iptrace?

Wed Jul 2 05:27:23 UTC 2008

2008/6/4 Markus Schönhaber <ubuntu-users at list-post.mks-mail.de>:
> Dotan Cohen wrote:
>
>> 2008/6/4 Markus Schönhaber <ubuntu-users at list-post.mks-mail.de>:
>
>>> But is it reproducible in the sense that when it happens, it happens
>>> more than once?
>>
>> Yes, the problem could persist for 15 minutes, then browsing goes back
>> to normal.
>
> Good (in the sense that you can do some measurements when it happens again).
> When it happens again, you could do the following:
> - Close all network-related applications (browser, mail client etc.).
> - Start tcpdump (you may have to install it):
> sudo tcpdump -s 0 -w <some file name> -i <name of external interface>
> - Do some webbrowsing.
> We can take al look at what tcpdump captured afterwards.
>
>> I don't think that they did. Actually, I'm almost certain that they
>> did not. I will file a bug with Mozilla that such information should
>> be included in the error message.
>
> What I wanted to find out is whether it's really a firefox generated
> message. In most error cases the server or the proxy will send an error
> page which the browser simply displays but has no influence what info is
> provided on this page - but the name of the server might be among them.
>
>>> I'm not familiar with mtr. But two things catch my eye:
>>> 1. The "Resolver error"s on some of the shots.
>>> 2. The massive packet loss on some .bezequint.net machines.
>>
>> That is the ISP's machine. They have seen the screenshots and say that
>> is normal.
>
> OK, in combination with what you mentioned in your other post, that this
> was due to traffic shaping, this might be true. mtr sends ICMP echo
> requests which might indeed get dropped in favour of more important
> packets (but for very little gain).
> Nevertheless this doesn't sound convincing to me. I'd rather read that
> as: "Sorry, pal. When that happens to you, we have shaped you out of the
> way. Bad luck, mate".
>
> Since you started this thread with asking for iptrace which, as I
> understand it, was suggested to you by your ISP's tech: it might be
> worthwhile to find out, what exactly the tech wanted you to do with
> iptrace, i. e. what exactly he wanted you to measure.
> If you know that, you can probably do this measurement with some other
> means/tool.
>

It took a month, but here is the results on my tcpdump:
http://dotancohen.com/images/examples/tcpdumpoutput.txt

It seems to be a binary file, but I was able to read a bit of it with
strings. What program is used to read this?

I opened tcpdump and then Firefox, went to slashdot.com, quickly
realized my misktake and hit ESC, went to slashdot.org, it timed out,
then I went to google.com which loaded. I then closed Firefox and
tcpdump.

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tcpdumpoutput.txt
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080702/63d06c5f/attachment.txt>