to track down the source of the
disconnection?
Running 3.2c (soon to be 4.0d) on a 2100 with C2.
George Gallen
Senior Programmer/Analyst
Accounting/Data Division
ggallen_at_slackinc.com
ph:856.848.1000 Ext 220
SLACK Incorporated - An innovative information, education and management
company
http://www.slackinc.com
Received on Thu Dec 16 1999 - 22:06:58 NZDT