Wireshark PCAP Query

asked 2020-02-16 12:26:50 +0000

balcee

Hello. I'm currently into an issue whereby internal LAN users are experiencing extremely slow response times and performance when accessing an external website. When this website is accessed from a non-network environment it works fine which points to it being an issue on our network.

From the errors I'm seeing in Chrome Developer tools, the issue seems to be pointing to the proxy server.

Summary below: External website: Proxy Gateway:

I've made a couple of changes this morning. I've enabled an 'Any' rule for the purposes of testing. Also, on the proxy, I've set a static bypass on the proxy for all traffic going to the external website. So in theory, it should all be hitting the firewall rule and being allowed out.

I ran a packet capture this morning and noticed TCP syn is set to 1. Is this correct? Can anyone see any other issues in this pcap file that I may be missing?

Any assistance would be gratefully received.

Many thanks B

Can you put the pcap on a file sharing site and post a link to it here.

Chuckc ( 2020-02-16 13:27:52 +0000 )edit

Hi bubba

Many thanks for your response. Here's link to the pcap file https://www.dropbox.com/s/o9o61v0p4er...

Many thanks B

balcee ( 2020-02-16 14:51:18 +0000 )edit

The capture was on the output side of the proxy?
What was the input to the proxy - was this a single client trying to reach the server?

Chuckc ( 2020-02-16 16:30:20 +0000 )edit

Yes thats right, its the outside of the proxy. On the inside of the proxy, ive set a static bypass for all traffic going to that destination. I will run another trace from the inside shortly and add the link. Does the pcap Ive added look all ok?

balcee ( 2020-02-16 17:03:38 +0000 )edit


I've moved your "answers" to be comments under the question, see the help and FAQ links for more info about how this Q&A site operates.

grahamb ( 2020-02-16 17:30:44 +0000 )edit