Ask Your Question
0

Web Forwarders frequently failing for some clients and not others

asked 2020-06-04 13:49:10 +0000

When the problem exhibits itself, the client gets the common connection timed out from the web browser. I ran a capture focusing on the ip address that the forwarder resolves to and get a tcp handshake with a lot of retransmissions but I'm not seeing anything really jumping out at me to further troubleshoot. Other systems on the network can access the site without problems. I'm suspecting our firewall is monkeying with the packets but the problem seems to come and go and switch which systems are impacted.

capture: https://www.dropbox.com/s/6n5fbkifs3y...

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-06-06 02:39:09 +0000

Hi,

In the shared PCAP we are not seeing a complete TCP 3-way handshake.

Host 192.168.249.67 keeps trying to get a TCP connection going by sending TCP SYN segment to 184.168.131.241 but there is no SYN/ACK segment captured.

The "forwarder" (184.168.131.241) seems to be sending the TCP SYN/ACK back to host 192.168.249.67 but it is not seen. I base this assumption on seeing TCP RST after a few seconds which tells me that the "forwarder" itself is waiting for the final ACK from the host to complete the 3-way handshake but never gets it and gives up resetting the connection with TCP RST.

There are many reasons for this SYN/ACK to be missing. If there is a firewall then it would be best to capture on the host facing interface AND the "forwarder" (184.168.131.241) at the same time. This will tell you if the firewall is monkeying with the packets. Do keep in mind that there is likely a configuration inside the firewall responsible for this behavior.

Good luck,

Spooky

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-06-04 13:49:10 +0000

Seen: 36 times

Last updated: Jun 06