This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Server unable to access websites (HTTP or HTTPS) from a windows server

0

Scenario. The customer has a number of server and workstations all of which go out through the same gateway firewall. One of the server is unable to access the internet via HTTP or HTTPS. I've tested different browsers and via telnet and I get the same results.

SSH, DNS and everything else I've tried works fine, just HTTP and HTTPS which fail.

Below is a capture from the server while I was attempting to browse to google.co.uk via its IP address. (I'm getting the same results when attempting to access any internet based webpage. I can access web pages on the local network fine.)

No.     Time        Source                Destination           Protocol Length Info
 124251 2119.040147 192.168.0.5           173.194.34.159        TCP      66     61952 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

No. Time Source Destination Protocol Length Info 124313 2122.042518 192.168.0.5 173.194.34.159 TCP 66 61952 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

No. Time Source Destination Protocol Length Info 124411 2128.042411 192.168.0.5 173.194.34.159 TCP 62 61952 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1

No. Time Source Destination Protocol Length Info 124952 2159.374787 173.194.34.159 192.168.0.5 TCP 60 http > 61952 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

Here’s the traffic traversing the firewall.

13 08/08/2012 11:15:30.720 X0*(i) X1 192.168.0.5 173.194.34.159 IP TCP 61952,80 FORWARDED 66[66]

14 08/08/2012 11:15:33.720 X0*(i) X1 192.168.0.5 173.194.34.159 IP TCP 61952,80 FORWARDED 66[66]

15 08/08/2012 11:15:39.720 X0*(i) X1 192.168.0.5 173.194.34.159 IP TCP 61952,80 FORWARDED 62[62]

16 08/08/2012 11:16:11.064 – X0*(s) 173.194.34.159 192.168.0.5 IP TCP 80,61952 GENERATED 54[54]

Can anyone point me in the right direction as to what’s occurring here?

Thanks

asked 08 Aug ‘12, 03:44

aka-Goose's gravatar image

aka-Goose
1113
accept rate: 0%

edited 08 Aug ‘12, 03:51


One Answer:

1

Can anyone point me in the right direction as to what's occurring here?

Packets (SYN) are sent out, but no response comes back. Probably you forgot to add a NAT for your HTTP/HTTPS traffic (or for the server network) on the SonicWall.

Regards
Kurt

answered 08 Aug '12, 03:55

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 08 Aug '12, 04:02

Thanks for the reply Kurt, while not providing the exact answer you did point me in the right direction. There were a couple of dodge NAT rules which alter the port of the outbound traffic..

Many thanks.

(08 Aug '12, 04:25) aka-Goose