As promised, here is how you can interpret TCPdump on Cyberoam. In this article I am going to change the source IP as SRC and destination IP ad DST.
1> A TCP packet on port 80 : A simple TCP handshake
console> tcpdump "host DST and port 80
tcpdump: Starting Packet Dump
07:11:33.546865 PortB, OUT: IP SRC.48500 > DST.80: Flags [S], seq 1143423923, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
07:11:33.800460 PortB, IN: IP DST.80 > SRC.48500: Flags [S.], seq 2495986521, ack 1143423924, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
07:11:33.800545 PortB, OUT: IP SRC.48500 > DST.80: Flags [.], ack 1, win 183, length 0
I will explain the first packet and there after it will be easy for understanding the other packets:
07:11:33.546865 PortB, OUT: IP SRC.48500 > DST.80: Flags [S], seq 1143423923, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
Will try to add my 2 cents on windows scaling in next blog
Although off topic on this post I need help with my Cyberoam Cr35ing. I use it to control access to Internet in my business. The IP address is the WAN interface is an internal address of the ISP. Using NAT in Cyberoam internal users can access the Internet. However the Cyberoam fails when trying to update and I guess it's because it tries to do so with the IP address of the WAN interface that is not a real Internet IP. I need help understanding how to tell the device that uses NAT to update from Internet.
ReplyDeletePlease try following:
Delete1> Check if you are able to resolve cyberoamupdate.cyberoam.com from console, if it is on new version. If no change dns and try again.
2> try telnet on telnet 103.29.28.16 80 from console : it should be fine
3> is there any parent proxy enabled on the Cyberoam?
please confirm