No. Time Source Destination Protocol Length Info
5448 15:45:32 1.2.3.5 1.2.3.4 TCP 66 63312→2221 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
Frame 5448: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: AsustekC_9d:99:c6 (00:26:18:9d:99:c6), Dst: IETF-VRRP-VRID_0d (00:00:5e:00:01:0d)
Internet Protocol Version 4, Src: 1.2.3.5 (1.2.3.5), Dst:1.2.3.4 (188.234.249.229)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0x62f7 (25335)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 126
Protocol: TCP (6)
Header checksum: 0x2b6a [validation disabled]
[Good: False]
[Bad: False]
Source: 1.2.3.5 (1.2.3.5)
Destination:1.2.3.4 (188.234.249.229)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 63312 (63312), Dst Port: 2221 (2221), Seq: 0, Len: 0
Source Port: 63312 (63312)
Destination Port: 2221 (2221)
[Stream index: 330]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Acknowledgment number: 0
Header Length: 32 bytes
.... 0000 0000 0010 = Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 2221]
[Connection establish request (SYN): server port 2221]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
Window size value: 8192
[Calculated window size: 8192]
Checksum: 0x7645 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
Maximum segment size: 1460 bytes
Kind: Maximum Segment Size (2)
Length: 4
MSS Value: 1460
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Window scale: 2 (multiply by 4)
Kind: Window Scale (3)
Length: 3
Shift count: 2
[Multiplier: 4]
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
TCP SACK Permitted Option: True
Kind: SACK Permitted (4)
Length: 2
No. Time Source Destination Protocol Length Info
5451 15:45:321.2.3.4 1.2.3.5 TCP 60 2221→63312 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Frame 5451: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: IETF-VRRP-VRID_0d (00:00:5e:00:01:0d), Dst: AsustekC_9d:99:c6 (00:26:18:9d:99:c6)
Internet Protocol Version 4, Src:1.2.3.4 (188.234.249.229), Dst: 1.2.3.5 (1.2.3.5)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x04 (DSCP 0x01: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 01.. = Differentiated Services Codepoint: Unknown (0x01)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 63
Protocol: TCP (6)
Header checksum: 0xcd69 [validation disabled]
[Good: False]
[Bad: False]
Source:1.2.3.4 (188.234.249.229)
Destination: 1.2.3.5 (1.2.3.5)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 2221 (2221), Dst Port: 63312 (63312), Seq: 1, Ack: 1, Len: 0
Source Port: 2221 (2221)
Destination Port: 63312 (63312)
[Stream index: 330]
[TCP Segment Len: 0]
Sequence number: 1 (relative sequence number)
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
.... 0000 0001 0100 = Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
[Expert Info (Warn/Sequence): Connection reset (RST)]
[Connection reset (RST)]
[Severity level: Warn]
[Group: Sequence]
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xd6fe [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 5448]
[The RTT to ACK the segment was: 0.000788000 seconds]
[iRTT: 0.000788000 seconds]
No. Time Source Destination Protocol Length Info
5461 15:45:32 192.168.0.34 1.2.3.4 TCP 66 49601→2221 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
Frame 5461: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 1
Ethernet II, Src: AsustekC_c5:1c:1d (54:04:a6:c5:1c:1d), Dst: AsustekC_9d:97:62 (00:26:18:9d:97:62)
Internet Protocol Version 4, Src: 192.168.0.34 (192.168.0.34), Dst:1.2.3.4 (188.234.249.229)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0x62f7 (25335)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x2032 [validation disabled]
[Good: False]
[Bad: False]
Source: 192.168.0.34 (192.168.0.34)
Destination:1.2.3.4 (188.234.249.229)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 49601 (49601), Dst Port: 2221 (2221), Seq: 0, Len: 0
Source Port: 49601 (49601)
Destination Port: 2221 (2221)
[Stream index: 331]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Acknowledgment number: 0
Header Length: 32 bytes
.... 0000 0000 0010 = Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 2221]
[Connection establish request (SYN): server port 2221]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
Window size value: 8192
[Calculated window size: 8192]
Checksum: 0xa29c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
Maximum segment size: 1460 bytes
Kind: Maximum Segment Size (2)
Length: 4
MSS Value: 1460
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Window scale: 2 (multiply by 4)
Kind: Window Scale (3)
Length: 3
Shift count: 2
[Multiplier: 4]
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
TCP SACK Permitted Option: True
Kind: SACK Permitted (4)
Length: 2
No. Time Source Destination Protocol Length Info
5465 15:45:321.2.3.4 192.168.0.34 TCP 54 2221→49601 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Frame 5465: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 1
Ethernet II, Src: AsustekC_9d:97:62 (00:26:18:9d:97:62), Dst: AsustekC_c5:1c:1d (54:04:a6:c5:1c:1d)
Internet Protocol Version 4, Src:1.2.3.4 (188.234.249.229), Dst: 192.168.0.34 (192.168.0.34)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x04 (DSCP 0x01: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 01.. = Differentiated Services Codepoint: Unknown (0x01)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 62
Protocol: TCP (6)
Header checksum: 0xc531 [validation disabled]
[Good: False]
[Bad: False]
Source:1.2.3.4 (188.234.249.229)
Destination: 192.168.0.34 (192.168.0.34)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 2221 (2221), Dst Port: 49601 (49601), Seq: 1, Ack: 1, Len: 0
Source Port: 2221 (2221)
Destination Port: 49601 (49601)
[Stream index: 331]
[TCP Segment Len: 0]
Sequence number: 1 (relative sequence number)
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
.... 0000 0001 0100 = Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
[Expert Info (Warn/Sequence): Connection reset (RST)]
[Connection reset (RST)]
[Severity level: Warn]
[Group: Sequence]
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x0356 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 5461]
[The RTT to ACK the segment was: 0.000860000 seconds]
[iRTT: 0.000860000 seconds]
No. Time Source Destination Protocol Length Info
5835 15:45:32 192.168.0.34 1.2.3.4 TCP 66 [TCP Spurious Retransmission] 49601→2221 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
Frame 5835: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 1
Ethernet II, Src: AsustekC_c5:1c:1d (54:04:a6:c5:1c:1d), Dst: AsustekC_9d:97:62 (00:26:18:9d:97:62)
Internet Protocol Version 4, Src: 192.168.0.34 (192.168.0.34), Dst:1.2.3.4 (188.234.249.229)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0x62f9 (25337)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x2030 [validation disabled]
[Good: False]
[Bad: False]
Source: 192.168.0.34 (192.168.0.34)
Destination:1.2.3.4 (188.234.249.229)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 49601 (49601), Dst Port: 2221 (2221), Seq: 0, Len: 0
Source Port: 49601 (49601)
Destination Port: 2221 (2221)
[Stream index: 331]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Acknowledgment number: 0
Header Length: 32 bytes
.... 0000 0000 0010 = Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 2221]
[Connection establish request (SYN): server port 2221]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
Window size value: 8192
[Calculated window size: 8192]
Checksum: 0xa29c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
Maximum segment size: 1460 bytes
Kind: Maximum Segment Size (2)
Length: 4
MSS Value: 1460
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Window scale: 2 (multiply by 4)
Kind: Window Scale (3)
Length: 3
Shift count: 2
[Multiplier: 4]
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
TCP SACK Permitted Option: True
Kind: SACK Permitted (4)
Length: 2
[SEQ/ACK analysis]
[iRTT: 0.000860000 seconds]
[TCP Analysis Flags]
[Expert Info (Note/Sequence): This frame is a (suspected) spurious retransmission]
[This frame is a (suspected) spurious retransmission]
[Severity level: Note]
[Group: Sequence]
[Expert Info (Note/Sequence): This frame is a (suspected) retransmission]
[This frame is a (suspected) retransmission]
[Severity level: Note]
[Group: Sequence]
No. Time Source Destination Protocol Length Info
5837 15:45:321.2.3.4 192.168.0.34 TCP 54 2221→49601 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Frame 5837: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 1
Ethernet II, Src: AsustekC_9d:97:62 (00:26:18:9d:97:62), Dst: AsustekC_c5:1c:1d (54:04:a6:c5:1c:1d)
Internet Protocol Version 4, Src:1.2.3.4 (188.234.249.229), Dst: 192.168.0.34 (192.168.0.34)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x04 (DSCP 0x01: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 01.. = Differentiated Services Codepoint: Unknown (0x01)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 62
Protocol: TCP (6)
Header checksum: 0xc531 [validation disabled]
[Good: False]
[Bad: False]
Source:1.2.3.4 (188.234.249.229)
Destination: 192.168.0.34 (192.168.0.34)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 2221 (2221), Dst Port: 49601 (49601), Seq: 1, Ack: 1, Len: 0
Source Port: 2221 (2221)
Destination Port: 49601 (49601)
[Stream index: 331]
[TCP Segment Len: 0]
Sequence number: 1 (relative sequence number)
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
.... 0000 0001 0100 = Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
[Expert Info (Warn/Sequence): Connection reset (RST)]
[Connection reset (RST)]
[Severity level: Warn]
[Group: Sequence]
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x0356 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 5835]
[The RTT to ACK the segment was: 0.000863000 seconds]
[iRTT: 0.000860000 seconds]
No. Time Source Destination Protocol Length Info
5850 15:45:32 1.2.3.5 1.2.3.4 TCP 66 [TCP Spurious Retransmission] 63312→2221 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
Frame 5850: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: AsustekC_9d:99:c6 (00:26:18:9d:99:c6), Dst: IETF-VRRP-VRID_0d (00:00:5e:00:01:0d)
Internet Protocol Version 4, Src: 1.2.3.5 (1.2.3.5), Dst:1.2.3.4 (188.234.249.229)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0x62f9 (25337)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 126
Protocol: TCP (6)
Header checksum: 0x2b68 [validation disabled]
[Good: False]
[Bad: False]
Source: 1.2.3.5 (1.2.3.5)
Destination:1.2.3.4 (188.234.249.229)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 63312 (63312), Dst Port: 2221 (2221), Seq: 0, Len: 0
Source Port: 63312 (63312)
Destination Port: 2221 (2221)
[Stream index: 330]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Acknowledgment number: 0
Header Length: 32 bytes
.... 0000 0000 0010 = Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 2221]
[Connection establish request (SYN): server port 2221]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
Window size value: 8192
[Calculated window size: 8192]
Checksum: 0x7645 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
Maximum segment size: 1460 bytes
Kind: Maximum Segment Size (2)
Length: 4
MSS Value: 1460
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Window scale: 2 (multiply by 4)
Kind: Window Scale (3)
Length: 3
Shift count: 2
[Multiplier: 4]
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
TCP SACK Permitted Option: True
Kind: SACK Permitted (4)
Length: 2
[SEQ/ACK analysis]
[iRTT: 0.000788000 seconds]
[TCP Analysis Flags]
[Expert Info (Note/Sequence): This frame is a (suspected) spurious retransmission]
[This frame is a (suspected) spurious retransmission]
[Severity level: Note]
[Group: Sequence]
[Expert Info (Note/Sequence): This frame is a (suspected) retransmission]
[This frame is a (suspected) retransmission]
[Severity level: Note]
[Group: Sequence]
[root@наш.доменн]# tcpdump -i any port 2221
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
14:15:35.457914 IP внешний.пользователь.convex.ru.63705 > наш.доменн.rockwell-csp1: Flags [S], seq 2078803573, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
14:15:38.157952 IP 188x234x244x181.static-business.188-181.ertelecom.ru.49340 > наш.доменн.rockwell-csp1: Flags [S], seq 1500447274, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
14:15:38.459262 IP внешний.пользователь.convex.ru.63705 > наш.доменн.rockwell-csp1: Flags [S], seq 2078803573, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
14:15:41.148556 IP 188x234x244x181.static-business.188-181.ertelecom.ru.49340 > наш.доменн.rockwell-csp1: Flags [S], seq 1500447274, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
14:15:44.461209 IP внешний.пользователь.convex.ru.63705 > наш.доменн.rockwell-csp1: Flags [S], seq 2078803573, win 8192, options [mss 1460,nop,nop,sackOK], length 0
14:15:47.154251 IP 188x234x244x181.static-business.188-181.ertelecom.ru.49340 > наш.доменн.rockwell-csp1: Flags [S], seq 1500447274, win 8192, options [mss 1460,nop,nop,sackOK], length 0
Generated by iptables-save v1.4.7 on Wed Feb 4 13:06:28 2015
*nat
:PREROUTING ACCEPT [445:35874]
:POSTROUTING ACCEPT [201:12052]
:OUTPUT ACCEPT [201:12052]
-A PREROUTING -d 1.2.3.4/32 -p udp -m udp --dport 2221 -j DNAT --to-destination 1.2.3.5:2221
-A POSTROUTING -d 1.2.3.5:2221 -p tcp -m tcp --dport 2221 -j SNAT --to-source 1.2.3.4
COMMIT
# Completed on Wed Feb 4 13:06:28 2015
# Generated by iptables-save v1.4.7 on Wed Feb 4 13:06:28 2015
*filter
:INPUT DROP [70:5549]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1859:1537954]
:fail2ban-MAIL - [0:0]
:fail2ban-SSH - [0:0]
:fail2ban-VESTA - [0:0]
:vesta - [0:0]
-A INPUT -p tcp -m multiport --dports 25,465,587,2525,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-VESTA
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s 188.234.249.229/32 -j ACCEPT
-A INPUT -s 192.168.0.5/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
Еще может что-то может подсказать сам шарк, ибо я, если честно, со своими эникейными знаниями слаб.