[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.3

TCP reset flag present when trying to browse internet from any PC at location

Asked by greenbeanx81 in TCP/IP, Cisco PIX Firewall, DSL Lines / Cable Internet

Tags: TCP reset flag when trying to browse websites

Hello All,

      I am experiencing a strange issue at a customers site. Last night they had a power outage. This morning they reported that they could not browse the internet from any PC at their location. The customer has a DSL connection connected to a PIX 506E connected to a layer three switch. I am receiving a TCP reset flag sent from the web server of the site I am trying to browse. I can ping ip addresses and preform nslookup but I can not browse the internet. I have tried telneting to a webserver on port 80 but I receive nothing. My http web capture is below. Any suggestions why this is happening. I am currently waiting for the DSL company to call me back.

HTTP web capture:


No.     Time        Source                Destination           Protocol Info
      1 0.000000    172.21.173.207        72.14.253.104         TCP      fjmpss > http [SYN] Seq=0 Win=65535 Len=0 MSS=1260

Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0xd74b (55115)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x8420 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 0, Len: 0
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 0    (relative sequence number)
    Header length: 28 bytes
    Flags: 0x02 (SYN)
    Window size: 65535
    Checksum: 0x7c77 [correct]
    Options: (8 bytes)

No.     Time        Source                Destination           Protocol Info
      2 0.049646    72.14.253.104         172.21.173.207        TCP      http > fjmpss [SYN, ACK] Seq=0 Ack=1 Win=5720 Len=0 MSS=1380

Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0xa943 (43331)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 48
    Protocol: TCP (0x06)
    Header checksum: 0x4229 [correct]
    Source: 72.14.253.104 (72.14.253.104)
    Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 0, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: fjmpss (2509)
    Sequence number: 0    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 28 bytes
    Flags: 0x12 (SYN, ACK)
    Window size: 5720
    Checksum: 0x2d89 [correct]
    Options: (8 bytes)
    [SEQ/ACK analysis]

No.     Time        Source                Destination           Protocol Info
      3 0.049715    172.21.173.207        72.14.253.104         TCP      fjmpss > http [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xd74c (55116)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x8427 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
    Window size: 65535
    Checksum: 0x7055 [correct]
    [SEQ/ACK analysis]

No.     Time        Source                Destination           Protocol Info
      4 0.052137    172.21.173.207        72.14.253.104         HTTP     GET / HTTP/1.1

Frame 4 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 739
    Identification: 0xd74d (55117)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x816b [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 700    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0xa9b5 [correct]
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      5 2.980882    172.21.173.207        72.14.253.104         HTTP     [TCP Retransmission] GET / HTTP/1.1

Frame 5 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 739
    Identification: 0xd766 (55142)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x8152 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 700    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0xa9b5 [correct]
    [SEQ/ACK analysis]
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      6 8.989518    172.21.173.207        72.14.253.104         HTTP     [TCP Retransmission] GET / HTTP/1.1

Frame 6 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 739
    Identification: 0xd798 (55192)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x8120 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 700    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0xa9b5 [correct]
    [SEQ/ACK analysis]
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      7 10.098576   72.14.253.104         172.21.173.207        TCP      http > fjmpss [FIN, ACK] Seq=1 Ack=1 Win=5720 Len=0

Frame 7 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xa944 (43332)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 48
    Protocol: TCP (0x06)
    Header checksum: 0x4230 [correct]
    Source: 72.14.253.104 (72.14.253.104)
    Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 1, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: fjmpss (2509)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x11 (FIN, ACK)
    Window size: 5720
    Checksum: 0x59fc [correct]

No.     Time        Source                Destination           Protocol Info
      8 10.098657   172.21.173.207        72.14.253.104         TCP      fjmpss > http [ACK] Seq=700 Ack=2 Win=65535 Len=0

Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xd7a1 (55201)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x83d2 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 700    (relative sequence number)
    Acknowledgement number: 2    (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
    Window size: 65535
    Checksum: 0x6d99 [correct]
    [SEQ/ACK analysis]

No.     Time        Source                Destination           Protocol Info
      9 10.099079   172.21.173.207        72.14.253.104         TCP      fjmpss > http [FIN, ACK] Seq=700 Ack=2 Win=65535 Len=0

Frame 9 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xd7a6 (55206)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x83cd [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 700    (relative sequence number)
    Acknowledgement number: 2    (relative ack number)
    Header length: 20 bytes
    Flags: 0x11 (FIN, ACK)
    Window size: 65535
    Checksum: 0x6d98 [correct]

No.     Time        Source                Destination           Protocol Info
     10 10.149640   72.14.253.104         172.21.173.207        TCP      http > fjmpss [RST] Seq=2 Win=0 Len=0

Frame 10 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xa946 (43334)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 48
    Protocol: TCP (0x06)
    Header checksum: 0x422e [correct]
    Source: 72.14.253.104 (72.14.253.104)
    Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 2, Len: 0
    Source port: http (80)
    Destination port: fjmpss (2509)
    Sequence number: 2    (relative sequence number)
    Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set
    Header length: 20 bytes
    Flags: 0x04 (RST)
    Window size: 0
    Checksum: 0xf62a [correct]

No.     Time        Source                Destination           Protocol Info
     11 24.411687   172.21.173.207        72.14.253.147         HTTP     GET /firefox?client=firefox-a&rls=org.mozilla:en-US:official HTTP/1.1

Frame 11 (677 bytes on wire, 677 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.147 (72.14.253.147)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 663
    Identification: 0xd821 (55329)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x80b8 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.147 (72.14.253.147)
Transmission Control Protocol, Src Port: jbroker (2506), Dst Port: http (80), Seq: 1, Ack: 1, Len: 623
    Source port: jbroker (2506)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 624    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x19 (FIN, PSH, ACK)
    Window size: 65535
    Checksum: 0x857b [correct]
Hypertext Transfer Protocol
[+][-]02/01/08 05:24 AM, ID: 20796288Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: TCP/IP, Cisco PIX Firewall, DSL Lines / Cable Internet
Tags: TCP reset flag when trying to browse websites
Sign Up Now!
Solution Provided By: blu
Participating Experts: 3
Solution Grade: A
 
[+][-]02/01/08 12:06 PM, ID: 20800141Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-92 / EE_QW_2_20070628