|
Most likely your server is a Linux server, if its a windows server then download wireshark and start captureing packets… If your using linux though…
First check if your server is listening on the correct ports: # netstat -ntlp
# netstat -nulp
-n dont resolve names, u/t udp or tcp, l show listening ports, p show the program pid
You should see your server up and running, if not try to start it up:
sysvinit
/etc/init.d/<service name> stop
/etc/init.d/<service name> start
systemd(using systemctl)
systemctl stop <service>
systemctl start <service>
systemctl status <service>
We will use tcpdump to see if traffic arrives (extremely random note: if your using rsyslog, you can see if traffic arrives by monitoring the syslog file – more on this randomness in another article). We will use netcat (network cat) to send traffic across to udp or tcp ports. Its like the good ol’ telnet test (which telnet can only test tcp, with netcat we can test both)
MONITOR TRAFFIC WITH TCPDUMP (EXAMPLE WITH RSYSLOG)
(How to setup rsyslog: HERE)
ON SERVER (WHERE LISTENING PORT IS AT)
using port 514 as example:
# tcpdump -i eth0 “tcp port 514” -X
or for absolute seq numbers
# tcpdump -i eth0 “tcp port 514” -XS
OR VERY VERBOSE:
# tcpdump -i eth0 “tcp port 514” -vvX
or for absolute seq numbers
# tcpdump -i eth0 “tcp port 514” -vvXS
Legend:
-X show ascii output, vv very verbose, S show absolute seq numbers, -i interface
ON CLIENT
On another pc (client)
TCP:
# nc -vt <ip> <port>
# telnet <ip> <port>
NOTE: telnet works from MS WIN cmd prompt
or
# nc -vu <ip> <port>
Quick Notes on Flags:
then start typing, note on tcpdumps flags
Flag
[S] = Syn
[.] = Ack
[P] = Push
[F] = Fin
UDP traffic intesrting: we dont have an ac for everything and we dont have 3 way connection obviously
|