Wireshark is the essential network analyzer.
Capture through SSH¶
$ ssh firstname.lastname@example.org tcpdump -i eth0 -U -s0 -w - | wireshark -k -i -
- Symptom (pcap)
- Impossible to establish a TCP connection. A RST reply is received very quickly.
Capture packets on various interfaces:
- workstation output
- firewall lan input
- firewall wan output
The packet was visible on 1 and 2, but never on 3.
- The firewall was configured to reject this connection.
- Allow the necessary port in the firewall, if appropriate.