Adam Bower wrote:
You'll need to do something along the lines of
tcpdump -i eth0 -s 0 -w myoutputfile host $nameofdesktop
Thanks, I'm playing with that now.
[snip] and also if you have an ssh connection open you will log that and end up in a kind of positive feedback loop if you are not careful!)
Good point, wouldn't have thought of that! I can use my VPN to ssh from my home PC to set up the logging without the SSH session getting in the way now that's you've pointed that out.
Then you really want to get copies of the output files onto your desktop to examine them in the program Ethereal (which has recently changed its name to wireshark due to a trademark problem). You can also use ethereal for packet capture btw, and there is a command line version. I can't really help too much with packet analysis as it has been a while since I last played with this kind of thing.
I have wireshark installed and have played with it before (it was Ethereal then, of-course); I'll see how much I can work out for myself then come back here with the stuff I get stuck with.
You can at least examine packet headers and payloads and see how big the packets when they leave the machine, and how big they are at the other side. It will be a bit of a learning curve but I think the easiest way for you to make progress is to just try this and see what happens and ask for specific advice if you get stuck.
That's all good advice: much better to investigate for myself at first. Everything still points to this being a packet loss issue with large packets, though, so I suspect all I'll be able to do is get some traces from each end showing certain packets making it and others not; if nothing else a tcpdump .cap file sent to the ISP might get passed on to someone who won't tell me to try rebooting the router again :-) If I can just prove that there is a problem and get past the "nobody else has reported any problems" response that'll help!