Unix Technical Forum

How can I monitor TCP/IP Window size using tcpdump?

This is a discussion on How can I monitor TCP/IP Window size using tcpdump? within the AIX Operating System forums, part of the Unix Operating Systems category; --> Running AIX V5.1 We have have a socket level connection to a vendor that passes traffic back and forth ...


Go Back   Unix Technical Forum > Unix Operating Systems > AIX Operating System

How can I monitor TCP/IP Window size using tcpdump? How can I monitor TCP/IP Window size using tcpdump?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-04-2008, 10:29 PM
Dave Thacker
 
Posts: n/a
Default How can I monitor TCP/IP Window size using tcpdump?
Running AIX V5.1

We have have a socket level connection to a vendor that passes traffic
back and forth constantly. We've have several (5 times a week) cases
lately where it appears the vendor has stopped sending us traffic.
The vendor claims that our tcp/ip window size has dropped to zero, and
they are not able to send us traffic. When we cycle the listening
application, the problem clears and traffic resumes. I've been asked
to find a way to monitor our window size. I'm working with tcpdump.
My first attempt was to monitor all the traffic sent to a specific
port using these arguments "tcpdump dst port XXXX". I received output
that appears to have window size information. (extract below,
sanitized for my protection):
11:27:43.923831213 192.168.10.75.62592 > my-server.myproc-a-prod: .
ack 67005 win 49664 (DF)
11:27:44.069467338 192.168.10.75.62592 > my-server.myproc-a-prod: P
33891:34068(177) ack 67578 win 49664 (DF)
11:27:44.304338798 192.168.10.75.62592 > my-server.myproc-a-prod: .
ack 68084 win 49664 (DF)
11:27:44.484039710 192.168.10.75.62592 > my-server.myproc-a-prod: .
ack 68178 win 49664 (DF)
11:27:44.661708504 192.168.10.75.62592 > my-server.myproc-a-prod: P
34068:34221(153) ack 68178 win 49664 (DF)
11:27:44.794251484 192.168.10.75.62592 > my-server.myproc-a-prod: .
ack 68625 win 49664 (DF)
11:27:45.022244967 192.168.10.75.62592 > my-server.myproc-a-prod: .
ack 69070 win 49664 (DF)
11:27:45.124593940 192.168.10.75.62592 > my-server.myproc-a-prod: .
ack 69582 win 49664 (DF)
11:27:45.265916350 192.168.10.75.62592 > my-server.myproc-a-prod: P
34221:34386(165) ack 69802 win 49664 (DF)
11:27:45.522406728 192.168.10.75.62592 > my-server.myproc-a-prod: .
ack 70826 win 49664 (DF)
11:27:45.692453651 192.168.10.75.62592 > my-server.myproc-a-prod: .
ack 71649 win 49664 (DF)
I had this running during one of our "outages" and the win size never
changed from 49664. I suspect I'm not using the proper arguments.
Does anyone have a tcpdump recipe to watch the window size for traffic
to or from a specific port?

TIA

Dave Thacker
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 01-04-2008, 10:29 PM
mark taylor
 
Posts: n/a
Default Re: How can I monitor TCP/IP Window size using tcpdump?
tcpdump --> "win" Specifies the number of bytes of receive buffer
space available from the other direction on this connection.

I would use iptrace / ipreport to diagnose this problem. Check out
the docs.

http://publib16.boulder.ibm.com/doc_...s3/iptrace.htm
Rgds
Mark Taylor
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Removing NIS+ client configuration | NIM, lpp_sources & mixed rpm/installp dependencies »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT. The time now is 11:35 AM.

Contact Us - Unix Technical Forums - Top

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
www.UnixAdminTalk.com