[asterisk-users] tcpdum

[Rodolfo Alcazar Portillo]

Am Montag, den 15.12.2008, 22:35 +0200 schrieb michel freiha:
> Dear All,
> I run the below tcp dump on my asterisk server
> tcpdump -i eth0 -n -s0 -v udp port 5060
> I got the following result
> 20:29:48.596867 IP (tos 0x10, ttl  64, id 0, offset 0, flags [DF], proto 17, length: 373) SIP_PROXY_IP.5060 > Asterisk_IP.5060: UDP, length 345
> What i need to know please what TTL means specifically and what is the
> best value og TTL and what is the lengh vale mean

Every time a TCP/IP packet travels through a router, the router
substracts 1 from the TTL (time-to-live) field. The packet is discarded
by the router when TTL reaches 0. This ensures a packet not to go
bouncing eternally in a misconfigured routers topology. Also, is used in
mesauring distances between network segments (man traceroute). 

Learn a bit of the commands traceroute and mtr. If you can't get any
communication to very distant segments and mtr detects that, then you
can play with iptables and the TTL field. otherwise, DON'T!!!

The length field: the first one is the total packet size and the last is
the user data contained size. Anyway, tcpdump is not very accurate in
measuring UDP sizes, i mean it could make some mistakes. UDP packets
travels in a connectionless environment; on the contrary, TCP establish
a connection, that forces to verify that every packet reaches its
destiny; udp packets are meant to be sent once and not verified. Other
layers (normally layer 7, application) verify packets arrival. 

Good luck!

-- 
Rodolfo Alcazar
Responsable red y datos

Deutsche Gesellschaft für
Technische Zusammenarbeit (GTZ) GmbH

Programa de Apoyo a la Gestión Pública Descentralizada y
Lucha Contra La Pobreza - PADEP
Av. Sánchez Lima 2226
La Paz, Bolivia

Tel: +591 22417628 (121)
Fax: +591 22417628 (126)
Web: www.padep.org.bo
Email: rodolfo.alcazar at padep.org.bo