Re: Https problem

[Martin Visser <martinvisser99 () gmail com>]

If you suspect the firewall then you really should be looking at firewall
logs/counters at the same as you are doing your packet capture. If you see a
request from one side of the firewall (say that login page connection, or an
SNMP request) and not getting a response because of the firewall then it
will be because of some rule or state issue. If you don't have logging
turned on you should probably enable it. It *should* record the reason for
drops if that is what is occuring.

While MTU can be hard configured, normally it is a problem only when you are
changing media (from say Ethernet to Serial) or encapsulating in a VPN (say
IPSec).

Regards, Martin

MartinVisser99 () gmail com


On Mon, Jun 28, 2010 at 8:03 PM, Chris Hodgson <CHodgson () advaoptical com>wrote:

>  Thanks, I am hoping to capture traffic on the firewall level where is
> suspect the problem is.
>
>
>
> To confirm the log on page does not appear, as in stays completely blank
> and the timer continues indicating it is loading- but never does.
>
>
>
> I’m also seeing problems with other protocols; SNMP is intermittent to the
> NMS and ssh sessions to the device often drop. I notice the exact packet
> when it dropped and wireshark revealed ‘TCP previous segment lost’
>
>
>
> I’m not sure how to identify a too large MTU, would this be configured on
> the interface on the firewall or connecting switch?
>
>
>
> Regards,
>
> Chris
>
>
>
> *From:* wireshark-users-bounces () wireshark org [mailto:
> wireshark-users-bounces () wireshark org] *On Behalf Of *Martin Visser
> *Sent:* 27 June 2010 08:42
>
> *To:* Community support list for Wireshark
> *Subject:* Re: [Wireshark-users] Https problem
>
>
>
> You might need to be a little clearer in your problem description. Are you
> saying the "login page does appear" or did you really mean does *not*
> appear?
>
>
>
> If you are getting RST packets when your browser is trying to connect a new
> TCP session (this might be happening when your browser is being redirected
> by the first HTTP/HTTPS session) then it is likely this second site is being
> blocked by  firewall or some other similar device enforcing policy, possibly
> based on your IP address.
>
>
>
> Lost segments are also an issue - they can occur because of congestion or
> even something like packets being sent with a too large MTU, and being
> dropped along the path back to you.
>
>
> Regards, Martin
>
> MartinVisser99 () gmail com
>
>  On Thu, Jun 24, 2010 at 11:23 PM, Chris Hodgson <
> chrishodgson416 () googlemail com> wrote:
>
> Hi
>
>
>
> I'm trying to troubleshoot an issue on an external network with regards to
> accessing the https Web GUI for network devices, basically the login page
> does appear after accepting the certificate error. I performed a capture and
> have seen several 'Lost segments' and reset packets when analysing the TCP
> errors. Any ideas what this means or where the problem could be?
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe