There is an application which is trying to talk to a host on a particular port and I want to see if that port is getting blocked .. I have the wireshark captures but unable to find out which error to look for. Can you please advice ? asked 05 Aug '16, 04:52 Gurushant edited 05 Aug '16, 07:09 Jaap ♦ |
One Answer:
Depending on the security appliances on the remote site (firewall, proxy server, switch/router ACL's, etc) you will see one of the following symptoms in the 3-way handshake: 1) TCP SYN packets going out, but no TCP SYN ACK replies 2) TCP SYN packets going out, but with a TCP SYN RST reply Item 1) above could also be due to an inability to find a return route as well, thus not just symptomatic of a blocked port. FWIW answered 13 Aug '16, 22:04 wbenton |
That totally depends on where these captures were made, on which interfaces it was done.
These traces were ran on a windows server where we have the config server application hosted which acts as a server and other application which is a client is trying to access the main application through the port. So we ran traces to identify the traffic that is coming into the server and want to identify if the port is getting blocked at any point of time ? Can you let us know how we identify this within the trace results ?
Thank you !
Trace from the client and you will be able to see [SYN], [RST] patterns as long as the server itself is rejecting (No App listening etc): If there is a Firewall, you may not see anything except retransmissions going to nowhere. Trace on the server and you probably wont see anything unless there is software blocking the port up the stack somewhere. But you can see that with netstat or tcpview. Not entirely 100% sure if you mean the client software is also running on the server or if it is a separate computer.