f



How to check if traffic is reaching a socket that something is listening on?

Hi,

What is the best way to tell if traffic is reaching a socket?
netstat -i is convenient for checking counters in/out of an interface, but how to tell if that traffic is reaching a socket?

Thanks
0
Lax
8/6/2016 9:43:30 PM
comp.os.linux.networking 15677 articles. 0 followers. Post Follow

5 Replies
300 Views

Similar Articles

[PageSpeed] 23

On Sat, 2016-08-06, Lax Clarke wrote:
> Hi,
>
> What is the best way to tell if traffic is reaching a socket?
> netstat -i is convenient for checking counters in/out of an
> interface, but how to tell if that traffic is reaching a socket?

A more concrete example would give you better answers.
(E.g. from which side are you looking?  TCP, UDP or something else?)

/Jorgen

-- 
  // Jorgen Grahn <grahn@  Oo  o.   .     .
\X/     snipabacken.se>   O  o   .
0
Jorgen
8/6/2016 10:02:05 PM
On Saturday, August 6, 2016 at 6:02:08 PM UTC-4, Jorgen Grahn wrote:
> On Sat, 2016-08-06, Lax Clarke wrote:
> > Hi,
> >
> > What is the best way to tell if traffic is reaching a socket?
> > netstat -i is convenient for checking counters in/out of an
> > interface, but how to tell if that traffic is reaching a socket?
> 
> A more concrete example would give you better answers.
> (E.g. from which side are you looking?  TCP, UDP or something else?)
> 

Suppose I have a httpd listening on 80 on a linux box.  I try to connect to it from another host, but cannot connect. I do not see any SYNACK returning to the other host.

From the httpd box, I can see netstat -i counters go up on the correct interface.  I also see the SYN packets coming into this host.  Now how would I check if the socket that httpd is listening on is getting packets?
0
Lax
8/6/2016 10:38:39 PM
On Sat, 06 Aug 2016 14:43:30 -0700, Lax Clarke wrote:

> Hi,
> 
> What is the best way to tell if traffic is reaching a socket?
> netstat -i is convenient for checking counters in/out of an interface,
> but how to tell if that traffic is reaching a socket?
> 
> Thanks

tcpdump
0
Joe
8/8/2016 1:19:58 PM
On Sat, 2016-08-06, Lax Clarke wrote:
> On Saturday, August 6, 2016 at 6:02:08 PM UTC-4, Jorgen Grahn wrote:
>> On Sat, 2016-08-06, Lax Clarke wrote:
>> > Hi,
>> >
>> > What is the best way to tell if traffic is reaching a socket?
>> > netstat -i is convenient for checking counters in/out of an
>> > interface, but how to tell if that traffic is reaching a socket?
>> 
>> A more concrete example would give you better answers.
>> (E.g. from which side are you looking?  TCP, UDP or something else?)
>> 
>
> Suppose I have a httpd listening on 80 on a linux box.  I try to
> connect to it from another host, but cannot connect. I do not see
> any SYNACK returning to the other host.
>
> From the httpd box, I can see netstat -i counters go up on the
> correct interface.  I also see the SYN packets coming into this
> host.  Now how would I check if the socket that httpd is listening
> on is getting packets?

Good description!

I guess if you've debugged it /that/ far, the most likely candidate is
an iptables rule. 'iptables -vL' will show you if any counter is
increasing when it shouldn't.

Then there's 'netstat -s' (-s6 for IPv6) too: pretty detailed counters
in the IP, TCP and UDP stacks ... later than the firewall, I guess.
Or maybe packets dropped by iptables are counted as "discarded" there;
I forget.

If everything looks fine there, perhaps the SYN /does/ reach the
socket, but the responses don't go out.  Then see if you can ping the
other box from the server.

That's probably not a complete list, but it's a few things I'd try
anyway.

/Jorgen

-- 
  // Jorgen Grahn <grahn@  Oo  o.   .     .
\X/     snipabacken.se>   O  o   .
0
Jorgen
8/8/2016 4:19:10 PM
Le 08/08/2016 à 15:19, Joe Beanfish a écrit :
> On Sat, 06 Aug 2016 14:43:30 -0700, Lax Clarke wrote:
>>
>> What is the best way to tell if traffic is reaching a socket?
>> netstat -i is convenient for checking counters in/out of an interface,
>> but how to tell if that traffic is reaching a socket?
>
> tcpdump
>
Not quite. tcpdump captures the traffic at the interface, way before 
sanity checks, iptables rules, routing decision, fragment reassembly and 
so on.
0
Pascal
8/9/2016 11:46:26 AM
Reply: