Connection Loss
18 years 3 months ago #15950
by TheBishop
Replied by TheBishop on topic Connection Problem
I think the only way you're going to get to the bottom of this is by elimination. Can you try some other sort of connection between the two networks, say FTP or Telnet, and see if that's stable. If so, at least you know your undelying comms is not the problem and can look elsewhere. Also you might want to try having a continuous ping runnig between the two ends and see if any drops in that correlate with your sessions dropping out. Also it would be worth trying to get a packet capture trace of a session in progress and, even more useful, a trace of one failing
18 years 3 months ago #15951
by Rockape
Replied by Rockape on topic Re: Connection Loss
Just another thought, whilst you are doing the continuous ping, try copying some files across the two networks and see what happens to the ping times.
18 years 3 months ago #15968
by mikel23
Replied by mikel23 on topic Re: Connection Loss
Actually I did yesterday have a session running on my PC yesterday and was using Ethereal to do a capture on the traffic running through the port my PC was using at the time. The protocal used was SSLv3, so my capture was able to capture TCP traffic as well as SSLv3 traffic. Unfortunately I did not capture an instant where my connection dropped however I did notice on the report that there were entries of "Malformed Packet".
5 0.090282 203.48.12.13 10.3.23.104 SSLv3 Continuation Data, [Malformed Packet]
These entries are captured continuosly throughout the capture. The problem is i am unsure as to what exactly that means. I have the report as a text file and was wondering if I can attach it to a post here?? If so please let me know how to do it and I will attach on my next post.
Could the issue be the IOS version we are currently running on our firewall?? As mentioned earlier we are on v6.?? but I know v7.?? is available.
Michael
5 0.090282 203.48.12.13 10.3.23.104 SSLv3 Continuation Data, [Malformed Packet]
These entries are captured continuosly throughout the capture. The problem is i am unsure as to what exactly that means. I have the report as a text file and was wondering if I can attach it to a post here?? If so please let me know how to do it and I will attach on my next post.
Could the issue be the IOS version we are currently running on our firewall?? As mentioned earlier we are on v6.?? but I know v7.?? is available.
Michael
18 years 3 months ago #15975
by TheBishop
Replied by TheBishop on topic Re: Connection Loss
I don't think you can attach a file directly but you can copy/paste into your post and use the formatting buttons to tag the section. If you do send us an Ethereal trace however, remember to change or overwrite any IP addresses you wouldn't want revealed to the world!
18 years 3 months ago #15981
by d_jabsd
This is normal for SSL traffic usually. Ethereal can't read the entire packet due to encryption.
To verify, look for re-transmissions. A retransmission will indicate that the packet never arrived, or arrived so corrupted that it had to be resent.
Replied by d_jabsd on topic Re: Connection Loss
5 0.090282 203.48.12.13 10.3.23.104 SSLv3 Continuation Data, [Malformed Packet]
This is normal for SSL traffic usually. Ethereal can't read the entire packet due to encryption.
To verify, look for re-transmissions. A retransmission will indicate that the packet never arrived, or arrived so corrupted that it had to be resent.
18 years 3 months ago #16034
by mikel23
Replied by mikel23 on topic Re: Connection Loss
I have had some firewall experts take a look at my firewall and apparently their are some TCP Resets on our inside interface. Not sure what this means but having a look through the capture I did as referred to in a previous post to see if I can see anything obvious to post here.
Any other things to look for while I'm at it??
Thanks Guys
Any other things to look for while I'm at it??
Thanks Guys
Time to create page: 0.132 seconds