Wireshark mailing list archives
Re: Https problem
From: Martin Visser <martinvisser99 () gmail com>
Date: Tue, 29 Jun 2010 13:54:10 +1000
If you suspect the firewall then you really should be looking at firewall logs/counters at the same as you are doing your packet capture. If you see a request from one side of the firewall (say that login page connection, or an SNMP request) and not getting a response because of the firewall then it will be because of some rule or state issue. If you don't have logging turned on you should probably enable it. It *should* record the reason for drops if that is what is occuring. While MTU can be hard configured, normally it is a problem only when you are changing media (from say Ethernet to Serial) or encapsulating in a VPN (say IPSec). Regards, Martin MartinVisser99 () gmail com On Mon, Jun 28, 2010 at 8:03 PM, Chris Hodgson <CHodgson () advaoptical com>wrote:
Thanks, I am hoping to capture traffic on the firewall level where is suspect the problem is. To confirm the log on page does not appear, as in stays completely blank and the timer continues indicating it is loading- but never does. I’m also seeing problems with other protocols; SNMP is intermittent to the NMS and ssh sessions to the device often drop. I notice the exact packet when it dropped and wireshark revealed ‘TCP previous segment lost’ I’m not sure how to identify a too large MTU, would this be configured on the interface on the firewall or connecting switch? Regards, Chris *From:* wireshark-users-bounces () wireshark org [mailto: wireshark-users-bounces () wireshark org] *On Behalf Of *Martin Visser *Sent:* 27 June 2010 08:42 *To:* Community support list for Wireshark *Subject:* Re: [Wireshark-users] Https problem You might need to be a little clearer in your problem description. Are you saying the "login page does appear" or did you really mean does *not* appear? If you are getting RST packets when your browser is trying to connect a new TCP session (this might be happening when your browser is being redirected by the first HTTP/HTTPS session) then it is likely this second site is being blocked by firewall or some other similar device enforcing policy, possibly based on your IP address. Lost segments are also an issue - they can occur because of congestion or even something like packets being sent with a too large MTU, and being dropped along the path back to you. Regards, Martin MartinVisser99 () gmail com On Thu, Jun 24, 2010 at 11:23 PM, Chris Hodgson < chrishodgson416 () googlemail com> wrote: Hi I'm trying to troubleshoot an issue on an external network with regards to accessing the https Web GUI for network devices, basically the login page does appear after accepting the certificate error. I performed a capture and have seen several 'Lost segments' and reset packets when analysing the TCP errors. Any ideas what this means or where the problem could be? ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Https problem Chris Hodgson (Jun 24)
- Re: Https problem Jaap Keuter (Jun 24)
- <Possible follow-ups>
- Https problem Chris Hodgson (Jun 25)
- Re: Https problem Sheahan, John (Jun 25)
- Re: Https problem Martin Visser (Jun 27)
- Re: Https problem Chris Hodgson (Jun 28)
- Re: Https problem Martin Visser (Jun 28)