This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCP Previous segment not captured, why can’t I get to a printer?

0

Hi, I have a host on local network 10.2.18.36 and I'm trying to manage a printer on a WAN destination in our branch office which has url https://10.5.5.241. Telnet to port 443 works fine, the bandwidth is not overloaded, the latency is ok. But the browser can't open the page. Locally in the branch office I can open the URL without problems. Here's the pcap: https://www.dropbox.com/s/ne0dr0asgv8fbuz/wire-test.pcapng?dl=0

asked 03 Jul '15, 03:31

butch7's gravatar image

butch7
11114
accept rate: 0%

One Answer:

1

The 3-way handshake indicates that you have a net MSS of 1360 bytes (MTU 1400) available along the path.
However the first 2 full size segments sent by the printer never make it to you.
So obviously the adjust-mss that was occuring at your VPN edges wasn't enough to get you through the VPN tunnel unfragmented.
You need to check how large your MTU size is using

ping 10.5.5.241 -f -l 1400  
ping 10.5.5.241 -f -l 1380  
ping 10.5.5.241 -f -l 1360 ...

and have the MSS adjusted to 40 bytes less
Regards Matthias

answered 03 Jul '15, 05:30

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

edited 03 Jul '15, 05:31

Thanks Matthias, that helped. Now I'm wondering why that situation occured? We have over 15 branch offices with the same VPN links (one operator) with the same mss-adjust 1360 on tunnels, and the only problem is with this one office.

(06 Jul '15, 03:33) butch7

Well, we can only speculate as to why this occurs only in one branch office. One possible scenario: The problem might be that in this one branch office ICMP fragmentation required message are blocked and don't make it to the printer so basically PMTUD (Path MTU Discovery) wouldn't work there..

. If you're satisfied with the answer would you mind closing the question by accepting is - (click on the checkmark). Thanks

(06 Jul '15, 04:48) mrEEde