https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755781#M8636 <P>Is this device connected to a ethernet switch?</P><P>If yes, you can configure a span port (port mirror) to this switch in order to capture the traffic destinated and originated to the 3G device.</P><P>&nbsp;</P><P>Regards.</P> Fri, 30 Nov 2018 12:54:55 GMT Daniele Giordano 2018-11-30T12:54:55Z https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755089#M8631 <P>Hello,</P> <P>&nbsp;</P> <P>I would like to know at which end the issue lies, In the&nbsp; attached wireshark traces, the ip address 10.92.55.255 sends SYN to 92.60.106.204 and the ip 92.60.106.204 replies with SYN ACK but then we don't see any ACK from&nbsp;<SPAN>10.92.55.255.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Can we say the issue is at&nbsp;10.92.55.255 end as its not replying back to the SYN ACk ? or is there anyway to check if&nbsp;10.92.55.255 has received the SYN ACK from&nbsp;92.60.106.204 so that it can respond&nbsp;92.60.106.204 with an ACK ?</SPAN></P> <P>&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Wireshark Traces.JPG" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/25009i7548A37CD4231C45/image-size/large?v=v2&amp;px=999" role="button" title="Wireshark Traces.JPG" alt="Wireshark Traces.JPG" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN>Any help will be much appreciated.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks,</SPAN></P> Fri, 21 Feb 2020 16:31:25 GMT https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755089#M8631 kamrannaseem1 2020-02-21T16:31:25Z https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755169#M8632 <P>Hi, yes the issue seems related to server with IP&nbsp;<SPAN>10.92.55.255.</SPAN></P><P><SPAN>The ACK is missing.</SPAN></P><P><SPAN>Can you install wireshark directly on the server?</SPAN></P><P><SPAN>If it's a linux, can you execute a tcpdump to check if the server receive the SYN ACK?</SPAN></P><P>&nbsp;</P><P><SPAN>Regards.</SPAN></P> Thu, 29 Nov 2018 14:39:32 GMT https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755169#M8632 Daniele Giordano 2018-11-29T14:39:32Z https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755738#M8634 <P>Thanks Daniele<SPAN class="">&nbsp;for the reply.</SPAN></P> <P>&nbsp;</P> <P>The&nbsp;<SPAN>10.92.55.255 device is a 3G device and the customer can't&nbsp;run any debugs on it.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Is there any other way we can check to see if the SYN ACK is being received by this device ?</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><BR />Thanks.</P> Fri, 30 Nov 2018 11:44:44 GMT https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755738#M8634 kamrannaseem1 2018-11-30T11:44:44Z https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755781#M8636 <P>Is this device connected to a ethernet switch?</P><P>If yes, you can configure a span port (port mirror) to this switch in order to capture the traffic destinated and originated to the 3G device.</P><P>&nbsp;</P><P>Regards.</P> Fri, 30 Nov 2018 12:54:55 GMT https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755781#M8636 Daniele Giordano 2018-11-30T12:54:55Z https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755788#M8638 <P>3G is a wireless radio connection type. So it would not be connected to a wired switch.</P> <P>&nbsp;</P> <P>The best the OP would be able to do is monitor from the point at which it leaves the network and goes to the wireless gateway. You may be able to see the SYN ACK outbound there; but the only way to see if for sure on the endpoint is to have an on-device tool that captures endpoint traffic.</P> Fri, 30 Nov 2018 13:09:26 GMT https://community.cisco.com/t5/network-security/wireshark-traces/m-p/3755788#M8638 Marvin Rhoads 2018-11-30T13:09:26Z