On Mon, Mar 1, 2010 at 5:24 AM, Hiren Joshi <[email protected]> wrote: > I'm not hitting the max states (this is set to a high enough number) and > a tcp dump is impractical as this is not a consistent failure. >
tcpdump is never impractical. :) In fact it's really the only way you're going to get any further with this. 1 in 100 or even 1 in 1000 isn't difficult to handle, just get the headers in the capture to keep the size down, and the analysis tools in Wireshark make it easy to pick out the problem without browsing through thousands of frames. Get two simultaneous captures, one on LAN (or whatever internal interface) and one on WAN. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
