Check if the port is open and accessible from source server

  1. Attempt to telnet to the port that your application uses from the source server.
    • telnet [DEST-IP] [PORT]
      • Or
    • curl -v telnet://[DEST-IP]:[PORT]
  2. Attempt to telnet to another port you know the server is using (i.e. 22 or 80)
    • telnet [DEST-IP] 22
      • Or
    • curl -v telnet://[DEST-IP]:22

* If you are able to connect to a server on one port and not the other then the application is likely not listening on that port (run: netstat -tunlp or netstat -na) or the firewall on either the source or destination server are blocking it.

Check which device and route the server is taking

  1. Check the device it is using to connect
    • ip route get [DEST-IP]
  2. Check the routing table
    • netstat -rn
    • ip route show
  3. Repeat on Destination server

Use tcpdump to capture network data

  1. Capture the data for all network interfaces (-i any) to file
    • tcpdump -nvvv -i any -w /var/tmp/tcpdump.pcap
  2. Read the tcpdump data
    • tcpdump -nvvv -r /var/tmp/tcpdump.pcap
  3. Alternatively – apply filters to the tcpdump
    • Specify the IP Address for packets you want to see
      • tcpdump -nvvv -r /var/tmp/tcpdump.pcap host
    • Specify the port for packets you want to see
      • tcpdump -nvvv -r /var/tmp/tcpdump.pcap port 3306

TCP Packet Types

  • SYN: [S]: First packet sent from client to server
  • SYNACK [S.]: Acknowledgement from server that it received the SYN request
  • ACK [.]: After SYN-ACK, ACK appears on both servers to indicate that both servers are ready to go
  • PSH [P]: This packet indicates that data is actually being transferred
  • PSHACK [P.]: Used to acknowledge a previous packet and send data to the recipient
  • FIN [F.]: Finish packet, used to tell the server that there is no more data and it can closed the established connection
  • RST [R]: Reset packet, source system wished to reset the connection. In general this is due to an error or the target port is not actually in listening status
  • RSTACK [R.]: Acknowledge that the previous reset packet was received

Leave a Reply

Your email address will not be published. Required fields are marked *