This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

https traffic times out

0

Yesterday a couple of users reported a problem accessing https://www.firstrepublic.com. The site worked fine in the past. One user is on the internal lan behind a sonicwall firewall. The second user is outside the corporate firewall and is behind a cisco small business router. They both connect to the same ISP. When you attempt to connect to the site it times out. On rare occasions after a long delay the site does open in text view. If I connect a laptop directly to my WAN switch and assign it an ipaddress I can connect fine. Thing that doesn't make sense is the two users are behind different firewalls and started having the problem exact same time. If I connect directly to the WAN I can connect fine. No changes have been made, I am the only admin and was away on vacation last week. I can access other sites with no problems, including banking and credit card sites. So far it appears to be isolated to this one site. We can first republic and they are not aware of any problems.

I don't see any errors in the firewall logs. I uploaded a tracefile. If someone would bekind enough to look at it perhaps they can point me in the right direction. The source ip is 192.168.1.76 the dest is 72.3.176.221

I can ping and tracert to the website, it's only accessing it with a browser, IE, Chrome or Firefox that I have a problem. Let me know if you need additional information. Thanks in advance.

https://onedrive.live.com/redir.aspx?cid=949862ff5b8a7a62&page=self&resid=949862FF5B8A7A62!108&parId=949862FF5B8A7A62!105&authkey=!Atcpjsj_KZsRGzE&Bpub=SDX.SkyDrive&Bsrc=Share

Robert

asked 05 Aug '14, 18:07

rgm34's gravatar image

rgm34
1222
accept rate: 0%

There was packet loss. The SSL handshake was successful, but the client (192.168.1.76) never received a few of the data packets from the server. It tries to get them by sending duplicate ACKs, and sending keep-alives to keep the connection open. But it never got the missing segments, so it terminated the connection.

The question is where are these packets getting dropped? That's a very difficult question to answer if your trace is limited to one side of the connection.

(06 Aug '14, 05:20) smp

One Answer:

0

Hi Robert,

If you could get matching traces from the outside of the firewall and the laptop at least you would be able to narrow the problem a little. Each side of the firewall would be even better.

As SMP says, the current trace just shows that you are dropping packets somewhere, or we are not seeing them all. Perhaps you have some strange asymmetric routing going on which could be identified with matching traces from each side of the firewall.

Best regards...Paul

answered 06 Aug '14, 06:04

PaulOfford's gravatar image

PaulOfford
131283237
accept rate: 11%