This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, I am trying to RDP a computer(115.112.218.144) on Internet and its not working.

My computer(192.168.168.65) is going through a sonicwall firewall

Firewall LAN IP: 192.168.168.168 Firewall WAN IP: 192.168.1.5 Modem is having public IP.

Source: 192.168.168.65 Destination: 115.112.218.144

I did a packet capture on my sonicwall firewall and found that SYN is sent from 192.168.168.65 to 115.112.218.144, SYN_ACK received from 115.112.218.144 to 192.168.168.65 and then immediately RST,ACK is received from 115.112.218.144 to 192.168.168.65. This issue is intermittent. If I bypass the firewall everything is working fine. Following is the packets captured from sonicwall. Please suggest. Thanks in advance.

alt text

asked 22 Jun '14, 01:38

Dan%20Joseph's gravatar image

Dan Joseph
1112
accept rate: 0%

edited 22 Jun '14, 02:04

Can you upload the capture for better analysis,its clear that RST is being sent by 115.112.218.144 but one more thing i want to look is IP.ID field on syn ack and RST packet by 115.112.218.144.Are they same or different.

(22 Jun '14, 03:14) kishan pandey

I did a packet capture on my sonicwall firewall and found ...

According to your description (i.e. works without the Firewall), I conclude that the firewall blocks the connection itself for whatever reason by sending RESET itself.

Just one example: The RST-ACK in frame #19 is at the same time stamp as the SYN-ACK in frame #17. I guess the firewall generated the RESET itself because it did not like something in the SYN-ACK or because there is a policy that does not allow the connection.

To verify my assumption, please do not capture on the firewall. Instead capture between the firewall and the modem, using one of the methods described in the Ethernet Capture Setup. If I'm right, you won't see the RST-ACK there.

Then you could enable packet tracing within the SonicWall to figure out what's going on in the firewall.

See the Packet Trace tool, and other Sonicwall CLI tools (please ask your local Sonicwall guru!)

http://help.mysonicwall.com/sw/eng/305/ui2/23100/System/Diagnostics.htm
http://208.17.117.208/downloads/High-Level_Debugging_on_SonicWALL_UTM_and_CSM_Appliances.pdf

Regards
Kurt

permanent link

answered 22 Jun '14, 04:30

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 22 Jun '14, 04:43

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×17

question asked: 22 Jun '14, 01:38

question was seen: 1,439 times

last updated: 22 Jun '14, 04:43

p​o​w​e​r​e​d by O​S​Q​A