Re: Wireshark Traces

kamrannaseem1 · ‎11-29-2018

Hello,

I would like to know at which end the issue lies, In the attached wireshark traces, the ip address 10.92.55.255 sends SYN to 92.60.106.204 and the ip 92.60.106.204 replies with SYN ACK but then we don't see any ACK from 10.92.55.255.

Can we say the issue is at 10.92.55.255 end as its not replying back to the SYN ACk ? or is there anyway to check if 10.92.55.255 has received the SYN ACK from 92.60.106.204 so that it can respond 92.60.106.204 with an ACK ?

Any help will be much appreciated.

Thanks,

Daniele Giordano · ‎11-29-2018

Hi, yes the issue seems related to server with IP 10.92.55.255.

The ACK is missing.

Can you install wireshark directly on the server?

If it's a linux, can you execute a tcpdump to check if the server receive the SYN ACK?

Regards.

kamrannaseem1 · ‎11-30-2018

Thanks Daniele for the reply.

The 10.92.55.255 device is a 3G device and the customer can't run any debugs on it.

Is there any other way we can check to see if the SYN ACK is being received by this device ?

Thanks.

Daniele Giordano · ‎11-30-2018

Is this device connected to a ethernet switch?

If yes, you can configure a span port (port mirror) to this switch in order to capture the traffic destinated and originated to the 3G device.

Regards.

Marvin Rhoads · ‎11-30-2018

3G is a wireless radio connection type. So it would not be connected to a wired switch.

The best the OP would be able to do is monitor from the point at which it leaves the network and goes to the wireless gateway. You may be able to see the SYN ACK outbound there; but the only way to see if for sure on the endpoint is to have an on-device tool that captures endpoint traffic.