CODEWITHSUNDEEP
linuxnode.jshttppcaptshark
AnandKumar Patel
AnandKumar Patel

Reputation: 1020

tshark: http transaction info for specific outgoing port

I am trying to debug an ETIMEDOUT issue in node when trying to talk to another service. my setup is 1 server running node application which uses module dockerode to do inspect on container. 1 server running docker.

stack: Error: connect ETIMEDOUT at errnoException (net.js:901:11) at Object.afterConnect [as oncomplete] (net.js:892:19)

I want to figure out why this is happening. I read up a bit on tshark and it seems to have the data I want.

I am currently using this: sudo tshark -i eth0 to get my information. example output:

17 0.005451 10.0.1.10 -> 10.0.1.219 TCP 66 58321 > 4242 [ACK] Seq=146 Ack=2121 Win=31232 Len=0 TSval=431658268 TSecr=799817403 18 0.006179 10.0.1.10 -> 10.0.1.219 TCP 66 58321 > 4242 [FIN, ACK] Seq=146 Ack=2121 Win=31232 Len=0 TSval=431658268 TSecr=799817403 19 0.006228 10.0.1.219 -> 10.0.1.10 TCP 66 4242 > 58321 [FIN, ACK] Seq=2121 Ack=147 Win=28032 Len=0 TSval=799817403 TSecr=431658268 20 0.006406 10.0.1.10 -> 10.0.1.219 TCP 66 58321 > 4242 [ACK] Seq=147 Ack=2122 Win=31232 Len=0 TSval=431658268 TSecr=799817403 21 0.077692 10.0.1.10 -> 10.0.1.219 TCP 74 58326 > 4242 [SYN] Seq=0 Win=26883 Len=0 MSS=8961 SACK_PERM=1 TSval=431658286 TSecr=0 WS=128 21 22 0.077710 10.0.1.219 -> 10.0.1.10 TCP 74 4242 > 58326 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=8961 SACK_PERM=1 TSval=799817421 TSecr=431658286 WS=128 23 0.077927 10.0.1.10 -> 10.0.1.219 TCP 66 58326 > 4242 [ACK] Seq=1 Ack=1 Win=27008 Len=0 TSval=431658286 TSecr=799817421 24 0.078240 10.0.1.10 -> 10.0.1.219 HTTP 211 GET /containers/fbc1d9a897d46691c402daf34b35c017bcbcc04332dba603a71093e50cc61341/json HTTP/1.1 25 0.078253 10.0.1.219 -> 10.0.1.10 TCP 66 4242 > 58326 [ACK] Seq=1 Ack=146 Win=28032 Len=0 TSval=799817421 TSecr=431658286 26 0.078824 10.0.1.219 -> 10.0.1.10 HTTP 2184 HTTP/1.1 200 OK (application/json) 27 0.079043 10.0.1.10 -> 10.0.1.219 TCP 66 58326 > 4242 [ACK] Seq=146 Ack=2119 Win=31232 Len=0 TSval=431658286 TSecr=799817421 28 0.079831 10.0.1.10 -> 10.0.1.219 TCP 66 58326 > 4242 [FIN, ACK] Seq=146 Ack=2119 Win=31232 Len=0 TSval=431658286 TSecr=799817421 29 0.079880 10.0.1.219 -> 10.0.1.10 TCP 66 4242 > 58326 [FIN, ACK] Seq=2119 Ack=147 Win=28032 Len=0 TSval=799817422 TSecr=431658286 30 0.080129 10.0.1.10 -> 10.0.1.219 TCP 66 58326 > 4242 [ACK] Seq=147 Ack=2120 Win=31232 Len=0 TSval=431658287 TSecr=799817422 31 0.084797 10.0.1.10 -> 10.0.1.219 TCP 74 58328 > 4242 [SYN] Seq=0 Win=26883 Len=0 MSS=8961 SACK_PERM=1 TSval=431658288 TSecr=0 WS=128 32 0.084813 10.0.1.219 -> 10.0.1.10 TCP 74 4242 > 58328 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=8961 SACK_PERM=1 TSval=799817423 TSecr=431658288 WS=128 33 0.084998 10.0.1.10 -> 10.0.1.219 TCP 66 58328 > 4242 [ACK] Seq=1 Ack=1 Win=27008 Len=0 TSval=431658288 TSecr=799817423 34 0.085061 10.0.1.10 -> 10.0.1.219 HTTP 211 GET /containers/3b3714d4226c2307122ec5521e0241ad2f7a62f34b0e0fc0e08ae6213287621b/json HTTP/1.1 35 0.085070 10.0.1.219 -> 10.0.1.10 TCP 66 4242 > 58328 [ACK] Seq=1 Ack=146 Win=28032 Len=0 TSval=799817423 TSecr=431658288 36 0.085618 10.0.1.219 -> 10.0.1.10 HTTP 2184 HTTP/1.1 200 OK (application/json)

I want to be able to tell what calls are associated with HTTP get request.

information I know: the server we send request to = 10.0.1.10 on port 4242 HTTP url is /container/xxx/json when error happens I know the URL which caused ETIMEDOUT

any help on how to associate the calls related to the HTTP call so I can figure out where things went wrong? Thanks in advance!

system info in case you need it: $ uname -a Linux host 3.13.0-29-generic #53-Ubuntu SMP Wed Jun 4 21:00:20 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Upvotes: 1

Views: 189

Answers (1)

AnandKumar Patel
AnandKumar Patel

Reputation: 1020

I have figured out how to do this, adding -z proto,colinfo,tcp.stream,tcp.stream -w dump give a number you can used to map the entire transaction from handshake to close

Upvotes: 1

Related Questions