Re: Envisalink - TPI Documentation
Posted: Tue Jan 29, 2019 8:47 pm
With only SSH access, is my go-to, and then just scp/rsync the capturefile.pcap file to your computer and open in Wireshark.
Yeah, it's almost certainly the re-use of the source port which is causing it. Since the EVL never dropped the connection, seeing a SYN on what it considers an already established connection is confusing it. I don't think this is specific to the EVL/TPI, I'd expect a hung connection as a possibility on any TCP server this happens to.
Code: Select all
tcpdump -p -n -i <interface> -X -s0 -w capturefile.pcap host <ip address>
Yeah, it's almost certainly the re-use of the source port which is causing it. Since the EVL never dropped the connection, seeing a SYN on what it considers an already established connection is confusing it. I don't think this is specific to the EVL/TPI, I'd expect a hung connection as a possibility on any TCP server this happens to.