 | 1 | initial version |
Hi,
In the shared PCAP we are not seeing a complete TCP 3-way handshake.
Host 192.168.249.67 keeps trying to get a TCP connection going by sending TCP SYN segment to 184.168.131.241 but there is no SYN/ACK segment captured.
The "forwarder" (184.168.131.241) seems to be sending the TCP SYN/ACK back to host 192.168.249.67 but it is not seen. I base this assumption on seeing TCP RST after a few seconds which tells me that the "forwarder" itself is waiting for the final ACK from the host to complete the 3-way handshake but never gets it and gives up resetting the connection with TCP RST.
There are many reasons for this SYN/ACK to be missing. If there is a firewall then it would be best to capture on the host facing interface AND the "forwarder" (184.168.131.241) at the same time. This will tell you if the firewall is monkeying with the packets. Do keep in mind that there is likely a configuration inside the firewall responsible for this behavior.
Good luck,
Spooky
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
