iptrace?

Wed Jul 2 14:56:16 UTC 2008

Dotan Cohen wrote:
> 2008/6/4 Markus Schönhaber <ubuntu-users at list-post.mks-mail.de>:
>> Dotan Cohen wrote:
>>
>>> 2008/6/4 Markus Schönhaber <ubuntu-users at list-post.mks-mail.de>:
>>>> But is it reproducible in the sense that when it happens, it happens
>>>> more than once?
>>> Yes, the problem could persist for 15 minutes, then browsing goes back
>>> to normal.
>> Good (in the sense that you can do some measurements when it happens again).
>> When it happens again, you could do the following:
>> - Close all network-related applications (browser, mail client etc.).
>> - Start tcpdump (you may have to install it):
>> sudo tcpdump -s 0 -w <some file name> -i <name of external interface>
>> - Do some webbrowsing.
>> We can take al look at what tcpdump captured afterwards.
>>
>>> I don't think that they did. Actually, I'm almost certain that they
>>> did not. I will file a bug with Mozilla that such information should
>>> be included in the error message.
>> What I wanted to find out is whether it's really a firefox generated
>> message. In most error cases the server or the proxy will send an error
>> page which the browser simply displays but has no influence what info is
>> provided on this page - but the name of the server might be among them.
>>
>>>> I'm not familiar with mtr. But two things catch my eye:
>>>> 1. The "Resolver error"s on some of the shots.
>>>> 2. The massive packet loss on some .bezequint.net machines.
>>> That is the ISP's machine. They have seen the screenshots and say that
>>> is normal.
>> OK, in combination with what you mentioned in your other post, that this
>> was due to traffic shaping, this might be true. mtr sends ICMP echo
>> requests which might indeed get dropped in favour of more important
>> packets (but for very little gain).
>> Nevertheless this doesn't sound convincing to me. I'd rather read that
>> as: "Sorry, pal. When that happens to you, we have shaped you out of the
>> way. Bad luck, mate".
>>
>> Since you started this thread with asking for iptrace which, as I
>> understand it, was suggested to you by your ISP's tech: it might be
>> worthwhile to find out, what exactly the tech wanted you to do with
>> iptrace, i. e. what exactly he wanted you to measure.
>> If you know that, you can probably do this measurement with some other
>> means/tool.
>>
> 
> It took a month, but here is the results on my tcpdump:
> http://dotancohen.com/images/examples/tcpdumpoutput.txt
> 
> It seems to be a binary file, but I was able to read a bit of it with
> strings. What program is used to read this?
> 
> I opened tcpdump and then Firefox, went to slashdot.com, quickly
> realized my misktake and hit ESC, went to slashdot.org, it timed out,
> then I went to google.com which loaded. I then closed Firefox and
> tcpdump.

I like to use wireshark.

-- 
The early bird who catches the worm works for someone who comes in late
and owns the worm farm.
		-- Travis McGee