Network troubleshooting


Wireshark is the essential network analyzer.

Capture through SSH

$ ssh [email protected] tcpdump -i eth0 -U -s0 -w - | wireshark -k -i -

Packet captures

Instant TCP RST in repsonse to SYN

Symptom (pcap)
Impossible to establish a TCP connection. A RST reply is received very quickly.

Capture packets on various interfaces:

  1. workstation output
  2. firewall lan input
  3. firewall wan output

The packet was visible on 1 and 2, but never on 3.

The firewall was configured to reject this connection.
Allow the necessary port in the firewall, if appropriate.