sockets and firewall



is it possible to trace the packages and the statuses of client's and/or server's sockets by the unix network administrative tools?

two applications interact via sockets. there is no problem if they stay in the same network segment. if their hosts connected through the firewall then they aren't able to establish the connection. it seems that the problem is in the firewall. i would like to find the confirmation of wrong firewall settings.

is it possible to trace the packages and the statuses of client's and/or server's sockets by the unix network administrative tools? are there any other ways to find the reason of sockets failure?

have you tried "tcpdump" ?

tcpdump will help, but also:
- lsof
- netstat
- traceroute

is it ok for the application (server and client) if there are number of processes in the status of fin-wait-2 (client) close-wait (server) stay in the system for a long time? the time that is even more then timeout for the next connections of those applications.


quote:
originally posted by grial
tcpdump will help, but also:
- lsof
- netstat
- traceroute
regards.



for the current moment i like netstat and snoop. i dont clearly understand traceroute. is it possible to specify ports for tracing by it?

traceroute will allow you to test connectivity. basically, it'll show you the steps a package takes to reach a machine. for this purpose, it uses udp (default), though depebnding on the version you can choose icmp. also depending on the version , you can choose the port. have a look at traceroute man page for more info. i've mentioned this tool because sometimes the problem is not sockets related but a network issue.