On 10/2/19 10:46 PM,
weiche...@gmail.com wrote:
> Hi Taylor,
Hi,
"Grant" please. ;-)
> I start the packet capture before i start SSH.
Okay.
> and the "TCP Previous segment not capture, Encrypted packet (len=1281)"
> appear when i initiate the ps -ef command. Then the putty went hang.
Hum. If the "TCP Previous segment not captured" is associated with the
SSH connection, that's a good sign that your sniffer thinks that it's
missing a packet. This could be because a big packet was sent with part
of the data, but never made it in, and then a smaller packet with the
rest of the data comes in. Thus the sniffer sees the second smaller
packet referencing the missing larger packet.
This sounds like supporting evidence that something is preventing big
packets from making it in.
I would expect that if you leave the sniffer running and the hung
connection sitting there long enough, 3–5 minutes should be sufficient,
you will likely see retransmissions of the smaller packet and the
associated "previous segment not captured" message.
I'd be tempted to also start a packet capture on the server from one of
the other functional terminal emulator ssh client combinations.
ProTip: Write the capture to a file, transfer it, and analyze it locally.
You can also use a sniffer to compare the traffic from one of the other
functional terminal emulator ssh clients. I'm guessing that the MTU, or
TCP MSS, or other TCP parameters, will likely be different.