This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website not available

Hi, I'm having issues accessing an http website. I've added an exception for the site to bypass all scanning filtering etc but I'm always presented with the website not available messages. The site works perfectly externally. I Also tried a firewall rule allowing any to this site with no change.

I've got the below from drop-packet-capture, could anyone advise what's causing this.

2021-03-24 12:19:34 0102021 IP 10.0.2.192.62238 > 77.68.64.3.80 : proto TCP: R 2205047745:2205047745(0) checksum : 25611
0x0000:  4500 0028 8362 4000 8006 dd66 0a00 02c0  E..(.b@....f....
0x0010:  4d44 4003 f31e 0050 836e 5bc1 836e 5bc1  MD@....P.n[..n[.
0x0020:  5004 0000 640b 0000                      P...d...
Date=2021-03-24 Time=12:19:34 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone_id=0 source_mac=f4:39:09:23:be:bc dest_mac=7c:5a:1c:54:44:70 bridge_name= l3_protocol=IPv4 source_ip=10.0.2.192 dest_ip=77.68.64.3 l4_protocol=TCP source_port=62238 dest_port=80 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-03-24 12:19:37 0102021 IP 10.0.2.192.62277 > 77.68.64.3.80 : proto TCP: R 573836341:573836341(0) checksum : 50545
0x0000:  4500 0028 8380 4000 8006 dd48 0a00 02c0  E..(..@....H....
0x0010:  4d44 4003 f345 0050 2234 0c35 2234 0c35  MD@..E.P"4.5"4.5
0x0020:  5004 0000 c571 0000                      P....q..
Date=2021-03-24 Time=12:19:37 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone_id=0 source_mac=f4:39:09:23:be:bc dest_mac=7c:5a:1c:54:44:70 bridge_name= l3_protocol=IPv4 source_ip=10.0.2.192 dest_ip=77.68.64.3 l4_protocol=TCP source_port=62277 dest_port=80 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

This thread was automatically locked due to age.

Top Replies

Vishal_R over 4 years ago in reply to Tungmeister +1 suggested

Hi Tungmeister : I checked the attached PCAP and in PCAP communication as well server responding with 502 response to client system. Is this PCAP taken during issue re creation with plain rule (with no…

Parents

0 Vishal_R over 4 years ago

Hi Tungmeister : The drop captured is indicating RESET packets only and that will not be helpful to conclude issue with detail reason on it. You may collect TCPDUMP, Drop and PCAP file on website server IP address altogether with plain rule with no scanning and no policy by re creating the issue multiple times with different browser and then you may check the PCAP to see how conversation/communication happening with destination server.

Sophos XG Firewall: How to capture packets and download the Packet Capture:

support.sophos.com/.../KB-000037007
Cancel
Vote Up 0 Vote Down

Cancel

0 Tungmeister over 4 years ago in reply to Vishal_R

I'm seeing the following in the dump for the server IP, any suggestions?

473	6.365603	10.0.3.30	77.68.64.3	TCP	68	21782 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
474	6.365630	77.68.64.3	10.0.3.30	TCP	68	80 → 21782 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
475	6.365738	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
476	6.365786	10.0.3.30	77.68.64.3	TCP	68	21783 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
477	6.365803	77.68.64.3	10.0.3.30	TCP	68	80 → 21783 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
478	6.365900	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
479	6.366130	10.0.3.30	77.68.64.3	HTTP	529	GET / HTTP/1.1 
480	6.366139	77.68.64.3	10.0.3.30	TCP	56	80 → 21782 [ACK] Seq=1 Ack=474 Win=30336 Len=0
484	6.380699	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=1 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
485	6.380702	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=1461 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
486	6.380706	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=2921 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
487	6.380708	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=4381 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
488	6.380710	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=5841 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
489	6.380713	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=7301 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
490	6.380715	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=8761 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
491	6.380717	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=10221 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
492	6.380720	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=11681 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
493	6.380722	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=13141 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
494	6.381173	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=2921 Win=1051136 Len=0
495	6.381178	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=14601 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
496	6.381180	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=16061 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
497	6.381344	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=5841 Win=1051136 Len=0
498	6.381347	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=17521 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
499	6.381348	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=18981 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
500	6.381628	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=8761 Win=1051136 Len=0
501	6.381630	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=20441 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
502	6.381632	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=21901 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
503	6.382567	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=18981 Win=1051136 Len=0
504	6.382571	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=23361 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
505	6.382572	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=24821 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
506	6.382573	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=26281 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
507	6.382575	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [PSH, ACK] Seq=27741 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
508	6.382583	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=29201 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
509	6.382586	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=30661 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
510	6.382589	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=32121 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
511	6.382702	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=20441 Win=1051136 Len=0
512	6.382704	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=33581 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
513	6.382869	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=23361 Win=1051136 Len=0
514	6.382871	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=35041 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
515	6.382872	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=36501 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
516	6.383098	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=26281 Win=1051136 Len=0
517	6.383100	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=37961 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
518	6.383102	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=39421 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
519	6.383555	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=30661 Win=1051136 Len=0
520	6.383557	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=40881 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
521	6.383559	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=42341 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
522	6.383560	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=43801 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
523	6.383562	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=45261 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
524	6.383701	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=33581 Win=1051136 Len=0
525	6.383703	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [PSH, ACK] Seq=46721 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
526	6.383705	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=48181 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
527	6.383916	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=35041 Win=1051136 Len=0
528	6.383919	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=49641 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
529	6.384156	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=37961 Win=1051136 Len=0
530	6.384159	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=51101 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
531	6.384160	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=52561 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
532	6.384353	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=40881 Win=1051136 Len=0
533	6.384358	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=54021 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
534	6.384360	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=55481 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
535	6.384563	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=43801 Win=1051136 Len=0
536	6.384566	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=56941 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
537	6.384567	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [PSH, ACK] Seq=58401 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
538	6.384810	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=46721 Win=1051136 Len=0
539	6.384815	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=59861 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
540	6.384817	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=61321 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
541	6.385052	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=49641 Win=1051136 Len=0
542	6.385054	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=62781 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
543	6.385055	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=64241 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
544	6.385392	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=52561 Win=1051136 Len=0
545	6.385396	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=65701 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
546	6.385397	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=67161 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
547	6.385637	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=55481 Win=1051136 Len=0
548	6.385640	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [PSH, ACK] Seq=68621 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
549	6.385642	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=70081 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
550	6.385832	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=58401 Win=1051136 Len=0
551	6.385834	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=71541 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
552	6.385836	77.68.64.3	10.0.3.30	HTTP	172	HTTP/1.1 502 Connection refused  (text/html)
553	6.386040	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=61321 Win=1051136 Len=0
554	6.386291	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=64241 Win=1051136 Len=0
555	6.386577	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=67161 Win=1051136 Len=0
556	6.386840	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=70081 Win=1051136 Len=0
557	6.387105	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=73118 Win=1051136 Len=0
558	6.387213	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [FIN, ACK] Seq=474 Ack=73118 Win=1051136 Len=0
559	6.387219	77.68.64.3	10.0.3.30	TCP	56	80 → 21782 [ACK] Seq=73118 Ack=475 Win=30336 Len=0
582	6.457874	10.0.3.30	77.68.64.3	HTTP	492	GET /favicon.ico HTTP/1.1 
583	6.457886	77.68.64.3	10.0.3.30	TCP	56	80 → 21783 [ACK] Seq=1 Ack=437 Win=30336 Len=0
584	6.472513	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=1 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
585	6.472517	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=1461 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
586	6.472521	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=2921 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
587	6.472523	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=4381 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
588	6.472525	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=5841 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
589	6.472528	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=7301 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
590	6.472531	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=8761 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
591	6.472533	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=10221 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
592	6.472536	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=11681 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
593	6.472538	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=13141 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
594	6.474119	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=14601 Win=1051136 Len=0
595	6.474126	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=14601 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
596	6.474128	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=16061 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
597	6.474129	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=17521 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
598	6.474131	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=18981 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
599	6.474133	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=20441 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
600	6.474134	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=21901 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
601	6.474136	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=23361 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
602	6.474137	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=24821 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
603	6.474139	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=26281 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
604	6.474140	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [PSH, ACK] Seq=27741 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
607	6.474536	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=17521 Win=1051136 Len=0
608	6.474540	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=29201 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
609	6.474541	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=30661 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
610	6.474879	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=20441 Win=1051136 Len=0
611	6.474883	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=32121 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
612	6.474884	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=33581 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
613	6.475050	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=23361 Win=1051136 Len=0
614	6.475054	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=35041 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
615	6.475056	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=36501 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
616	6.475488	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=27741 Win=1051136 Len=0
617	6.475491	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=37961 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
618	6.475493	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=39421 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
619	6.475494	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=40881 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
620	6.475537	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=29201 Win=1051136 Len=0
621	6.475540	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [PSH, ACK] Seq=42341 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
622	6.475542	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=43801 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
623	6.475777	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=32121 Win=1051136 Len=0
624	6.475780	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=45261 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
625	6.475782	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=46721 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
626	6.476041	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=35041 Win=1051136 Len=0
627	6.476044	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=48181 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
628	6.476046	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=49641 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
629	6.476442	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=39421 Win=1051136 Len=0
630	6.476451	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=51101 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
631	6.476456	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=52561 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
632	6.476462	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=54021 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
633	6.476586	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=40881 Win=1051136 Len=0
634	6.476589	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [PSH, ACK] Seq=55481 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
635	6.476811	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=43801 Win=1051136 Len=0
636	6.476815	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=56941 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
637	6.476817	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=58401 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
638	6.477090	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=46721 Win=1051136 Len=0
639	6.477094	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=59861 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
640	6.477096	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=61321 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
641	6.477440	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=51101 Win=1051136 Len=0
642	6.477442	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=62781 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
643	6.477444	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=64241 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
644	6.477445	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=65701 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
645	6.477588	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=52561 Win=1051136 Len=0
646	6.477592	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [PSH, ACK] Seq=67161 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
647	6.477846	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=55481 Win=1051136 Len=0
648	6.477851	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=68621 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
649	6.477852	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=70081 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
650	6.478124	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=59861 Win=1051136 Len=0
651	6.478126	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=71541 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
652	6.478128	77.68.64.3	10.0.3.30	HTTP	183	HTTP/1.1 502 Connection refused  (text/html)
653	6.478270	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=61321 Win=1051136 Len=0
654	6.478493	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=64241 Win=1051136 Len=0
655	6.478747	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=67161 Win=1051136 Len=0
656	6.479024	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=70081 Win=1051136 Len=0
657	6.479293	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=73129 Win=1051136 Len=0
658	6.479468	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [FIN, ACK] Seq=437 Ack=73129 Win=1051136 Len=0
659	6.479475	77.68.64.3	10.0.3.30	TCP	56	80 → 21783 [ACK] Seq=73129 Ack=438 Win=30336 Len=0

Reply

0 Tungmeister over 4 years ago in reply to Vishal_R

I'm seeing the following in the dump for the server IP, any suggestions?

473	6.365603	10.0.3.30	77.68.64.3	TCP	68	21782 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
474	6.365630	77.68.64.3	10.0.3.30	TCP	68	80 → 21782 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
475	6.365738	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
476	6.365786	10.0.3.30	77.68.64.3	TCP	68	21783 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
477	6.365803	77.68.64.3	10.0.3.30	TCP	68	80 → 21783 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
478	6.365900	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
479	6.366130	10.0.3.30	77.68.64.3	HTTP	529	GET / HTTP/1.1 
480	6.366139	77.68.64.3	10.0.3.30	TCP	56	80 → 21782 [ACK] Seq=1 Ack=474 Win=30336 Len=0
484	6.380699	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=1 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
485	6.380702	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=1461 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
486	6.380706	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=2921 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
487	6.380708	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=4381 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
488	6.380710	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=5841 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
489	6.380713	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=7301 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
490	6.380715	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=8761 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
491	6.380717	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=10221 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
492	6.380720	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=11681 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
493	6.380722	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=13141 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
494	6.381173	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=2921 Win=1051136 Len=0
495	6.381178	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=14601 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
496	6.381180	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=16061 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
497	6.381344	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=5841 Win=1051136 Len=0
498	6.381347	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=17521 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
499	6.381348	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=18981 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
500	6.381628	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=8761 Win=1051136 Len=0
501	6.381630	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=20441 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
502	6.381632	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=21901 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
503	6.382567	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=18981 Win=1051136 Len=0
504	6.382571	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=23361 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
505	6.382572	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=24821 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
506	6.382573	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=26281 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
507	6.382575	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [PSH, ACK] Seq=27741 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
508	6.382583	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=29201 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
509	6.382586	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=30661 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
510	6.382589	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=32121 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
511	6.382702	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=20441 Win=1051136 Len=0
512	6.382704	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=33581 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
513	6.382869	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=23361 Win=1051136 Len=0
514	6.382871	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=35041 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
515	6.382872	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=36501 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
516	6.383098	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=26281 Win=1051136 Len=0
517	6.383100	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=37961 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
518	6.383102	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=39421 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
519	6.383555	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=30661 Win=1051136 Len=0
520	6.383557	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=40881 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
521	6.383559	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=42341 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
522	6.383560	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=43801 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
523	6.383562	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=45261 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
524	6.383701	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=33581 Win=1051136 Len=0
525	6.383703	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [PSH, ACK] Seq=46721 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
526	6.383705	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=48181 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
527	6.383916	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=35041 Win=1051136 Len=0
528	6.383919	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=49641 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
529	6.384156	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=37961 Win=1051136 Len=0
530	6.384159	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=51101 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
531	6.384160	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=52561 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
532	6.384353	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=40881 Win=1051136 Len=0
533	6.384358	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=54021 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
534	6.384360	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=55481 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
535	6.384563	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=43801 Win=1051136 Len=0
536	6.384566	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=56941 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
537	6.384567	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [PSH, ACK] Seq=58401 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
538	6.384810	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=46721 Win=1051136 Len=0
539	6.384815	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=59861 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
540	6.384817	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=61321 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
541	6.385052	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=49641 Win=1051136 Len=0
542	6.385054	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=62781 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
543	6.385055	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=64241 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
544	6.385392	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=52561 Win=1051136 Len=0
545	6.385396	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=65701 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
546	6.385397	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=67161 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
547	6.385637	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=55481 Win=1051136 Len=0
548	6.385640	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [PSH, ACK] Seq=68621 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
549	6.385642	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=70081 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
550	6.385832	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=58401 Win=1051136 Len=0
551	6.385834	77.68.64.3	10.0.3.30	TCP	1516	80 → 21782 [ACK] Seq=71541 Ack=474 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
552	6.385836	77.68.64.3	10.0.3.30	HTTP	172	HTTP/1.1 502 Connection refused  (text/html)
553	6.386040	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=61321 Win=1051136 Len=0
554	6.386291	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=64241 Win=1051136 Len=0
555	6.386577	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=67161 Win=1051136 Len=0
556	6.386840	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=70081 Win=1051136 Len=0
557	6.387105	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [ACK] Seq=474 Ack=73118 Win=1051136 Len=0
558	6.387213	10.0.3.30	77.68.64.3	TCP	56	21782 → 80 [FIN, ACK] Seq=474 Ack=73118 Win=1051136 Len=0
559	6.387219	77.68.64.3	10.0.3.30	TCP	56	80 → 21782 [ACK] Seq=73118 Ack=475 Win=30336 Len=0
582	6.457874	10.0.3.30	77.68.64.3	HTTP	492	GET /favicon.ico HTTP/1.1 
583	6.457886	77.68.64.3	10.0.3.30	TCP	56	80 → 21783 [ACK] Seq=1 Ack=437 Win=30336 Len=0
584	6.472513	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=1 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
585	6.472517	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=1461 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
586	6.472521	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=2921 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
587	6.472523	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=4381 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
588	6.472525	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=5841 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
589	6.472528	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=7301 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
590	6.472531	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=8761 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
591	6.472533	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=10221 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
592	6.472536	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=11681 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
593	6.472538	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=13141 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
594	6.474119	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=14601 Win=1051136 Len=0
595	6.474126	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=14601 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
596	6.474128	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=16061 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
597	6.474129	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=17521 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
598	6.474131	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=18981 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
599	6.474133	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=20441 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
600	6.474134	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=21901 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
601	6.474136	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=23361 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
602	6.474137	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=24821 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
603	6.474139	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=26281 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
604	6.474140	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [PSH, ACK] Seq=27741 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
607	6.474536	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=17521 Win=1051136 Len=0
608	6.474540	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=29201 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
609	6.474541	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=30661 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
610	6.474879	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=20441 Win=1051136 Len=0
611	6.474883	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=32121 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
612	6.474884	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=33581 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
613	6.475050	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=23361 Win=1051136 Len=0
614	6.475054	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=35041 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
615	6.475056	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=36501 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
616	6.475488	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=27741 Win=1051136 Len=0
617	6.475491	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=37961 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
618	6.475493	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=39421 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
619	6.475494	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=40881 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
620	6.475537	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=29201 Win=1051136 Len=0
621	6.475540	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [PSH, ACK] Seq=42341 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
622	6.475542	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=43801 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
623	6.475777	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=32121 Win=1051136 Len=0
624	6.475780	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=45261 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
625	6.475782	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=46721 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
626	6.476041	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=35041 Win=1051136 Len=0
627	6.476044	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=48181 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
628	6.476046	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=49641 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
629	6.476442	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=39421 Win=1051136 Len=0
630	6.476451	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=51101 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
631	6.476456	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=52561 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
632	6.476462	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=54021 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
633	6.476586	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=40881 Win=1051136 Len=0
634	6.476589	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [PSH, ACK] Seq=55481 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
635	6.476811	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=43801 Win=1051136 Len=0
636	6.476815	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=56941 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
637	6.476817	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=58401 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
638	6.477090	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=46721 Win=1051136 Len=0
639	6.477094	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=59861 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
640	6.477096	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=61321 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
641	6.477440	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=51101 Win=1051136 Len=0
642	6.477442	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=62781 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
643	6.477444	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=64241 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
644	6.477445	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=65701 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
645	6.477588	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=52561 Win=1051136 Len=0
646	6.477592	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [PSH, ACK] Seq=67161 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
647	6.477846	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=55481 Win=1051136 Len=0
648	6.477851	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=68621 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
649	6.477852	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=70081 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
650	6.478124	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=59861 Win=1051136 Len=0
651	6.478126	77.68.64.3	10.0.3.30	TCP	1516	80 → 21783 [ACK] Seq=71541 Ack=437 Win=30336 Len=1460 [TCP segment of a reassembled PDU]
652	6.478128	77.68.64.3	10.0.3.30	HTTP	183	HTTP/1.1 502 Connection refused  (text/html)
653	6.478270	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=61321 Win=1051136 Len=0
654	6.478493	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=64241 Win=1051136 Len=0
655	6.478747	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=67161 Win=1051136 Len=0
656	6.479024	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=70081 Win=1051136 Len=0
657	6.479293	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [ACK] Seq=437 Ack=73129 Win=1051136 Len=0
658	6.479468	10.0.3.30	77.68.64.3	TCP	56	21783 → 80 [FIN, ACK] Seq=437 Ack=73129 Win=1051136 Len=0
659	6.479475	77.68.64.3	10.0.3.30	TCP	56	80 → 21783 [ACK] Seq=73129 Ack=438 Win=30336 Len=0

Children

0 Vishal_R over 4 years ago in reply to Tungmeister

Hi Tungmeister I observed below suspected packet : 77.68.64.3 10.0.3.30 HTTP 183 HTTP/1.1 502 Connection refused (text/html)

However capturing Wireshark PCAP file will give more conclusive information which you may capture and download as per last provided KBA steps and running TPCDUMP, drop packet around same time
Cancel
Vote Up 0 Vote Down

Cancel
0 Tungmeister over 4 years ago in reply to Vishal_R

would you be able to have a look? https://file.io/7AVpeR9QPovN
Cancel
Vote Up 0 Vote Down

Cancel
0 Vishal_R over 4 years ago in reply to Tungmeister

Hi Tungmeister : I checked the attached PCAP and in PCAP communication as well server responding with 502 response to client system.

Is this PCAP taken during issue re creation with plain rule (with no scanning and no policy) ?

As in PCAP I can see traffic submitted to proxy and proxy header is appended. Is any other software or Antivirus running which is also intercepting Web traffic?

=========
HTTP/1.1 502 Connection refused
Date: Wed, 24 Mar 2021 12:46:14 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset="UTF-8"
Content-Length: 72878
Via: HTTP/1.1 forward.http.proxy:3128
Connection: close

Next Steps :

1) Is XG LAN IP and proxy port set as in proxy in Browser? Any other proxy details added in end system ? Please check by disabling proxy settings in browser and access the website

If issue still there then go for point no. 2. & 3.

2) Please create system IP based rule on top with no scanning and no policy and confirm the status of website and if issue still there then you may capture the PCAP again to see for this point 2 issue status to confirm more on PCAP transaction.

3) You may also terminate ISP directly on 1 system with static IP and confirm the website access and PCAP by installing Wireshark in machine.
Cancel
Vote Up +1 Vote Down

Cancel