This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can not open HTTP port 80 internal web page

0

I have a phone PDX 192.168.132.10 that has a management interface on http port 80. I can not access it and have tried all 3 of the top Internet browsers. I can access the switch management interface on port 80 that is connected to this PBX. Just for clarity the PC 192.168.110.111 is behind a firewall connected to a MPLS circuit and the PBX is behind a firewall connected to a MPLS circuit. I can see the TCP 3-way handshake then I get TCP Retransmission. Any insight would be helpful.

This is the screen shot of the PCAP. I can not find a way to link the PCAP file. link text

asked 29 Jun '17, 08:15

vonkloha's gravatar image

vonkloha
6113
accept rate: 0%

edited 04 Jul '17, 08:43

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142

Telling us IPs etc. is nice, but doesn't help without a pcap...

(29 Jun '17, 08:26) Jasper ♦♦

I'm trying to get PCAP uploaded

(29 Jun '17, 08:28) vonkloha

Looks like a MTU problem to me, but it's only a guess. There's probably something between the two IPs running with a lower MTU.

(29 Jun '17, 08:43) Jasper ♦♦

The engine of this site doesn't support direct upload of pcap files. You have to post the file at Cloudshark or at any generic file sharing service and edit your question with a link to it.

(29 Jun '17, 12:25) sindy

I have put the file at CloudShark. You can use this filter to see the problem. tcp.stream eq 4

https://www.cloudshark.org/captures/c89d6f894c80

(29 Jun '17, 13:25) vonkloha

Yes, I agree with @Jasper that it seems that something between the PC and the PBX doesn't let the 1514 bytes packet through. The first packet of the http response got through and has been responded, the second which makes full use of the MTU value of 1514 bytes hasn't got through.

(29 Jun '17, 13:33) sindy
showing 5 of 6 show 1 more comments

One Answer:

0

If you look at tcp.stream==1 you will all is good until frame 9 when the first 1448 byte TCP segment is sent. Inside the IP header this has the don't fragment bit set, also, you will see this is the segment that is continually re-transmitted. Some device along the path is likely not supporting MTU that can fit the size frame in frame 9, and is hence dropping the packet as the don't fragment bit is set.

answered 03 Jul '17, 14:34

Sneak2k2's gravatar image

Sneak2k2
62
accept rate: 0%

edited 03 Jul '17, 14:34