To whom it may concern, While I am not new to Help Desk work I am relatively new to advanced networking operations such as deciphering Wireshark messages as related to tracking down why errors pop up in applications when uploading files over the internet. If I'm able to, I'm going to attached 3 Wireshark captures to this message. One is from the device that was doing the uploading and the other 2 were from the Cisco ASA firewall's ingress_egress capturing TCP only. These captures were all performed simultaneously, of course, but the added twist is my ASA captures are about 8 minutes fast (sorry about that). The time on the 'Nancy' capture is correct and the specific times the PC was throwing out each error message during the upload were at 2:08 p.m., 2:09 p.m. and 2:14 p.m. Wireshark captures are located at: https://drive.google.com/open?id=0B6yAAiHYJtJSU3phWUl3eFdseDQ asked 11 Apr '17, 11:22 mahrsmusic edited 11 Apr '17, 11:27 |
One Answer:
I've taken the time to answer this one because I think that it might make a nice case study one day. I can't tell you why but I can tell you what is happening. There are many HTTPS connections to 52.5.5.205 in this capture. The 7 connections have client port numbers 57519, 57565, 57568, 57580, 57587, 57589 & 57638 and they all have a similar form in the way they terminate. Since they sessions are encrypted, we can't see what the transactions contained or if there were any HTTP error messages within them. Using the last one, port 57638, as an example, here's what happens:
These connections/terminations seem to match the times you mention. Further, they look the same in your other ASA captures. My suspicion would be that these requests with no response are triggering your error messages. The questions you might like to find answers to are:
I note that there was lots and lots of other traffic in your PC trace. Just for fun (other readers might like to test their skills in finding these) here are some other items that I found interesting.
answered 12 Apr '17, 00:05 Philst |
Thank you so much! I tried to cast my vote but it's says I'm not able to at this time. AWESOME ANSWER! Thank you again, so much! I've been trying to learn Wireshark for the past 2 weeks (and study for my CCNA, raise 3 kids, etc. etc.). Your help is SO MUCH APPRECIATED!!!!