I don't have root access to that server but I should be able to get it then get some tcpdumps. On Thu, Jul 24, 2014 at 3:18 PM, Matthew Petach <mpetach@netflight.com> wrote:
On Thu, Jul 24, 2014 at 12:13 PM, Zach Hill <zach.reborn@gmail.com> wrote:
All are from SPAN ports at each end. So for the second round of packet captures Site 1 is from a SPAN port off the NIC of Server A. Site 2 is from a SPAN port off the NIC of the MPLS router.
The first round of packet captures are only from the SPAN port off the MPLS router at Site 2.
I have to dash out of a few hours; but the short answer is the first round of packet captures are too far from the host to matter.
second set are doing better, but still would be best to compare with tcpdumps from the device A itself, to see what it thinks it's sending out, vs what is seen upstream of it. Can you grab tcpdumps from server A itself?
Thanks!
Matt
On Thu, Jul 24, 2014 at 3:08 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 24 Jul 2014 14:33:56 -0400, Zach Hill said:
First is the SYN from Server A to Server B http://i.imgur.com/E5cu4ev.png
Was this captured with tcpdump on Server A on its way out, or on Server B on its way in, or at some other point using a span port? The answer matters if we're suspecting that something along the way is stomping the option....