Package: tcpdump Version: 3.9.5-2etch1 Severity: minor Tags: upstream Hi,
Filing this as minor bug instead of wishlist because it caused quite a few hours wasted trying to debug a network that is perfectly o.k., at least wrt this particular symptom. Tracing NFS traffic with tcpdump gets a lot of output like 10:40:28.061910 IP 10.0.1.2.2049 > 10.0.2.59.1918463537: reply ERR 4344 10:40:28.061914 IP 10.0.1.2.2049 > 10.0.2.59.1885762903: reply ERR 1084 10:40:28.062079 IP 10.0.1.2.2049 > 10.0.2.59.1147232561: reply ERR 1332 in between the normal traffic. NFS seems to work, but since we've had occasional performance problems, I really wanted to get this fixed... Some hours later I discovered, when cross-checking tcpdump output with wireshark's output, that these supposed "Errors" are only segments of NFS requests/replies that get reassembled -- wireshark shows this nicely: the "ERR" packages are labled as "TCP segment of a reassembled PDU", and the last segment has the full decoded packet. Now I wouldn't expect tcpdump to implement the whole (probably quite complicated) segmentation logic of wireshark, but retitling the very misleading "ERR" to, perhaps, "Unknown" would be appropriate: there is no error condition in this case. cheers -- vbi -- You are what you see.
signature.asc
Description: This is a digitally signed message part.
