How about posting the pix config here?
Cheers,
Rajesh
Main Topics
Browse All TopicsHello All,
I am experiencing a strange issue at a customers site. Last night they had a power outage. This morning they reported that they could not browse the internet from any PC at their location. The customer has a DSL connection connected to a PIX 506E connected to a layer three switch. I am receiving a TCP reset flag sent from the web server of the site I am trying to browse. I can ping ip addresses and preform nslookup but I can not browse the internet. I have tried telneting to a webserver on port 80 but I receive nothing. My http web capture is below. Any suggestions why this is happening. I am currently waiting for the DSL company to call me back.
HTTP web capture:
No. Time Source Destination Protocol Info
1 0.000000 172.21.173.207 72.14.253.104 TCP fjmpss > http [SYN] Seq=0 Win=65535 Len=0 MSS=1260
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0xd74b (55115)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x8420 [correct]
Source: 172.21.173.207 (172.21.173.207)
Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 0, Len: 0
Source port: fjmpss (2509)
Destination port: http (80)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x02 (SYN)
Window size: 65535
Checksum: 0x7c77 [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
2 0.049646 72.14.253.104 172.21.173.207 TCP http > fjmpss [SYN, ACK] Seq=0 Ack=1 Win=5720 Len=0 MSS=1380
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0xa943 (43331)
Flags: 0x00
Fragment offset: 0
Time to live: 48
Protocol: TCP (0x06)
Header checksum: 0x4229 [correct]
Source: 72.14.253.104 (72.14.253.104)
Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: fjmpss (2509)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x12 (SYN, ACK)
Window size: 5720
Checksum: 0x2d89 [correct]
Options: (8 bytes)
[SEQ/ACK analysis]
No. Time Source Destination Protocol Info
3 0.049715 172.21.173.207 72.14.253.104 TCP fjmpss > http [ACK] Seq=1 Ack=1 Win=65535 Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0xd74c (55116)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x8427 [correct]
Source: 172.21.173.207 (172.21.173.207)
Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: fjmpss (2509)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65535
Checksum: 0x7055 [correct]
[SEQ/ACK analysis]
No. Time Source Destination Protocol Info
4 0.052137 172.21.173.207 72.14.253.104 HTTP GET / HTTP/1.1
Frame 4 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 739
Identification: 0xd74d (55117)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x816b [correct]
Source: 172.21.173.207 (172.21.173.207)
Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
Source port: fjmpss (2509)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
[Next sequence number: 700 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65535
Checksum: 0xa9b5 [correct]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
5 2.980882 172.21.173.207 72.14.253.104 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 5 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 739
Identification: 0xd766 (55142)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x8152 [correct]
Source: 172.21.173.207 (172.21.173.207)
Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
Source port: fjmpss (2509)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
[Next sequence number: 700 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65535
Checksum: 0xa9b5 [correct]
[SEQ/ACK analysis]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
6 8.989518 172.21.173.207 72.14.253.104 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 6 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 739
Identification: 0xd798 (55192)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x8120 [correct]
Source: 172.21.173.207 (172.21.173.207)
Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
Source port: fjmpss (2509)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
[Next sequence number: 700 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65535
Checksum: 0xa9b5 [correct]
[SEQ/ACK analysis]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
7 10.098576 72.14.253.104 172.21.173.207 TCP http > fjmpss [FIN, ACK] Seq=1 Ack=1 Win=5720 Len=0
Frame 7 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0xa944 (43332)
Flags: 0x00
Fragment offset: 0
Time to live: 48
Protocol: TCP (0x06)
Header checksum: 0x4230 [correct]
Source: 72.14.253.104 (72.14.253.104)
Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 1, Ack: 1, Len: 0
Source port: http (80)
Destination port: fjmpss (2509)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 5720
Checksum: 0x59fc [correct]
No. Time Source Destination Protocol Info
8 10.098657 172.21.173.207 72.14.253.104 TCP fjmpss > http [ACK] Seq=700 Ack=2 Win=65535 Len=0
Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0xd7a1 (55201)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x83d2 [correct]
Source: 172.21.173.207 (172.21.173.207)
Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
Source port: fjmpss (2509)
Destination port: http (80)
Sequence number: 700 (relative sequence number)
Acknowledgement number: 2 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65535
Checksum: 0x6d99 [correct]
[SEQ/ACK analysis]
No. Time Source Destination Protocol Info
9 10.099079 172.21.173.207 72.14.253.104 TCP fjmpss > http [FIN, ACK] Seq=700 Ack=2 Win=65535 Len=0
Frame 9 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0xd7a6 (55206)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x83cd [correct]
Source: 172.21.173.207 (172.21.173.207)
Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
Source port: fjmpss (2509)
Destination port: http (80)
Sequence number: 700 (relative sequence number)
Acknowledgement number: 2 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 65535
Checksum: 0x6d98 [correct]
No. Time Source Destination Protocol Info
10 10.149640 72.14.253.104 172.21.173.207 TCP http > fjmpss [RST] Seq=2 Win=0 Len=0
Frame 10 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0xa946 (43334)
Flags: 0x00
Fragment offset: 0
Time to live: 48
Protocol: TCP (0x06)
Header checksum: 0x422e [correct]
Source: 72.14.253.104 (72.14.253.104)
Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 2, Len: 0
Source port: http (80)
Destination port: fjmpss (2509)
Sequence number: 2 (relative sequence number)
Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set
Header length: 20 bytes
Flags: 0x04 (RST)
Window size: 0
Checksum: 0xf62a [correct]
No. Time Source Destination Protocol Info
11 24.411687 172.21.173.207 72.14.253.147 HTTP GET /firefox?client=firefox-a&
Frame 11 (677 bytes on wire, 677 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.147 (72.14.253.147)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 663
Identification: 0xd821 (55329)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x80b8 [correct]
Source: 172.21.173.207 (172.21.173.207)
Destination: 72.14.253.147 (72.14.253.147)
Transmission Control Protocol, Src Port: jbroker (2506), Dst Port: http (80), Seq: 1, Ack: 1, Len: 623
Source port: jbroker (2506)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
[Next sequence number: 624 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x19 (FIN, PSH, ACK)
Window size: 65535
Checksum: 0x857b [correct]
Hypertext Transfer Protocol
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Business Accounts
Answer for Membership
by: bluPosted on 2008-02-01 at 05:24:12ID: 20796288
It looks to me like the packets with a TCP data length greater than 0 are being dropped. The web server is waiting
for the request but never sees it. After 10 seconds, it times out and closes the connection. The reset is just because
by the time the FIN,ACK is sent from the client, the web server has forgotten about the client and responds with a
reset, which just means that a packet arrived for a connection it does not currently have.