I'm using Wireshark and tcpdump to capture traffic in order to debug a timeout issue that I'm facing when I'm connected to out website from our local network (I don't have any problem when using other networks). I analysed capture files using WireShark and noticed that (only for the requests that timeout):
UPDATE: Apparently it's a NAT issue. (cf https://forum.fortinet.com/tm.aspx?m=120355#120439 ) I can't check nor change NAT configuration. Is there any workaround to this issue? Thanks PS: There is a FortiGuard proxy set up on our local netwok. asked 07 Jul '15, 01:52  mr1azl edited 08 Jul '15, 07:56 showing 5 of 8 show 3 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
The client has a session with the proxy. And the proxy tries to initiate a session with the server. It seems that something blocks the Syn or the Syn/Ack. Are you able to see the connection request with the " netstat" command? For example netstat -ano on Windows OS. Btw the time is not really in sync.
I can't run netstat on the server (we have more than 20k request/s). I still have the same problem even if I set the time on the server
which OS are you using?
centos 6.6
If you can't do a netstat with a grep them it could be hard to find the failure. you must investigate what haüpens with the syn, if you want to find the root cause. Was the trace taken on the server?
Yes the capture was taken in the server. Cloud you explain to me how could netstat help us to figure out what happens to syn?
Netstat can show you the tcp-state of a tcp connection. So in your case the expectation could be: nothing, syn received or time wait. So if we see nothing then something blocks the syn.
Interesting Update. But why does your Server not reply the Syn with a Syn/Ack (if the trace was taken on the Server)???