This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Intermittent LAN issues

-1

Hi,

Every now and then, our LAN interface seems to fail. The router itself (Pfsense) is reachable remotely over the internet during such outage.

Restarting the router always solved the issue.

I fired up the packet capture tool on the PFsense during the outage, which you can find here: https://www.cloudshark.org/captures/66c61a1e0b60

At first, I thought our VLANS were causing the issue because I was using unmanaged switched (and a single broadcast domain)

I removed all VLANS, so we only have one LAN interface currently. Still the issue persist.

Does anybody have a clue where to look for?

asked 12 Oct '16, 01:43

jortie2's gravatar image

jortie2
10225
accept rate: 0%

edited 12 Oct '16, 01:47

One Answer:

0

All TCP connections that trying to get to the internet (sending a SYN packet) remain unanswered (you can see that when filtering for "tcp"). Also, all ARP requests for 192.168.1.254 (which I guess is the IP of the LAN interface of the pfSense) remain unanswered, at least I don't see any.

What you could do is take a capture to compare this behavior to a working situation - you'll most likely see SYNs being answered with SYN/ACK packets, and ARP receiving replies telling the MAC address of 192.168.1.254.

It's quite unusual that ARPs aren't answered anymore - the SYNs being blocked may be explained by some firewall rule setting, but layer 2 should work...

answered 12 Oct '16, 02:23

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Yes, I cant make anything of the ARP issues as well. Also, a firewall rule should either always block, or never block, right?

What should I do next?

(12 Oct '16, 02:53) jortie2

Does the pfSense continue to run while connections are blocked? What does the "Uptime" value of the dashboard say, is it indicating a recent reboot? Which pfSense version are you running?

(12 Oct '16, 02:55) Jasper ♦♦

Pfsense stays running. I can access the Pfsense remotely (over the internet) during a LAN outage.

(12 Oct '16, 03:21) jortie2

Did you check if the LAN interface is down during the outage? It almost looks like it has to be, because it seems to be completely unresponsive - right now I'd suspect a link down/hardware problem. Maybe someone can go and check link status LEDs during the next outage?

(12 Oct '16, 04:00) Jasper ♦♦

Since you've covered the basics, it's better to head over to pfSense support

https://www.pfsense.org/get-involved/#join-the-discussion

(12 Oct '16, 07:06) Jaap ♦

The interface is not down during the outage. I will try to replace the hardware

(12 Oct '16, 07:28) jortie2
showing 5 of 6 show 1 more comments