Disconnection issues and what could be causing them.
Hi There,
I would like to get some support/guidance in understanding the disconnection issues I'm observing and what could be the reason causing them.
packet capture : https://www.cloudshark.org/captures/f...
Appreciate the support.
Regards, Yasith.
@YasithHashen Unfortunately I can't view your capture on cloudshark, did you mark it as public?
@SYN-bit Yes, I have made the file public now. Appreciate your support.
A 'disconnection problem' is a very open problem description, as there are quite a few sessions in your capture, what kind of disconnection problems do you mean? Please narrow it down to ip-addresses if possible...
Hi there, The capture is basically a general internet browsing capture. Host IP 192.168.1.78. Basically the disconnections are observed towards general internet browsing.
Are you facing any issues during surfing, or have you only noticed the RST packets in your capture?
Most of the RST are coming from your client as an answer to a packet from 212.103.48.119:9002, that seems to belong to no known session. That's a bit strange because this packet shouldn't have made it through your router as long as there's no matching state. Or have you enabled port forwarding for port TCP/9002 on your router?
There are some other RSTs in your capture but from my point of view they're not really critical. Could have to do with the wrong date settings on your computer. Or is the capture really from July 2020?
Facing issues during surfing @JasMan. Further to my knowledge no port forwarding enabled. Apprecaite your feedback on this.
Have you checked the date and time settings of your client? Could you provide another capture and a hint, where and which issue exactly you've noticed (e.g. have tried to reach google.com, but received an "Not available" message)?
@JasMan I'm checking the possibility of acquiring the requested information. In the meantime, what further analysis/findings you observe that might be the reason for disconnections.
What is 192.168.1.254? I saw the hugh amount of ARP requests from this IP address. It looks like it did an network scan during the capture. And it's also your DNS server. Is it also the router to the Internet?
After some time 192.168.1.254 didn't answers to ARP requests anymore. Means that your client is not able to find this system -> no DNS answers. That would explain your connection issue. If this is also the router you are also not able to reach the Internet anymore.
@JasMan yes 192.168.1.254 is the router, also act as the DNS server.