greenbeanx81
asked on
TCP reset flag present when trying to browse internet from any PC at location
Hello All,
   I am experiencing a strange issue at a customers site. Last night they had a power outage. This morning they reported that they could not browse the internet from any PC at their location. The customer has a DSL connection connected to a PIX 506E connected to a layer three switch. I am receiving a TCP reset flag sent from the web server of the site I am trying to browse. I can ping ip addresses and preform nslookup but I can not browse the internet. I have tried telneting to a webserver on port 80 but I receive nothing. My http web capture is below. Any suggestions why this is happening. I am currently waiting for the DSL company to call me back.
HTTP web capture:
No.   Time     Source         Destination      Protocol Info
   1 0.000000   172.21.173.207     72.14.253.104     TCP    fjmpss > http [SYN] Seq=0 Win=65535 Len=0 MSS=1260
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 48
  Identification: 0xd74b (55115)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x8420 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 0, Len: 0
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 0   (relative sequence number)
  Header length: 28 bytes
  Flags: 0x02 (SYN)
  Window size: 65535
  Checksum: 0x7c77 [correct]
  Options: (8 bytes)
No.   Time     Source         Destination      Protocol Info
   2 0.049646   72.14.253.104     172.21.173.207     TCP    http > fjmpss [SYN, ACK] Seq=0 Ack=1 Win=5720 Len=0 MSS=1380
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 48
  Identification: 0xa943 (43331)
  Flags: 0x00
  Fragment offset: 0
  Time to live: 48
  Protocol: TCP (0x06)
  Header checksum: 0x4229 [correct]
  Source: 72.14.253.104 (72.14.253.104)
  Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 0, Ack: 1, Len: 0
  Source port: http (80)
  Destination port: fjmpss (2509)
  Sequence number: 0   (relative sequence number)
  Acknowledgement number: 1   (relative ack number)
  Header length: 28 bytes
  Flags: 0x12 (SYN, ACK)
  Window size: 5720
  Checksum: 0x2d89 [correct]
  Options: (8 bytes)
  [SEQ/ACK analysis]
No.   Time     Source         Destination      Protocol Info
   3 0.049715   172.21.173.207     72.14.253.104     TCP    fjmpss > http [ACK] Seq=1 Ack=1 Win=65535 Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xd74c (55116)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x8427 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x10 (ACK)
  Window size: 65535
  Checksum: 0x7055 [correct]
  [SEQ/ACK analysis]
No.   Time     Source         Destination      Protocol Info
   4 0.052137   172.21.173.207     72.14.253.104     HTTP   GET / HTTP/1.1
Frame 4 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 739
  Identification: 0xd74d (55117)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x816b [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  [Next sequence number: 700   (relative sequence number)]
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x18 (PSH, ACK)
  Window size: 65535
  Checksum: 0xa9b5 [correct]
Hypertext Transfer Protocol
No.   Time     Source         Destination      Protocol Info
   5 2.980882   172.21.173.207     72.14.253.104     HTTP   [TCP Retransmission] GET / HTTP/1.1
Frame 5 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 739
  Identification: 0xd766 (55142)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x8152 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  [Next sequence number: 700   (relative sequence number)]
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x18 (PSH, ACK)
  Window size: 65535
  Checksum: 0xa9b5 [correct]
  [SEQ/ACK analysis]
Hypertext Transfer Protocol
No.   Time     Source         Destination      Protocol Info
   6 8.989518   172.21.173.207     72.14.253.104     HTTP   [TCP Retransmission] GET / HTTP/1.1
Frame 6 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 739
  Identification: 0xd798 (55192)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x8120 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  [Next sequence number: 700   (relative sequence number)]
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x18 (PSH, ACK)
  Window size: 65535
  Checksum: 0xa9b5 [correct]
  [SEQ/ACK analysis]
Hypertext Transfer Protocol
No.   Time     Source         Destination      Protocol Info
   7 10.098576  72.14.253.104     172.21.173.207     TCP    http > fjmpss [FIN, ACK] Seq=1 Ack=1 Win=5720 Len=0
Frame 7 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xa944 (43332)
  Flags: 0x00
  Fragment offset: 0
  Time to live: 48
  Protocol: TCP (0x06)
  Header checksum: 0x4230 [correct]
  Source: 72.14.253.104 (72.14.253.104)
  Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 1, Ack: 1, Len: 0
  Source port: http (80)
  Destination port: fjmpss (2509)
  Sequence number: 1   (relative sequence number)
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x11 (FIN, ACK)
  Window size: 5720
  Checksum: 0x59fc [correct]
No.   Time     Source         Destination      Protocol Info
   8 10.098657  172.21.173.207     72.14.253.104     TCP    fjmpss > http [ACK] Seq=700 Ack=2 Win=65535 Len=0
Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xd7a1 (55201)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x83d2 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 700   (relative sequence number)
  Acknowledgement number: 2   (relative ack number)
  Header length: 20 bytes
  Flags: 0x10 (ACK)
  Window size: 65535
  Checksum: 0x6d99 [correct]
  [SEQ/ACK analysis]
No.   Time     Source         Destination      Protocol Info
   9 10.099079  172.21.173.207     72.14.253.104     TCP    fjmpss > http [FIN, ACK] Seq=700 Ack=2 Win=65535 Len=0
Frame 9 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xd7a6 (55206)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x83cd [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 700   (relative sequence number)
  Acknowledgement number: 2   (relative ack number)
  Header length: 20 bytes
  Flags: 0x11 (FIN, ACK)
  Window size: 65535
  Checksum: 0x6d98 [correct]
No.   Time     Source         Destination      Protocol Info
   10 10.149640  72.14.253.104     172.21.173.207     TCP    http > fjmpss [RST] Seq=2 Win=0 Len=0
Frame 10 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xa946 (43334)
  Flags: 0x00
  Fragment offset: 0
  Time to live: 48
  Protocol: TCP (0x06)
  Header checksum: 0x422e [correct]
  Source: 72.14.253.104 (72.14.253.104)
  Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 2, Len: 0
  Source port: http (80)
  Destination port: fjmpss (2509)
  Sequence number: 2   (relative sequence number)
  Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set
  Header length: 20 bytes
  Flags: 0x04 (RST)
  Window size: 0
  Checksum: 0xf62a [correct]
No.   Time     Source         Destination      Protocol Info
   11 24.411687  172.21.173.207     72.14.253.147     HTTP   GET /firefox?client=firefox-a& rls=org.mo zilla:en-U S:official HTTP/1.1
Frame 11 (677 bytes on wire, 677 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.147 (72.14.253.147)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 663
  Identification: 0xd821 (55329)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x80b8 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.147 (72.14.253.147)
Transmission Control Protocol, Src Port: jbroker (2506), Dst Port: http (80), Seq: 1, Ack: 1, Len: 623
  Source port: jbroker (2506)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  [Next sequence number: 624   (relative sequence number)]
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x19 (FIN, PSH, ACK)
  Window size: 65535
  Checksum: 0x857b [correct]
Hypertext Transfer Protocol
   I am experiencing a strange issue at a customers site. Last night they had a power outage. This morning they reported that they could not browse the internet from any PC at their location. The customer has a DSL connection connected to a PIX 506E connected to a layer three switch. I am receiving a TCP reset flag sent from the web server of the site I am trying to browse. I can ping ip addresses and preform nslookup but I can not browse the internet. I have tried telneting to a webserver on port 80 but I receive nothing. My http web capture is below. Any suggestions why this is happening. I am currently waiting for the DSL company to call me back.
HTTP web capture:
No.   Time     Source         Destination      Protocol Info
   1 0.000000   172.21.173.207     72.14.253.104     TCP    fjmpss > http [SYN] Seq=0 Win=65535 Len=0 MSS=1260
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 48
  Identification: 0xd74b (55115)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x8420 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 0, Len: 0
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 0   (relative sequence number)
  Header length: 28 bytes
  Flags: 0x02 (SYN)
  Window size: 65535
  Checksum: 0x7c77 [correct]
  Options: (8 bytes)
No.   Time     Source         Destination      Protocol Info
   2 0.049646   72.14.253.104     172.21.173.207     TCP    http > fjmpss [SYN, ACK] Seq=0 Ack=1 Win=5720 Len=0 MSS=1380
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 48
  Identification: 0xa943 (43331)
  Flags: 0x00
  Fragment offset: 0
  Time to live: 48
  Protocol: TCP (0x06)
  Header checksum: 0x4229 [correct]
  Source: 72.14.253.104 (72.14.253.104)
  Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 0, Ack: 1, Len: 0
  Source port: http (80)
  Destination port: fjmpss (2509)
  Sequence number: 0   (relative sequence number)
  Acknowledgement number: 1   (relative ack number)
  Header length: 28 bytes
  Flags: 0x12 (SYN, ACK)
  Window size: 5720
  Checksum: 0x2d89 [correct]
  Options: (8 bytes)
  [SEQ/ACK analysis]
No.   Time     Source         Destination      Protocol Info
   3 0.049715   172.21.173.207     72.14.253.104     TCP    fjmpss > http [ACK] Seq=1 Ack=1 Win=65535 Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xd74c (55116)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x8427 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x10 (ACK)
  Window size: 65535
  Checksum: 0x7055 [correct]
  [SEQ/ACK analysis]
No.   Time     Source         Destination      Protocol Info
   4 0.052137   172.21.173.207     72.14.253.104     HTTP   GET / HTTP/1.1
Frame 4 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 739
  Identification: 0xd74d (55117)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x816b [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  [Next sequence number: 700   (relative sequence number)]
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x18 (PSH, ACK)
  Window size: 65535
  Checksum: 0xa9b5 [correct]
Hypertext Transfer Protocol
No.   Time     Source         Destination      Protocol Info
   5 2.980882   172.21.173.207     72.14.253.104     HTTP   [TCP Retransmission] GET / HTTP/1.1
Frame 5 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 739
  Identification: 0xd766 (55142)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x8152 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  [Next sequence number: 700   (relative sequence number)]
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x18 (PSH, ACK)
  Window size: 65535
  Checksum: 0xa9b5 [correct]
  [SEQ/ACK analysis]
Hypertext Transfer Protocol
No.   Time     Source         Destination      Protocol Info
   6 8.989518   172.21.173.207     72.14.253.104     HTTP   [TCP Retransmission] GET / HTTP/1.1
Frame 6 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 739
  Identification: 0xd798 (55192)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x8120 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  [Next sequence number: 700   (relative sequence number)]
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x18 (PSH, ACK)
  Window size: 65535
  Checksum: 0xa9b5 [correct]
  [SEQ/ACK analysis]
Hypertext Transfer Protocol
No.   Time     Source         Destination      Protocol Info
   7 10.098576  72.14.253.104     172.21.173.207     TCP    http > fjmpss [FIN, ACK] Seq=1 Ack=1 Win=5720 Len=0
Frame 7 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xa944 (43332)
  Flags: 0x00
  Fragment offset: 0
  Time to live: 48
  Protocol: TCP (0x06)
  Header checksum: 0x4230 [correct]
  Source: 72.14.253.104 (72.14.253.104)
  Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 1, Ack: 1, Len: 0
  Source port: http (80)
  Destination port: fjmpss (2509)
  Sequence number: 1   (relative sequence number)
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x11 (FIN, ACK)
  Window size: 5720
  Checksum: 0x59fc [correct]
No.   Time     Source         Destination      Protocol Info
   8 10.098657  172.21.173.207     72.14.253.104     TCP    fjmpss > http [ACK] Seq=700 Ack=2 Win=65535 Len=0
Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xd7a1 (55201)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x83d2 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 700   (relative sequence number)
  Acknowledgement number: 2   (relative ack number)
  Header length: 20 bytes
  Flags: 0x10 (ACK)
  Window size: 65535
  Checksum: 0x6d99 [correct]
  [SEQ/ACK analysis]
No.   Time     Source         Destination      Protocol Info
   9 10.099079  172.21.173.207     72.14.253.104     TCP    fjmpss > http [FIN, ACK] Seq=700 Ack=2 Win=65535 Len=0
Frame 9 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xd7a6 (55206)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x83cd [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
  Source port: fjmpss (2509)
  Destination port: http (80)
  Sequence number: 700   (relative sequence number)
  Acknowledgement number: 2   (relative ack number)
  Header length: 20 bytes
  Flags: 0x11 (FIN, ACK)
  Window size: 65535
  Checksum: 0x6d98 [correct]
No.   Time     Source         Destination      Protocol Info
   10 10.149640  72.14.253.104     172.21.173.207     TCP    http > fjmpss [RST] Seq=2 Win=0 Len=0
Frame 10 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0xa946 (43334)
  Flags: 0x00
  Fragment offset: 0
  Time to live: 48
  Protocol: TCP (0x06)
  Header checksum: 0x422e [correct]
  Source: 72.14.253.104 (72.14.253.104)
  Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 2, Len: 0
  Source port: http (80)
  Destination port: fjmpss (2509)
  Sequence number: 2   (relative sequence number)
  Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set
  Header length: 20 bytes
  Flags: 0x04 (RST)
  Window size: 0
  Checksum: 0xf62a [correct]
No.   Time     Source         Destination      Protocol Info
   11 24.411687  172.21.173.207     72.14.253.147     HTTP   GET /firefox?client=firefox-a&
Frame 11 (677 bytes on wire, 677 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.147 (72.14.253.147)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 663
  Identification: 0xd821 (55329)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0x80b8 [correct]
  Source: 172.21.173.207 (172.21.173.207)
  Destination: 72.14.253.147 (72.14.253.147)
Transmission Control Protocol, Src Port: jbroker (2506), Dst Port: http (80), Seq: 1, Ack: 1, Len: 623
  Source port: jbroker (2506)
  Destination port: http (80)
  Sequence number: 1   (relative sequence number)
  [Next sequence number: 624   (relative sequence number)]
  Acknowledgement number: 1   (relative ack number)
  Header length: 20 bytes
  Flags: 0x19 (FIN, PSH, ACK)
  Window size: 65535
  Checksum: 0x857b [correct]
Hypertext Transfer Protocol
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. WE actually traced the problem to Websense somehow causing this issue. After disabling it on the PIX is fine.
What was the fix?
Please provide the fix... :)
Cheers,
Rajesh