A firewall capture for a web-server communication issue to a dmz host.

rizwanr74 · ‎04-09-2015

Hi experts,

I have an issue at work with a web server (@192.168.0.142) communicating with a database server (@10.0.131.116) in a routed environment.

A page loads from the web-server which displays data filed and when clicked to download the data, it fails.

I did a capture from the pix firewall, where the database server sitting behind a DMZ, I am not so sure, what is unusual in the capture.and I what could not see in the capture are syn, syn-ack packets.

Please see the attached capture file.

thanks

Jon Marshall · ‎04-10-2015

Rizwan

The packet capture shows a few different 192.168.0.x IPs talking to the database server.

Are these also web servers and if so do they have any problems ?

In addition is this a new application or new web server ie. is the server successfully communicating with the database server for any other applications ?

And if the other IPs are web servers can you run the same application from them or it is only on just this one web server ?

If there are other web servers and they can run the same application then what would be really helpful is to refine your packet capture ie.

1) run a capture specifically for a web server that works

2) run a capture for the web server that doesn't

I did have a quick look at the packet capture and I can't see anything obviously wrong although it's been a while since I looked at these so others may spot something I am missing.

You won't necessarily see the initial connection flags as your capture may have been run while those connections had already been setup.

Jon