Oops, I mixed them up.
Having two clients open simultaneously makes it more difficult to follow the chain of events described by a WinDump log because the packets sent from and received by each of the clients will be mixed together.
If you preserve the local ports recorded in a log that was captured while two clients were open simultaneously, then it should be possible to separate the entries pertaining to each client using regular expressions. In fact, you don't even need to make any redactions to your logs unless they contain your WAN IP address.
It's okay Axylus. All I have been using is port 4500
I didn't realize earlier how the two clients effected the way the log would show due to the fact they both, were not only receiving Time Gaps at about the same time, but that they were both were already disconnect due to them whenever I posted the logs. I do understand from what everyone has said now that it is easier to tell what's happening with only the one client connected so that's all I have been doing now as shown on the previous post & will be shown on this post too.
I haven't been making any changes to the log other then my to remove my IP. The only reason I haven't been posting the full log is due to it being so long. If it will help to see the full & complete log let me know & I will attach a link for it.
Wow it's getting pretty lively here.
I don't mind debates here as long as it's not getting too personal.
Back to topic, I just added the netstat method on the first post to get the map server while I haven't resumed on my coding (too busy in real life). I'm pretty sure it will be pretty useful.
Yes it has gotten active now.
I don't feel there have been any problems with things getting to personal though. I feel everyone has just been helping to clarify things for me & that there was a question on my part as to whether or not the IP made a difference on windum versus the tracerts. That was the only thing I think there was an issue over.
This is my latest info with only ONE client connected again:
D:\Downloads>windump -i 1 -w rawfile.log net 128.241.92.112 and tcp port 4500
windump: listening on \Device\NPF_{F831F7C1-65B0-4591-A2F8-DD9855742023}
43934 packets captured
306925 packets received by filter
0 packets dropped by kernel
08:46:47.789032 IP (Terms of Service 0x0, ttl 48, id 23766, offset 0, flags [DF], proto: TCP (6), length: 40) myipaddress:port > 128.241.92.112.4500: ., cksum 0x5a91 (correct), ack 1018574 win 32945
08:46:48.316817 IP (Terms of Service 0x0, ttl 120, id 30581, offset 0, flags [DF], proto: TCP (6), length: 55) 128.241.92.112.4500 > myipaddress:port: P, cksum 0x37e2 (correct), 1018574:1018589(15) ack 12420 win 260
08:46:48.316873 IP (Terms of Service 0x0, ttl 48, id 23767, offset 0, flags [DF], proto: TCP (6), length: 40) myipaddress:port > 128.241.92.112.4500: ., cksum 0x5a84 (correct), ack 1018589 win 32943
08:46:48.356013 IP (Terms of Service 0x0, ttl 120, id 30667, offset 0, flags [DF], proto: TCP (6), length: 47) 128.241.92.112.4500 > myipaddress:port: P, cksum 0xe0dc (correct), 1018589:1018596(7) ack 12420 win 260
08:46:48.356072 IP (Terms of Service 0x0, ttl 48, id 23768, offset 0, flags [DF], proto: TCP (6), length: 40) myipaddress:port > 128.241.92.112.4500: ., cksum 0x5a7e (correct), ack 1018596 win 32942
08:46:48.396017 IP (Terms of Service 0x0, ttl 120, id 30697, offset 0, flags [DF], proto: TCP (6), length: 50) 128.241.92.112.4500 > myipaddress:port: P, cksum 0xaa50 (correct), 1018596:1018606(10) ack 12420 win 260
08:46:48.396076 IP (Terms of Service 0x0, ttl 48, id 23769, offset 0, flags [DF], proto: TCP (6), length: 40) myipaddress:port > 128.241.92.112.4500: ., cksum 0x5a75 (correct), ack 1018606 win 32941
08:46:49.788557 IP (Terms of Service 0x0, ttl 48, id 23780, offset 0, flags [DF], proto: TCP (6), length: 46) myipaddress:port > 128.241.92.112.4500: P, cksum 0x1c0d (correct), 12420:12426(6) ack 1018606 win 32941
08:46:49.843683 IP (Terms of Service 0x0, ttl 120, id 31798, offset 0, flags [DF], proto: TCP (6), length: 43) 128.241.92.112.4500 > myipaddress:port: P, cksum 0x560d (correct), 1018606:1018609(3) ack 12426 win 260
08:46:49.843754 IP (Terms of Service 0x0, ttl 48, id 23781, offset 0, flags [DF], proto: TCP (6), length: 40) myipaddress:port > 128.241.92.112.4500: ., cksum 0x5a6d (correct), ack 1018609 win 32940
08:46:49.854025 IP (Terms of Service 0x0, ttl 48, id 23782, offset 0, flags [DF], proto: TCP (6), length: 40) myipaddress:port > 128.241.92.112.4500: F, cksum 0x5a6c (correct), 12426:12426(0) ack 1018609 win 32940
08:46:49.893284 IP (Terms of Service 0x0, ttl 120, id 31843, offset 0, flags [DF], proto: TCP (6), length: 40) 128.241.92.112.4500 > myipaddress:port: ., cksum 0xda14 (correct), ack 12427 win 260
08:46:49.898086 IP (Terms of Service 0x0, ttl 120, id 31844, offset 0, flags [DF], proto: TCP (6), length: 40) 128.241.92.112.4500 > myipaddress:port: R, cksum 0xdb14 (correct), 1018609:1018609(0) ack 12427 win 0
Edited by Razzez, 27 April 2013 - 08:54 PM.