Ask Your Question
0

Need to find out why there is a disconnection

asked 2021-08-13 05:03:11 +0000

flubet gravatar image

working from home now, connect to company vpn network but there is a disconnection in a gap of ~20 min. Log a case to technical but there said probably local issues.( laptop, internet line) perform ping to 3 destination just to capture as evidence. and i perform PCAP. i need to know from PCAP, what trigger the disconnection is it possible ? what filter should I specifically input. Please help me.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-08-13 11:21:34 +0000

BigFatCat gravatar image

It is a corporate VPN connection or encrypted tunnel when connected from home. You can try this when the VPN is down.

  1. Start a Wireshark capture
  2. Start VPN connection
  3. Stop Wireshark capture
  4. Analyze the capture to determine if it is a routing or VPN issue. If you need assistance interpreting the results, post your results to this forum.
edit flag offensive delete link more

Comments

yes I do need an assistance. Unfortunately I'm not able to attach file due to low on point. I need to know, leading up to the disconnection what trigger the disconnection or any hint as to why.

9/8/2021
Disconnect Time 5:19 PM Reconnect Time 5:24 PM

flubet gravatar imageflubet ( 2021-08-15 03:17:58 +0000 )edit

Hi, Option A

  1. Sanitize the file with tracewrangler.
  2. Don't perform this step unless you are successful with sanitizing the file. Upload to a drop box and post the link to the forum.

Option B From your comments, VPN established and then dropped after 5 minutes.
1. Can you figure out if the connection was TCP or UDP? 2. If it was TCP, what Wireshark TCP options are enabled? Wireshark is great for analyzing TCP.

Option C Ask a friend or peer that has experience with analyzing pcap files.

BigFatCat gravatar imageBigFatCat ( 2021-08-15 09:38:08 +0000 )edit

Note to all, this isn't a forum, it's a Q & A site, so only post "Answers" that are actual answers, all other comments and hints should be posted as comments to either the question or an answer.

grahamb gravatar imagegrahamb ( 2021-08-15 13:05:36 +0000 )edit

The VPN itself is connected but the is lost of connectivity to the destination. Perform ping to 3 destination just to make sure and to get the timestamp. Probably not the VPN itself but maybe the local machine don't see any disconnection.

We are using a cloud base VPN and have several node. Only this one node if selected will not having the disconnection

flubet gravatar imageflubet ( 2021-08-17 02:22:19 +0000 )edit

A brief summary of your first paragraph. The "VPN itself is connected", but pings are good to the VPN server. When the "VPN itself is connected", is the VPN status from the client computer screen?

I am going to assume that the VPN is using TCP. In Wireshark, make sure the TCP option "Analyze TCP sequence numbers" is enabled. Look at the Wireshark analysis (square brackets [ ]) in the Wireshark INFO column. TCP DUP-ACKs, retransmission, previous segment not capture, or out-of-order will create VPN connection problems.

BigFatCat gravatar imageBigFatCat ( 2021-08-18 09:35:52 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-08-13 05:03:11 +0000

Seen: 1,981 times

Last updated: Aug 15 '21