Forum Discussion
Stefan_Klotz
May 02, 2016Cumulonimbus
Hi Mali,
I would try to sniffer next, to see what happend on network level. In case you are not using SNAT just filter on your sourceIP. Otherwise use the -p option to dump on "peer" flows:
tcpdump -ni 0.0:nnnp -s 0 host client-ip -w /var/tmp/traffic_from_client.cap
Note: Above capture takes advantage of new tcpdump flag "-p" that captures peer sides of the connection which
is useful when traffic is snatted on the serverside. It requires a little workaround to reset/clear the filter
internally (running a different capture without the -p flag that won't match original filter)
tcpdump -ni 0.0:nnn -s 0 port 1
Type Ctl -C to stop the capture immediately after it started.
Ciao Stefan 🙂