Disclaimer

The content of this material are challenges faced onsite and how I personally resolved them. Please be noted that solutions posted here

1> should not be considered as ultimate. The material may be considered for reference only.

2> should not be considered as guarantee that solutions may work. Contact Cyberoam support before making any changes.

3> blog does NOT belong to the Cyberoam. It's a blog...a personal blog.

Changes done after referring this site may seriously damage the network. So...

........DO CHANGES AT YOUR OWN RISK

(please contact cyberoamsupport before implementing any changes)

Thursday, 13 February 2014

TCPDUMP with Cyberoam : in depth Analysis

As promised, here is how you can interpret TCPdump on Cyberoam. In this article I am going to change the source IP as SRC and destination IP ad DST.

1> A TCP packet on port 80 : A simple TCP handshake

console> tcpdump "host DST and port 80
tcpdump: Starting Packet Dump
07:11:33.546865 PortB, OUT: IP SRC.48500 > DST.80: Flags [S], seq 1143423923, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
07:11:33.800460 PortB, IN: IP DST.80 > SRC.48500: Flags [S.], seq 2495986521, ack 1143423924, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
07:11:33.800545 PortB, OUT: IP SRC.48500 > DST.80: Flags [.], ack 1, win 183, length 0

I will explain the first packet and there after it will be easy for understanding the other packets:


07:11:33.546865 PortB, OUT: IP SRC.48500 > DST.80: Flags [S], seq 1143423923, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0






Will try to add my 2 cents on windows scaling in next blog

2 comments:

  1. Although off topic on this post I need help with my Cyberoam Cr35ing. I use it to control access to Internet in my business. The IP address is the WAN interface is an internal address of the ISP. Using NAT in Cyberoam internal users can access the Internet. However the Cyberoam fails when trying to update and I guess it's because it tries to do so with the IP address of the WAN interface that is not a real Internet IP. I need help understanding how to tell the device that uses NAT to update from Internet.

    ReplyDelete
    Replies
    1. Please try following:
      1> Check if you are able to resolve cyberoamupdate.cyberoam.com from console, if it is on new version. If no change dns and try again.
      2> try telnet on telnet 103.29.28.16 80 from console : it should be fine
      3> is there any parent proxy enabled on the Cyberoam?

      please confirm

      Delete