tcpdump - How to check if server received packet (acknowledged) - tcpdump
i am running tcpdump on my server to capture the traffic between my server (ServerA) and a remote server (ServerB). I do not know how to properly read output from tcpdump. Could someone point out if ServerB is acknowledging that the packets being sent from ServerA are actually being received by ServerB? Here is the tcpdump log:
2015-03-31 11:32:18.038284 IP (tos 0x0, ttl 64, id 30781, offset 0, flags [DF], proto TCP (6), length 60)
ServerA.14033 > ServerB.8004: Flags [S], cksum 0x02bd (correct), seq 337482636, win 14600, options [mss 1460,nop,nop,TS val 506588081 ecr 0,nop,wscale 7], length 0
0x0000: 4500 003c 783d 4000 4006 bae4 0a04 7a0e E.. ServerA.14033: Flags [S.], cksum 0x3b2a (correct), seq 1742982091, ack 337482637, win 4140, options [mss 1380,nop,wscale 0], length 0
0x0000: 4500 0030 5ff2 0000 f606 5d3b cefd b48a E..0_.....];....
0x0010: 0a04 7a0e 1f44 36d1 67e3 cbcb 141d 938d ..z..D6.g.......
0x0020: 7012 102c 3b2a 0000 0204 0564 0103 0300 p..,;*.....d....
2015-03-31 11:32:18.078622 IP (tos 0x0, ttl 64, id 30782, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [.], cksum 0x7657 (correct), seq 337482637, ack 1742982092, win 115, length 0
0x0000: 4500 0028 783e 4000 4006 baf7 0a04 7a0e E..(x>#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 938d 67e3 cbcc ....6..D....g...
0x0020: 5010 0073 7657 0000 P..svW..
2015-03-31 11:32:18.093197 IP (tos 0x0, ttl 64, id 30783, offset 0, flags [DF], proto TCP (6), length 208)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x085d (incorrect -> 0x43ad), seq 337482637:337482805, ack 1742982092, win 115, length 168
0x0000: 4500 00d0 783f 4000 4006 ba4e 0a04 7a0e E...x?#.#..N..z.
0x0010: cefd b48a 36d1 1f44 141d 938d 67e3 cbcc ....6..D....g...
0x0020: 5018 0073 085d 0000 1603 0100 a301 0000 P..s.]..........
0x0030: 9f03 0155 1abe 0244 8cef bc2f fbaf 01ba ...U...D.../....
0x0040: d77a de09 8698 1584 9755 7a91 e895 0636 .z.......Uz....6
0x0050: 5d53 bd00 0038 c00a c014 0035 c005 c00f ]S...8.....5....
0x0060: 0039 0038 c009 c013 002f c004 c00e 0033 .9.8...../.....3
0x0070: 0032 c007 c011 0005 c002 c00c c008 c012 .2..............
0x0080: 000a c003 c00d 0016 0013 0004 00ff 0100 ................
0x0090: 003e 000a 0034 0032 0017 0001 0003 0013 .>...4.2........
0x00a0: 0015 0006 0007 0009 000a 0018 000b 000c ................
0x00b0: 0019 000d 000e 000f 0010 0011 0002 0012 ................
0x00c0: 0004 0005 0014 0008 0016 000b 0002 0100 ................
....
...Cert Exchange
....
2015-03-31 11:32:18.152983 IP (tos 0x0, ttl 247, id 24608, offset 0, flags [none], proto TCP (6), length 225)
ServerB.8004 > ServerA.14033: Flags [P.], cksum 0x71b6 (correct), seq 1742986232:1742986417, ack 337482805, win 4308, length 185
0x0000: 4500 00e1 6020 0000 f706 5b5c cefd b48a E...`.....[\....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dbf8 141d 9435 ..z..D6.g......5
0x0020: 5018 10d4 71b6 0000 0105 0507 0303 0609 P...q...........
0x0030: 6086 4801 86f8 4204 0106 0a60 8648 0186 `.H...B....`.H..
0x0040: f845 0108 0130 0d06 092a 8648 86f7 0d01 .E...0...*.H....
0x0050: 0105 0500 0381 8100 1302 ddf8 e886 00f2 ................
0x0060: 5af8 f820 0c59 8862 07ce cef7 4ef9 bb59 Z....Y.b....N..Y
0x0070: a198 e5e1 38dd 4ebc 6618 d3ad eb18 f20d ....8.N.f.......
0x0080: c96d 3e4a 9420 c33c babd 6554 c6af 44b3 .m>J.........c..^.
0x00a0: e52a 67ce cd33 0c2a d789 5603 231f b3be .*g..3.*..V.#...
0x00b0: e83a 0859 b4ec 4535 f78a 5bff 66cf 50af .:.Y..E5..[.f.P.
0x00c0: c66d 578d 1978 b7b9 a2d1 57ea 1f9a 4baf .mW..x....W...K.
0x00d0: bac9 8e12 7ec6 bdff 1603 0100 040e 0000 ....~...........
0x00e0: 00 .
2015-03-31 11:32:18.152999 IP (tos 0x0, ttl 64, id 30787, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [.], cksum 0x6470 (correct), seq 337482805, ack 1742986417, win 205, length 0
0x0000: 4500 0028 7843 4000 4006 baf2 0a04 7a0e E..(xC#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9435 67e3 dcb1 ....6..D...5g...
0x0020: 5010 00cd 6470 0000 P...dp..
2015-03-31 11:32:18.166971 IP (tos 0x0, ttl 64, id 30788, offset 0, flags [DF], proto TCP (6), length 307)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x08c0 (incorrect -> 0xf8ac), seq 337482805:337483072, ack 1742986417, win 205, length 267
0x0000: 4500 0133 7844 4000 4006 b9e6 0a04 7a0e E..3xD#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9435 67e3 dcb1 ....6..D...5g...
0x0020: 5018 00cd 08c0 0000 1603 0101 0610 0001 P...............
0x0030: 0201 0086 f933 32c1 9576 1c51 5f32 c8b2 .....32..v.Q_2..
0x0040: 7b59 5d79 3fd1 45c4 43c7 2231 1336 ff4b {Y]y?.E.C."1.6.K
0x0050: 3cb9 2851 88dd 377a 3bfc b7cf 7e8c 0c2c w..nK_...T.
0x00c0: f7b0 587c 73ca 1cd5 f292 304b 8eb1 2151 ..X|s.....0K..!Q
0x00d0: ac45 ad62 4328 9ed0 dd74 6767 d5ea 986e .E.bC(...tgg...n
0x00e0: d14c def4 bcd2 ff1f a9e3 c047 acfe 0aee .L.........G....
0x00f0: 2652 4e89 cf1c f700 6da5 1827 213a 4b1b &RN.....m..'!:K.
0x0100: d447 a3fd 35d1 8282 743a 17a2 b27f c66a .G..5...t:.....j
0x0110: 7fd1 db43 facb 6d89 614c 4f0d 7fb6 d985 ...C..m.aLO.....
0x0120: 6ee1 b1c7 50ad 0dfe b218 dc21 9973 8894 n...P......!.s..
0x0130: c0f0 42 ..B
2015-03-31 11:32:18.167830 IP (tos 0x0, ttl 64, id 30789, offset 0, flags [DF], proto TCP (6), length 46)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x07bb (incorrect -> 0x4d53), seq 337483072:337483078, ack 1742986417, win 205, length 6
0x0000: 4500 002e 7845 4000 4006 baea 0a04 7a0e E...xE#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9540 67e3 dcb1 ....6..D...#g...
0x0020: 5018 00cd 07bb 0000 1403 0100 0101 P.............
2015-03-31 11:32:18.168755 IP (tos 0x0, ttl 64, id 30790, offset 0, flags [DF], proto TCP (6), length 81)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x07de (incorrect -> 0xf231), seq 337483078:337483119, ack 1742986417, win 205, length 41
0x0000: 4500 0051 7846 4000 4006 bac6 0a04 7a0e E..QxF#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9546 67e3 dcb1 ....6..D...Fg...
0x0020: 5018 00cd 07de 0000 1603 0100 24c4 5c80 P...........$.\.
0x0030: 8efa bc61 ecd8 bc27 0578 b2b9 36c2 4bad ...a...'.x..6.K.
0x0040: 9419 9bab 4c62 2259 84bf 1b60 f8e8 772c ....Lb"Y...`..w,
0x0050: fb .
2015-03-31 11:32:18.196123 IP (tos 0x0, ttl 247, id 24624, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [.], cksum 0x5247 (correct), seq 1742986417, ack 337483078, win 4581, length 0
0x0000: 4500 0028 6030 0000 f706 5c05 cefd b48a E..(`0....\.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dcb1 141d 9546 ..z..D6.g......F
0x0020: 5010 11e5 5247 0000 0000 0000 0000 P...RG........
2015-03-31 11:32:18.197205 IP (tos 0x0, ttl 247, id 24628, offset 0, flags [none], proto TCP (6), length 87)
ServerB.8004 > ServerA.14033: Flags [P.], cksum 0xc1b9 (correct), seq 1742986417:1742986464, ack 337483119, win 4622, length 47
0x0000: 4500 0057 6034 0000 f706 5bd2 cefd b48a E..W`4....[.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dcb1 141d 956f ..z..D6.g......o
0x0020: 5018 120e c1b9 0000 1403 0100 0101 1603 P...............
0x0030: 0100 24df dca5 f8a1 8b4f 71de 93db 5d12 ..$......Oq...].
0x0040: 9c44 cdd9 555b bb7b 76d5 6b22 30af b533 .D..U[.{v.k"0..3
0x0050: 8522 b2f0 eed6 11 .".....
2015-03-31 11:32:18.236557 IP (tos 0x0, ttl 64, id 30791, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [.], cksum 0x6307 (correct), seq 337483119, ack 1742986464, win 205, length 0
0x0000: 4500 0028 7847 4000 4006 baee 0a04 7a0e E..(xG#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 956f 67e3 dce0 ....6..D...og...
0x0020: 5010 00cd 6307 0000 P...c...
2015-03-31 11:32:28.200453 IP (tos 0x0, ttl 64, id 30792, offset 0, flags [DF], proto TCP (6), length 549)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x09b2 (incorrect -> 0x3a9c), seq 337483119:337483628, ack 1742986464, win 205, length 509
0x0000: 4500 0225 7848 4000 4006 b8f0 0a04 7a0e E..%xH#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 956f 67e3 dce0 ....6..D...og...
0x0020: 5018 00cd 09b2 0000 1703 0101 f8d4 7621 P.............v!
0x0030: 6c4f 7bf9 8de8 2ec8 048f fc38 37ee aa2a lO{........87..*
0x0040: ffe0 7052 95e1 3df8 a1fa 36c5 d1f2 bee9 ..pR..=...6.....
0x0050: 5b6f f4ab a895 5caf c024 2150 f52a dede [o....\..$!P.*..
0x0060: 4042 22bd a443 1d38 c85a 0c12 0cbc 2f07 #B"..C.8.Z..../.
0x0070: 7bf4 2cd4 f1f9 bacd 17d9 d456 f4be 47f1 {.,........V..G.
0x0080: 99c2 2f01 705f 2c8f 5b6c c4d9 041e 85b8 ../.p_,.[l......
0x0090: 7a44 6bde 499f b86b 8c46 d55a 5571 6026 zDk.I..k.F.ZUq`&
0x00a0: 6601 e57d b91b a45d e1c0 50c6 faaa 5eeb f..}...]..P...^.
0x00b0: afd7 4b72 3241 eb78 02a8 8787 35c7 214c ..Kr2A.x....5.!L
0x00c0: 9035 1741 dde5 3b40 3471 1627 575a 8235 .5.A..;#4q.'WZ.5
0x00d0: d256 2104 13c3 cdce cb9b abe2 4099 6e23 .V!.........#.n#
0x00e0: 6548 a2f8 6b89 78f2 c02f 6576 6f8b d96a eH..k.x../evo..j
0x00f0: 2e82 bfb8 b5eb 3319 6fdb 6acd 45d5 bf32 ......3.o.j.E..2
0x0100: b212 e525 e366 7483 35c9 a1a5 aadd b394 ...%.ft.5.......
0x0110: 7aa5 5b60 fb7a ab4d 77ef d883 c117 0bdf z.[`.z.Mw.......
0x0120: 58b7 8778 a85f c5e1 b197 61e7 fdc5 e877 X..x._....a....w
0x0130: b66c 1e7e 32be 4c86 266a 225f 5e9a ec30 .l.~2.L.&j"_^..0
0x0140: be10 5d58 0787 a207 7d69 0aec bea2 4328 ..]X....}i....C(
0x0150: 2402 ab9d 52b3 0b0d a65b 3002 4ca6 dbec $...R....[0.L...
0x0160: b03a abe0 1164 254f 70b3 0515 f42a c54a .:...d%Op....*.J
0x0170: 9f26 1264 b6af 042b 27ef 74a9 73a1 930b .&.d...+'.t.s...
0x0180: 7083 5780 1c9d 54b4 dec5 2794 0e7c 1c92 p.W...T...'..|..
0x0190: 84ff a204 252a f85c 3c99 8e72 92a2 6645 ....%*.\ ServerA.14033: Flags [.], cksum 0x4dcc (correct), seq 1742986464, ack 337483628, win 5131, length 0
0x0000: 4500 0028 7803 0000 f706 4432 cefd b48a E..(x.....D2....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d 976c ..z..D6.g......l
0x0020: 5010 140b 4dcc 0000 0000 0000 0000 P...M.........
2015-03-31 11:32:28.352967 IP (tos 0x0, ttl 64, id 30793, offset 0, flags [DF], proto TCP (6), length 549)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x09b2 (incorrect -> 0x6c1d), seq 337483628:337484137, ack 1742986464, win 205, length 509
0x0000: 4500 0225 7849 4000 4006 b8ef 0a04 7a0e E..%xI#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 976c 67e3 dce0 ....6..D...lg...
0x0020: 5018 00cd 09b2 0000 1703 0101 f8a8 aec5 P...............
0x0030: 12bd 0d07 0766 9ae0 d9b4 ef64 21b5 51c4 .....f.....d!.Q.
0x0040: a9e1 2f5d c678 addc 7f3b 51c8 395e 2d18 ../].x...;Q.9^-.
0x0050: 782b 51ed 9fce cfb6 9221 d96f 6c1a de16 x+Q......!.ol...
0x0060: 2ad2 ef52 d984 c8a8 13c5 746d 99bc b4ed *..R......tm....
0x0070: c258 327e 0758 c5f6 6476 422c 3794 972d .X2~.X..dvB,7..-
0x0080: b018 e6e1 fa97 2b87 a8d4 d515 9799 ac35 ......+........5
0x0090: d5ae 878b b356 7b8d 4029 ec82 cc7b 408d .....V{.#)...{#.
0x00a0: 259a 9516 9104 91c9 1bd4 6957 2e31 a6a4 %.........iW.1..
0x00b0: 0232 1820 9424 f141 ef6a 13eb 3389 b012 .2...$.A.j..3...
0x00c0: 5643 d35e dd9f 0b62 296f e946 0efa 53de VC.^...b)o.F..S.
0x00d0: 20a2 fdcf cc38 55d1 57f8 f8f5 a76e 74d1 .....8U.W....nt.
0x00e0: 507a 7fc4 d09f 5882 4965 b222 6c3b 3c9e Pz....X.Ie."l;....H
0x01e0: eb32 a4aa 7036 3824 8e6b ca66 8e48 13fe .2..p68$.k.f.H..
0x01f0: 75e3 1ff2 a39c 3c20 bf6f 174f cb9b 6c02 u..... ServerA.14033: Flags [.], cksum 0x49d2 (correct), seq 1742986464, ack 337484137, win 5640, length 0
0x0000: 4500 0028 784a 0000 f706 43eb cefd b48a E..(xJ....C.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d 9969 ..z..D6.g......i
0x0020: 5010 1608 49d2 0000 0000 0000 0000 P...I.........
2015-03-31 11:32:28.505265 IP (tos 0x0, ttl 64, id 30794, offset 0, flags [DF], proto TCP (6), length 549)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x09b2 (incorrect -> 0x2232), seq 337484137:337484646, ack 1742986464, win 205, length 509
0x0000: 4500 0225 784a 4000 4006 b8ee 0a04 7a0e E..%xJ#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9969 67e3 dce0 ....6..D...ig...
0x0020: 5018 00cd 09b2 0000 1703 0101 f84f 08ba P............O..
0x0030: f2eb 392d 0788 0e12 1914 8d29 db0b 61e4 ..9-.......)..a.
0x0040: 11c4 3e4d 0433 4eb5 758b 42ad 0581 d6b7 ..>M.3N.u.B.....
0x0050: a9ac 47e0 c858 5fbc 81b9 3991 8446 4b7d ..G..X_...9..FK}
0x0060: 3516 e09d 0202 ad55 67e6 d1da 6482 9e11 5......Ug...d...
0x0070: 1231 d4d4 bd77 264a 2117 549a fa15 9849 .1...w&J!.T....I
0x0080: 5019 1519 a62c 9e96 8623 c6d4 c669 ca4c P....,...#...i.L
0x0090: 1cdd c19c f8a9 95e6 4665 162e df93 e540 ........Fe.....#
0x00a0: 0fb7 955f b277 26b9 8723 adef d4de 9877 ..._.w&..#.....w
0x00b0: f96d 1e35 736a b821 d46d 549f adcd 6672 .m.5sj.!.mT...fr
0x00c0: 4986 d7a5 3339 64ba b88c fd16 88c8 3ac8 I...39d.......:.
0x00d0: 83b0 e533 0ff8 cbb1 7c45 680b 06ed 9c47 ...3....|Eh....G
0x00e0: 1f9d 3837 aedb da12 670c bf51 22d8 f48f ..87....g..Q"...
0x00f0: bf40 f88e d4ed 4a0b 1d36 4eb9 ace9 c007 .#....J..6N.....
0x0100: 4f2d 9647 aec1 3b5c 1bf9 22a5 86a7 9d92 O-.G..;\..".....
0x0110: b44b 077e 3e84 03f8 97ce f07f f535 2e13 .K.~>........5..
0x0120: 9dd1 914a 2c61 599f 4ed5 e492 b3d4 5f0f ...J,aY.N....._.
0x0130: 6c61 235c a38b 5b2b 753d b328 22a8 8f8b la#\..[+u=.("...
0x0140: cc1e 75a1 67b4 84f4 fa2e b235 5ee6 a845 ..u.g......5^..E
0x0150: 0754 9599 7f46 f761 77d7 6328 e0cc fe1a .T...F.aw.c(....
0x0160: 5775 e892 e68d 003f d2c4 2c8c 8c65 5395 Wu.....?..,..eS.
0x0170: 16ac 91e3 f18c 7117 dfb6 c216 9cad acde ......q.........
0x0180: 3594 5ea7 9401 50c8 f8b7 eb7c 3e11 ddbf 5.^...P....|>...
0x0190: eaef 20ad 3030 2865 2963 c837 6edc 3580 ....00(e)c.7n.5.
0x01a0: b79c b88b f34c df62 47c0 cfaf d328 8090 .....L.bG....(..
0x01b0: 1f90 7f15 a38e c5ea 1faa 2e53 0b29 5840 ...........S.)X#
0x01c0: 5b1e b5fb a7cb 8417 e62e 13ac b212 dc85 [...............
0x01d0: 2fb9 4708 0b72 ac9d 22bc 7c50 db62 0296 /.G..r..".|P.b..
0x01e0: 92f3 ad3e 279c e76b 2b1e 752b ac2b 100c ...>'..k+.u+.+..
0x01f0: 9290 09c7 1cd6 ba11 1e5c 13d3 b0c0 9d76 .........\.....v
0x0200: a6ab 0df5 10b3 7059 e74b 960d bc34 0371 ......pY.K...4.q
0x0210: 9715 4fcd f194 8fd7 28a2 feed faee 2f63 ..O.....(...../c
0x0220: a708 e77d 35 ...}5
2015-03-31 11:32:28.633819 IP (tos 0x0, ttl 247, id 30844, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [.], cksum 0x45d8 (correct), seq 1742986464, ack 337484646, win 6149, length 0
0x0000: 4500 0028 787c 0000 f706 43b9 cefd b48a E..(x|....C.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d 9b66 ..z..D6.g......f
0x0020: 5010 1805 45d8 0000 0000 0000 0000 P...E.........
2015-03-31 11:32:28.656994 IP (tos 0x0, ttl 64, id 30795, offset 0, flags [DF], proto TCP (6), length 549)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x09b2 (incorrect -> 0xfbfb), seq 337484646:337485155, ack 1742986464, win 205, length 509
0x0000: 4500 0225 784b 4000 4006 b8ed 0a04 7a0e E..%xK#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d 9b66 67e3 dce0 ....6..D...fg...
0x0020: 5018 00cd 09b2 0000 1703 0101 f8b8 e319 P...............
0x0030: c5b4 1996 a85d 2940 86ce 5908 c91e f700 .....])#..Y.....
0x0040: 9f7a 9c04 920b bcd3 c4e8 d15d 1842 c5c5 .z.........].B..
0x0050: 27fd e7a9 81f2 9894 d746 a850 6c82 a3eb '........F.Pl...
0x0060: f372 cd30 9998 612e e54a 81b7 f044 85cb .r.0..a..J...D..
0x0070: dff8 7554 4fdf d253 cb23 c538 0ff4 e08b ..uTO..S.#.8....
0x0080: 60a5 bdaf 60c1 0c19 6c25 baa8 c4bd f0f3 `...`...l%......
0x0090: fb46 9d7e 58c1 87d8 8cdc 6e01 155e fec5 .F.~X.....n..^..
0x00a0: a03f 97c2 3455 5fb7 1b4d 6ad1 7234 7f18 .?..4U_..Mj.r4..
0x00b0: c9a9 8b3d f5f2 f4cf 5f03 8bd6 6259 8dc8 ...=...._...bY..
0x00c0: 23c6 9dab f6eb 3ade cb9d 9b21 2cb7 b21d #.....:....!,...
0x00d0: 0cdb 4b18 e192 9390 94c2 98dd 6ef4 43ad ..K.........n.C.
0x00e0: 7512 2996 af87 e106 ed1e b12b 31d0 8bbf u.)........+1...
0x00f0: f6b1 8b09 e636 6ae8 f9e9 1bf0 aea9 c8da .....6j.........
0x0100: c49b b54e 28d2 dc16 431e fd8d cb34 be14 ...N(...C....4..
0x0110: 88fc cc7b 2f6f 4bac 2d02 124b 5be2 c1a2 ...{/oK.-..K[...
0x0120: 64ed 4b18 361a c883 5982 a624 d13f b3e6 d.K.6...Y..$.?..
0x0130: 7161 cddf 99e6 9f80 f061 2df2 30cc e410 qa.......a-.0...
0x0140: eb45 319d 34c7 26a0 2d3b e636 230e b0d1 .E1.4.&.-;.6#...
0x0150: c0e6 a6e6 8279 9a13 7def 28be 2e27 2915 .....y..}.(..').
0x0160: 8e02 b350 cd67 c41d e9fb f880 5a34 de1a ...P.g......Z4..
0x0170: b621 8017 68d9 6eca 54bb acc6 85ec a7d5 .!..h.n.T.......
0x0180: 4a2e 637b 4d4a 8e76 193d 0478 8bbf d283 J.c{MJ.v.=.x....
0x0190: 2f5a 43c1 4df8 3ef7 3143 8406 4a1a fc91 /ZC.M.>.1C..J...
0x01a0: ec98 65b6 a607 b49a d13b 0923 41f2 58b6 ..e......;.#A.X.
0x01b0: 410c 2670 5e1b 8d2a 4c2f 3e07 01d6 dd8c A.&p^..*L/>.....
0x01c0: d46c 22a3 e4d2 863a 50fb f134 3602 9b44 .l"....:P..46..D
0x01d0: f881 802d 0402 0a77 fe2e 7e51 90e8 7783 ...-...w..~Q..w.
0x01e0: 083c e00a b2e2 71d2 69c9 60d6 4598 6606 ..;,
0x0220: adaf 85c3 9a .....
2015-03-31 11:32:28.787452 IP (tos 0x0, ttl 246, id 30877, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [.], cksum 0x41de (correct), seq 1742986464, ack 337485155, win 6658, length 0
0x0000: 4500 0028 789d 0000 f606 4498 cefd b48a E..(x.....D.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d 9d63 ..z..D6.g......c
0x0020: 5010 1a02 41de 0000 0000 0000 0000 P...A.........
...
...
2015-03-31 11:32:30.442259 IP (tos 0x0, ttl 64, id 30806, offset 0, flags [DF], proto TCP (6), length 76)
ServerA.14033 > ServerB.8004: Flags [P.], cksum 0x07d9 (incorrect -> 0x05c7), seq 337490003:337490039, ack 1742986464, win 205, length 36
0x0000: 4500 004c 7856 4000 4006 babb 0a04 7a0e E..LxV#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d b053 67e3 dce0 ....6..D...Sg...
0x0020: 5018 00cd 07d9 0000 1703 0100 1f19 7220 P.............r.
0x0030: 2042 f717 9a51 08ca d19b c82b 18bd 28db .B...Q.....+..(.
0x0040: 8d53 b59f afe6 a382 fd47 6f79 .S.......Goy
2015-03-31 11:32:30.442690 IP (tos 0x0, ttl 64, id 30807, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [F.], cksum 0x47fe (correct), seq 337490039, ack 1742986464, win 205, length 0
0x0000: 4500 0028 7857 4000 4006 bade 0a04 7a0e E..(xW#.#.....z.
0x0010: cefd b48a 36d1 1f44 141d b077 67e3 dce0 ....6..D...wg...
0x0020: 5011 00cd 47fe 0000 P...G...
2015-03-31 11:32:30.471398 IP (tos 0x0, ttl 247, id 31726, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [.], cksum 0x1bb5 (correct), seq 1742986464, ack 337490040, win 11542, length 0
0x0000: 4500 0028 7bee 0000 f706 4047 cefd b48a E..({.....#G....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d b078 ..z..D6.g......x
0x0020: 5010 2d16 1bb5 0000 0000 0000 0000 P.-...........
2015-03-31 11:32:30.594848 IP (tos 0x0, ttl 246, id 31815, offset 0, flags [none], proto TCP (6), length 40)
ServerB.8004 > ServerA.14033: Flags [F.], cksum 0x1bb4 (correct), seq 1742986464, ack 337490040, win 11542, length 0
0x0000: 4500 0028 7c47 0000 f606 40ee cefd b48a E..(|G....#.....
0x0010: 0a04 7a0e 1f44 36d1 67e3 dce0 141d b078 ..z..D6.g......x
0x0020: 5011 2d16 1bb4 0000 0000 0000 0000 P.-...........
2015-03-31 11:32:30.594865 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
ServerA.14033 > ServerB.8004: Flags [.], cksum 0x47fd (correct), seq 337490040, ack 1742986465, win 205, length 0
0x0000: 4500 0028 0000 4000 4006 3336 0a04 7a0e E..(..#.#.36..z.
0x0010: cefd b48a 36d1 1f44 141d b078 67e3 dce1 ....6..D...xg...
0x0020: 5010 00cd 47fd 0000 P...G...
Not sure this helps.. but try following this link..
https://unix.stackexchange.com/questions/29367/tcpdump-packets-captured-vs-packets-received-by-filter
or try using a sniffer tool
http://research.protocollabs.com/captcp/
Server B is acking at least some packets:
ServerB.8004 > ServerA.14033: ..., seq 1742986464, ack 337484646, ...
ServerB.8004 > ServerA.14033: ..., seq 1742986464, ack 337485155, ...
you can see the acked sequence number increasing.
Related
Reverse engineering python .exe, can not find strings
I started with reverse engineering and using the IDA disassembler tool. I wrote some programs in C++, made an .exe and reversed it in IDA to "hack" my own programs. Now I wanted to do the same with a python program. As a start a made this simple program: inp = input("What is your name?\n") print("Hi", inp) Then I built an .exe using: pyinstaller main.py Loaded it into IDA and searched for strings. IDA gives me a lot of strings but "What is your name" is not in its list. Why is that?
Yes, pyinstaller builds an executable but it is not a "normal" executable. Your Python code is actually in a compressed archive. $ readelf -S main There are 30 section headers, starting at offset 0x1ad400: Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align [ 0] NULL 0000000000000000 00000000 0000000000000000 0000000000000000 0 0 0 [ 1] .interp PROGBITS 00000000000002a8 000002a8 000000000000001c 0000000000000000 A 0 0 1 [ 2] .note.ABI-tag NOTE 00000000000002c4 000002c4 0000000000000020 0000000000000000 A 0 0 4 [ 3] .note.gnu.bu[...] NOTE 00000000000002e4 000002e4 0000000000000024 0000000000000000 A 0 0 4 [ 4] .gnu.hash GNU_HASH 0000000000000308 00000308 0000000000000034 0000000000000000 A 5 0 8 [ 5] .dynsym DYNSYM 0000000000000340 00000340 00000000000007b0 0000000000000018 A 6 1 8 [ 6] .dynstr STRTAB 0000000000000af0 00000af0 0000000000000348 0000000000000000 A 0 0 1 [ 7] .gnu.version VERSYM 0000000000000e38 00000e38 00000000000000a4 0000000000000002 A 5 0 2 [ 8] .gnu.version_r VERNEED 0000000000000ee0 00000ee0 00000000000000a0 0000000000000000 A 6 3 8 [ 9] .rela.dyn RELA 0000000000000f80 00000f80 0000000000000198 0000000000000018 A 5 0 8 [10] .rela.plt RELA 0000000000001118 00001118 00000000000006d8 0000000000000018 AI 5 24 8 [11] .init PROGBITS 0000000000002000 00002000 0000000000000017 0000000000000000 AX 0 0 4 [12] .plt PROGBITS 0000000000002020 00002020 00000000000004a0 0000000000000010 AX 0 0 16 [13] .plt.got PROGBITS 00000000000024c0 000024c0 0000000000000008 0000000000000008 AX 0 0 8 [14] .text PROGBITS 00000000000024d0 000024d0 0000000000003f21 0000000000000000 AX 0 0 16 [15] .fini PROGBITS 00000000000063f4 000063f4 0000000000000009 0000000000000000 AX 0 0 4 [16] .rodata PROGBITS 0000000000007000 00007000 0000000000001618 0000000000000000 A 0 0 8 [17] .eh_frame_hdr PROGBITS 0000000000008618 00008618 000000000000025c 0000000000000000 A 0 0 4 [18] .eh_frame PROGBITS 0000000000008878 00008878 0000000000000e90 0000000000000000 A 0 0 8 [19] .init_array INIT_ARRAY 000000000000ad70 00009d70 0000000000000008 0000000000000008 WA 0 0 8 [20] .fini_array FINI_ARRAY 000000000000ad78 00009d78 0000000000000008 0000000000000008 WA 0 0 8 [21] .data.rel.ro PROGBITS 000000000000ad80 00009d80 0000000000000040 0000000000000000 WA 0 0 32 [22] .dynamic DYNAMIC 000000000000adc0 00009dc0 0000000000000210 0000000000000010 WA 6 0 8 [23] .got PROGBITS 000000000000afd0 00009fd0 0000000000000028 0000000000000008 WA 0 0 8 [24] .got.plt PROGBITS 000000000000b000 0000a000 0000000000000260 0000000000000008 WA 0 0 8 [25] .data PROGBITS 000000000000b260 0000a260 0000000000000010 0000000000000000 WA 0 0 8 [26] .bss NOBITS 000000000000b280 0000a270 00000000000172c0 0000000000000000 WA 0 0 32 [27] .comment PROGBITS 0000000000000000 0000a270 000000000000001c 0000000000000001 MS 0 0 1 [28] pydata PROGBITS 0000000000000000 0000a28c 00000000001a3066 0000000000000000 0 0 1 [29] .shstrtab STRTAB 0000000000000000 001ad2f2 000000000000010b 0000000000000000 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), l (large), p (processor specific) $ Note the pydata section! You can use archive_viewer.py to view the archives in main: $ python archive_viewer.py main pos, length, uncompressed, iscompressed, type, name [(0, 215, 285, 1, 'm', 'struct'), (215, 1059, 1792, 1, 'm', 'pyimod01_os_path'), (1274, 4080, 8938, 1, 'm', 'pyimod02_archive'), (5354, 5518, 13005, 1, 'm', 'pyimod03_importers'), (10872, 1825, 4051, 1, 's', 'pyiboot01_bootstrap'), (12697, 1161, 2135, 1, 's', 'pyi_rth_multiprocessing'), (13858, 125, 143, 1, 's', 'main'), (13983, 1701919, 1701919, 0, 'z', 'PYZ-00.pyz')] ? x main to filename? main.x ? q $ xxd main.x 00000000: e300 0000 0000 0000 0000 0000 0000 0000 ................ 00000010: 0003 0000 0040 0000 0073 1600 0000 6500 .....#...s....e. 00000020: 6400 8301 5a01 6502 6401 6501 8302 0100 d...Z.e.d.e..... 00000030: 6402 5300 2903 7a13 5768 6174 2069 7320 d.S.).z.What is 00000040: 796f 7572 206e 616d 653f 0ada 0248 694e your name?...HiN 00000050: 2903 da05 696e 7075 74da 0369 6e70 da05 )...input..inp.. 00000060: 7072 696e 74a9 0072 0500 0000 7205 0000 print..r....r... 00000070: 007a 076d 6169 6e2e 7079 da08 3c6d 6f64 .z.main.py..<mod 00000080: 756c 653e 0100 0000 7302 0000 0008 01 ule>....s...... $ As you can see from the above output the string you are looking for is stored in a compressed archive called main which in turn is part of the main executable build by pyinstaller.
How translate MIPS I-format to binary?
I don't know how to translating mips I-format instruction to binary. For example, $t0 is base of an int array A[]. And the way to get value of A[1] is lw $t0, 4($t0) // 4 means 4bytes 35(6bits) | 8(5bits) | 8(5bits) | 4(16bits) 10011 / 00101 / 01000 / 0000 0000 0000 0100 Is it correct? and bne $t0, $s0, Exit <- 80000 // other instruction1 <- 80004 // other instruction2 <- 80008 Exit: <- 80012 5(6bits) | 8(5bits) | 16(5bits) | 2(16bits) 00101 / 01000 / 10000 / 0000 0000 0000 0010 Pointer counter points instruction1(80004). And address is byte address. Is correct? I know address in BNE is instruction distance between Program Counter. I am confused why address in BNE is 2, not 8.
lw $t0, 4($t0) // 4 means 4bytes 35(6bits) | 8(5bits) | 8(5bits) | 4(16bits) Yes 10011 / 00101 / 01000 / 0000 0000 0000 0100 No 100011 / 01000 / 01000 / 0000 0000 0000 0100 bne $t0, $s0, Exit <- 80000 5(6bits) | 8(5bits) | 16(5bits) | 2(16bits) Yes 00101 / 01000 / 10000 / 0000 0000 0000 0010 Close 000101 / 01000 / 10000 / 0000 0000 0000 0010 (Make sure there's actually 6 digits in your 6-bit fields.) With MIPS, all instructions are 32 bits wide, or 4 bytes long, and each instruction starts at an even 4 byte boundary (4 byte or word aligned, even multiple of 4). Thus, for a branch, it is going from a 4 byte aligned address to another 4 byte aligned address. A 4-byte aligned address has 2 low bits of zero. The branch offset is the difference between 2 4-byte aligned addresses, and therefore such an offset also has 2 low bits that are zero. There's no point in encoding those two zero bits in the instruction because it is known they're zeros. So, the immediate encoded in the branch instruction is the branch offset divided by 4, which removes those zero bits, and also increases the branch offset's range by 2 bits. (The assembler divides the offset by 4 to encode it and the hardware effectively multiplies the immediate by 4 in usage.)
Possible to move Program Counter to a far-off memory address immediately?
I'm trying to adapt a program that counts the occurrences of a char in a file to store a list of the hex addresses where the matches occurred in a far-off memory location. Code: 011 0000 0000 0000 ;Codes x3000 as Load-address of program 0101 010 010 1 00000 ;R2 <- 0 0010 011 000010000 ;R3 <- M[x3012] 1111 0000 0010 0011 ;TRAP x23 (Loads INPUT into R0) 0110 001 011 000000 ;R1 <- M[R3] ;LOOP BEGINS HERE 0001 100 001 1 11100 ;R4 <- R1 - EOT 0000 010 000001000 ;If above = 0, exit loop 1001 001 001 111111 ;R1 <- NOT R1 0001 001 001 1 00001 ;R1 <- R1 + 1 0001 001 001 0 00 000 ;R1 <- R1 + R0 0000 101 000000001 ;If above != 0, do NOT increment counter 0001 010 010 1 00001 ;R2 <- R2 + 1 (increment counter) 0001 011 011 1 00001 ;R3 <- R3 + 1 (increments pointer to next char in file) 0110 001 011 000000 ;R1 <- M[R3] (loads next char into R1) 0000 111 111110110 ;BRnzp x3004 (unconditionally RETURN to loop start) ;LOOP ENDS HERE 0010 000 000000100 ;R0 <- M[x3013] 0001 000 000 0 00 010 ;R0 <- R0 + R2 1111 0000 0010 0001 ;TRAP x21 (OUTPUT) 1111 0000 0010 0101 ;TRAP x25 (HALT) 0011 0001 0000 0000 ;Codes x3100 for the starting address of the file 0000 000 000110000 ;ASCII template So my program starts at memory address x3000. I want to begin the set of instructions that will handle the list at x300B (below the "increment R2" instruction). Trouble is, I want to start the list at x3500, and I don't know of an "efficient" way to get there. My original plan was to use a Load Indirect (LDI) instruction, but because of sign-extension, the 9-bit offset only allows an offset of at most x00FF = 0000 0000 1111 1111, which only takes me from x300C (x300B with program counter incremented) to x310B. The only real "workaround" I've come up with is to use a Load Effective Address (LEA) instructions to store the address x310B in a register (say R5), then store the value x00FF in R6, and repeatedly add R6 to R5 until I get to x3408 (that would take 3 ADD instructions), at which point I'd store the value x0092 in R6, add that to R5, and I'd FINALLY have x3500 in R5. At that point, the rest is trivial (store R3 in (R5 + counter), which would put the address of the current match into the appropriate "spot" on the list) I haven't actually done this yet because the whole method of getting to x3500 I described above seems really cumbersome and clumsy. I can't shake the feeling that there has to be a better, faster way to move that many memory addresses at the same time. Is it possible to move from x300C to x3500 in a single instruction? Even two would be better than what I've currently got.
You wouldn't want to do that, it is possible but a simpler method would be to use LD (opcode 0010) and LDR (opcode 0110) to do this. No need to have the PC jump to x3500 (which would start executing the data in your array which is bad) Have an address contain the bits 0011 0101 0000 0000 Opcode 0010 will allow you to pull the x3500 into a register. Opcode 0110 will then allow you to load values from your array.
use multiprocessing to query in same mysqldb connect , block?
abort MySQLdb. I know many process not use same connect, Because this will be a problem . BUT, run the under code , mysql request is block , then many process start to query sql at the same time , the sql is "select sleep(10)" , They are one by one. I not found code abort lock/mutux in MySQLdb/mysql.c , Why there is no problem ? I think there will be problems with same connection fd in general . But pass my test, only block io, problems not arise . Where is the lock ? import time import multiprocessing import MySQLdb db = MySQLdb.connect("127.0.0.1","root","123123","rui" ) def func(*args): while 1: cursor = db.cursor() cursor.execute("select sleep(10)") data = cursor.fetchall() print len(data) cursor.close() print time.time() time.sleep(0.1) if __name__ == "__main__": task = [] for i in range(20): p = multiprocessing.Process(target = func, args = (i,)) p.start() task.append(p) for i in task: i.join() result log, we found each request interval is ten seconds. 1 1464325514.82 1 1464325524.83 1 1464325534.83 1 1464325544.83 1 1464325554.83 1 1464325564.83 1 1464325574.83 1 1464325584.83 1 1464325594.83 1 1464325604.83 1 1464325614.83 1 1464325624.83 tcpdump log: we found each request interval is ten seconds two. 13:07:04.827304 IP localhost.44281 > localhost.mysql: Flags [.], ack 525510411, win 513, options [nop,nop,TS val 2590846552 ecr 2590846552], length 0 0x0000: 4508 0034 23ad 4000 4006 190d 7f00 0001 E..4#.#.#....... 0x0010: 7f00 0001 acf9 0cea fc09 7cf9 1f52 a70b ..........|..R.. 0x0020: 8010 0201 ebe9 0000 0101 080a 9a6d 2e58 .............m.X 0x0030: 9a6d 2e58 .m.X 13:07:04.928106 IP localhost.44281 > localhost.mysql: Flags [P.], seq 0:21, ack 1, win 513, options [nop,nop,TS val 2590846653 ecr 2590846552], length 21 0x0000: 4508 0049 23ae 4000 4006 18f7 7f00 0001 E..I#.#.#....... 0x0010: 7f00 0001 acf9 0cea fc09 7cf9 1f52 a70b ..........|..R.. 0x0020: 8018 0201 fe3d 0000 0101 080a 9a6d 2ebd .....=.......m.. 0x0030: 9a6d 2e58 1100 0000 0373 656c 6563 7420 .m.X.....select. 0x0040: 736c 6565 7028 3130 29 sleep(10) 13:07:14.827526 IP localhost.44281 > localhost.mysql: Flags [.], ack 65, win 513, options [nop,nop,TS val 2590856553 ecr 2590856552], length 0 0x0000: 4508 0034 23af 4000 4006 190b 7f00 0001 E..4#.#.#....... 0x0010: 7f00 0001 acf9 0cea fc09 7d0e 1f52 a74b ..........}..R.K 0x0020: 8010 0201 9d73 0000 0101 080a 9a6d 5569 .....s.......mUi 0x0030: 9a6d 5568 .mUh 13:07:14.927960 IP localhost.44281 > localhost.mysql: Flags [P.], seq 21:42, ack 65, win 513, options [nop,nop,TS val 2590856653 ecr 2590856552], length 21 0x0000: 4508 0049 23b0 4000 4006 18f5 7f00 0001 E..I#.#.#....... 0x0010: 7f00 0001 acf9 0cea fc09 7d0e 1f52 a74b ..........}..R.K 0x0020: 8018 0201 fe3d 0000 0101 080a 9a6d 55cd .....=.......mU. 0x0030: 9a6d 5568 1100 0000 0373 656c 6563 7420 .mUh.....select. 0x0040: 736c 6565 7028 3130 29 sleep(10) ``` ``` end.
It works contingency. MySQL is request-rensponse protocol. When two process sends query, it isn't mixed unless the query is large. MySQL server (1) receive one query, (2) send response of (1), (3) receive next query, (4) send response of (3). When first response was send from MySQL server, one of two processes receives it. Since response is small enough, it is received by atomic. And next response is received by another process. Try sending "SELECT 1+2" from one process and "SELECT 1+3" from another process. "1+2" may be 4 by chance and "SELECT 1+3" may be 3 by chance.
Unable to connect to mysql server at boot time
Client side operating System: Qnx 6.4.0 Server side: Red Hat 6.5 I trying to connect to mysql server at boot time from the following script (at qnx machine). #!/bin/sh cd /root io-pkt-v4-hc -di82544 -ptcpip ifconfig en0 192.168.4.122 netmask 255.255.0.0 slay qconn qconn dumper -n inetd devc-pty if_up -p en0 ./mysql_connect Source code of mysql_connect MYSQL *conn; MYSQL_RES *res; MYSQL_ROW row; const char *database = "PRC_OPT"; unsigned int conn_timeout = 5; conn = mysql_init(NULL); Wprintf(Terminal2,"MySQL Tables connection = %p:\n", conn); mysql_options(conn, MYSQL_OPT_CONNECT_TIMEOUT, &conn_timeout); /* Connect to database */ if (!mysql_real_connect(conn, DATABASE_IPADDRESS, USER, PASSWORD, database, DATABASE_PORT, NULL, 0)) { Wprintf(Terminal2, "%s\n", mysql_error(conn)); mysql_close(conn); return; } /* send SQL query */ if (mysql_query(conn, "SELECT * FROM ADRLIS WHERE PM='TKPRC' AND NUMTS=1;")) { Wprintf(Terminal2, "%s\n", mysql_error(conn)); return; } res = mysql_use_result(conn); /* close connection */ mysql_free_result(res); mysql_close(conn); As result I have a following error at mysql_real_connect Can't connect to MySql server on 'ip address' (4) but then .............when I invoke ./mysql_connect (at second time from bash command line) all works correctly. At first time I was thinking that iptables rejected my connection packets, but this situation is repeated even so I do service iptables stop. I have invoked tcpdump at server side and have following 14:06:15.402347 IP 192.168.4.122.65534 > prc.mysql: Flags [S], seq 33833343, win 32768, options [mss 1460,nop,wscale 0,sackOK,nop,nop,nop,nop,TS val 0 ecr 0], length 0 0x0000: 5254 00b2 fdb1 0023 6b01 13d8 0800 4500 RT.....#k.....E. 0x0010: 0040 ed1b 4000 4006 c309 c0a8 047a c0a8 .#..#.#......z.. 0x0020: 04c8 fffe 0cea 0204 417f 0000 0000 b002 ........A....... 0x0030: 8000 db01 0000 0204 05b4 0103 0300 0402 ................ 0x0040: 0101 0101 080a 0000 0000 0000 0000 .............. 14:06:15.403234 IP prc.mysql > 192.168.4.122.65534: Flags [S.], seq 4145356488, ack 33833344, win 14480, options [mss 1460,sackOK,TS val 703030136 ecr 0,nop,wscale 7], length 0 0x0000: 0023 6b01 13d8 5254 00b2 fdb1 0800 4500 .#k...RT......E. 0x0010: 003c 0000 4000 4006 b029 c0a8 04c8 c0a8 .<..#.#..)...... 0x0020: 047a 0cea fffe f715 1ec8 0204 4180 a012 .z..........A... 0x0030: 3890 9122 0000 0204 05b4 0402 080a 29e7 8.."..........). 0x0040: 6378 0000 0000 0103 0307 cx........ 14:06:15.403451 IP 192.168.4.122.65534 > prc.mysql: Flags [R], seq 33833344, win 0, length 0 0x0000: 5254 00b2 fdb1 0023 6b01 13d8 0800 4500 RT.....#k.....E. 0x0010: 0028 ed1c 0000 4006 0321 c0a8 047a c0a8 .(....#..!...z.. 0x0020: 04c8 fffe 0cea 0204 4180 0000 0000 5004 ........A.....P. 0x0030: 0000 d4e0 0000 0000 0000 0000 ............ As we can see the server reset tcp connection from client. If we try to invoke second time from the bash command line tcp connection is established successfully and then we can work with database without any problems 14:18:09.068632 IP 192.168.4.122.65533 > 192.168.4.200.3306: Flags [S], seq 917705451, win 32768, options [mss 1460,nop,wscale 0,sackOK,nop,nop,nop,nop,TS val 0 ecr 0], length 0 0x0000: 5254 00b2 fdb1 0023 6b01 13d8 0800 4500 RT.....#k.....E. 0x0010: 0040 f115 4000 4006 bf0f c0a8 047a c0a8 .#..#.#......z.. 0x0020: 04c8 fffd 0cea 36b3 12eb 0000 0000 b002 ......6......... 0x0030: 8000 d4e7 0000 0204 05b4 0103 0300 0402 ................ 0x0040: 0101 0101 080a 0000 0000 0000 0000 .............. 14:18:09.068681 IP 192.168.4.200.3306 > 192.168.4.122.65533: Flags [S.], seq 4004872844, ack 917705452, win 14480, options [mss 1460,sackOK,TS val 703743802 ecr 0,nop,wscale 7], length 0 0x0000: 0023 6b01 13d8 5254 00b2 fdb1 0800 4500 .#k...RT......E. 0x0010: 003c 0000 4000 4006 b029 c0a8 04c8 c0a8 .<..#.#..)...... 0x0020: 047a 0cea fffd eeb5 828c 36b3 12ec a012 .z........6..... 0x0030: 3890 4bd7 0000 0204 05b4 0402 080a 29f2 8.K...........). 0x0040: 473a 0000 0000 0103 0307 G:........ 14:18:09.068920 IP 192.168.4.122.65533 > 192.168.4.200.3306: Flags [.], ack 1, win 33580, options [nop,nop,TS val 0 ecr 703743802], length 0 0x0000: 5254 00b2 fdb1 0023 6b01 13d8 0800 4500 RT.....#k.....E. 0x0010: 0034 f116 4000 4006 bf1a c0a8 047a c0a8 .4..#.#......z.. 0x0020: 04c8 fffd 0cea 36b3 12ec eeb5 828d 8010 ......6......... 0x0030: 832c 3007 0000 0101 080a 0000 0000 29f2 .,0...........). 0x0040: 473a G: What is the difference between those two starts??? Why the first connection is rejected???