Having just discovered wireshark, I'll agree =) I'm using the "packet capture" bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark.
Thanks, Josh. > -----Original Message----- > From: Chris Buechler [mailto:[email protected]] > Sent: 02 March 2010 05:31 > To: [email protected] > Subject: Re: [pfSense Support] Slow TCP connection > > On Mon, Mar 1, 2010 at 5:24 AM, Hiren Joshi > <[email protected]> wrote: > > I'm not hitting the max states (this is set to a high > enough number) and > > a tcp dump is impractical as this is not a consistent failure. > > > > tcpdump is never impractical. :) In fact it's really the only way > you're going to get any further with this. 1 in 100 or even 1 in 1000 > isn't difficult to handle, just get the headers in the capture to keep > the size down, and the analysis tools in Wireshark make it easy to > pick out the problem without browsing through thousands of frames. Get > two simultaneous captures, one on LAN (or whatever internal interface) > and one on WAN. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
