Hi
all,
I'm trying to debug
a problem where a small percentage of certain HTTP transactions are being
reset unexplainably. There is a load balancer between the client and
server performing source NAT, plus other network devices along the
route. I reproduced the problem while capturing with tcpdump from the
client, loadbalancer, and server in parallel. I merged all three captures
together and am trying to isolate individual bad requests across all three
viewpoints. It seems that "Follow TCP Stream" only looks at ip and
port numbers, so it only the portion of the transaction up to address
translation.
Is there any way to
isolate a transaction based on TCP sequence numbers only (or any other reliable
method you might know of)? I think I can do it manually but it is
incredibly time consuming.
-Brian