This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Scenario. The customer has a number of server and workstations all of which go out through the same gateway firewall. One of the server is unable to access the internet via HTTP or HTTPS. I've tested different browsers and via telnet and I get the same results.

SSH, DNS and everything else I've tried works fine, just HTTP and HTTPS which fail.

Below is a capture from the server while I was attempting to browse to google.co.uk via its IP address. (I'm getting the same results when attempting to access any internet based webpage. I can access web pages on the local network fine.)

No.     Time        Source                Destination           Protocol Length Info
 124251 2119.040147 192.168.0.5           173.194.34.159        TCP      66     61952 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

No.     Time        Source                Destination           Protocol Length Info
 124313 2122.042518 192.168.0.5           173.194.34.159        TCP      66     61952 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

No.     Time        Source                Destination           Protocol Length Info
 124411 2128.042411 192.168.0.5           173.194.34.159        TCP      62     61952 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1

No.     Time        Source                Destination           Protocol Length Info
 124952 2159.374787 173.194.34.159        192.168.0.5           TCP      60     http > 61952 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

Here's the traffic traversing the firewall.

13 08/08/2012 11:15:30.720 X0*(i) X1 192.168.0.5 173.194.34.159 IP TCP 61952,80 FORWARDED 66[66]

14 08/08/2012 11:15:33.720 X0*(i) X1 192.168.0.5 173.194.34.159 IP TCP 61952,80 FORWARDED 66[66]

15 08/08/2012 11:15:39.720 X0*(i) X1 192.168.0.5 173.194.34.159 IP TCP 61952,80 FORWARDED 62[62]

16 08/08/2012 11:16:11.064 -- X0*(s) 173.194.34.159 192.168.0.5 IP TCP 80,61952 GENERATED 54[54]

Can anyone point me in the right direction as to what's occurring here?

Thanks

asked 08 Aug '12, 03:44

aka-Goose's gravatar image

aka-Goose
1113
accept rate: 0%

edited 08 Aug '12, 03:51


Can anyone point me in the right direction as to what's occurring here?

Packets (SYN) are sent out, but no response comes back. Probably you forgot to add a NAT for your HTTP/HTTPS traffic (or for the server network) on the SonicWall.

Regards
Kurt

permanent link

answered 08 Aug '12, 03:55

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.7k1037236
accept rate: 15%

edited 08 Aug '12, 04:02

Thanks for the reply Kurt, while not providing the exact answer you did point me in the right direction. There were a couple of dodge NAT rules which alter the port of the outbound traffic..

Many thanks.

(08 Aug '12, 04:25) aka-Goose
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×294
×139
×81
×69

question asked: 08 Aug '12, 03:44

question was seen: 4,828 times

last updated: 08 Aug '12, 04:36

p​o​w​e​r​e​d by O​S​Q​A