TCP reset flag present when trying to browse internet from any PC at location

Hello All,

      I am experiencing a strange issue at a customers site. Last night they had a power outage. This morning they reported that they could not browse the internet from any PC at their location. The customer has a DSL connection connected to a PIX 506E connected to a layer three switch. I am receiving a TCP reset flag sent from the web server of the site I am trying to browse. I can ping ip addresses and preform nslookup but I can not browse the internet. I have tried telneting to a webserver on port 80 but I receive nothing. My http web capture is below. Any suggestions why this is happening. I am currently waiting for the DSL company to call me back.

HTTP web capture:


No.     Time        Source                Destination           Protocol Info
      1 0.000000    172.21.173.207        72.14.253.104         TCP      fjmpss > http [SYN] Seq=0 Win=65535 Len=0 MSS=1260

Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0xd74b (55115)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x8420 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 0, Len: 0
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 0    (relative sequence number)
    Header length: 28 bytes
    Flags: 0x02 (SYN)
    Window size: 65535
    Checksum: 0x7c77 [correct]
    Options: (8 bytes)

No.     Time        Source                Destination           Protocol Info
      2 0.049646    72.14.253.104         172.21.173.207        TCP      http > fjmpss [SYN, ACK] Seq=0 Ack=1 Win=5720 Len=0 MSS=1380

Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0xa943 (43331)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 48
    Protocol: TCP (0x06)
    Header checksum: 0x4229 [correct]
    Source: 72.14.253.104 (72.14.253.104)
    Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 0, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: fjmpss (2509)
    Sequence number: 0    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 28 bytes
    Flags: 0x12 (SYN, ACK)
    Window size: 5720
    Checksum: 0x2d89 [correct]
    Options: (8 bytes)
    [SEQ/ACK analysis]

No.     Time        Source                Destination           Protocol Info
      3 0.049715    172.21.173.207        72.14.253.104         TCP      fjmpss > http [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xd74c (55116)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x8427 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
    Window size: 65535
    Checksum: 0x7055 [correct]
    [SEQ/ACK analysis]

No.     Time        Source                Destination           Protocol Info
      4 0.052137    172.21.173.207        72.14.253.104         HTTP     GET / HTTP/1.1

Frame 4 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 739
    Identification: 0xd74d (55117)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x816b [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 700    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0xa9b5 [correct]
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      5 2.980882    172.21.173.207        72.14.253.104         HTTP     [TCP Retransmission] GET / HTTP/1.1

Frame 5 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 739
    Identification: 0xd766 (55142)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x8152 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 700    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0xa9b5 [correct]
    [SEQ/ACK analysis]
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      6 8.989518    172.21.173.207        72.14.253.104         HTTP     [TCP Retransmission] GET / HTTP/1.1

Frame 6 (753 bytes on wire, 753 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 739
    Identification: 0xd798 (55192)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x8120 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 1, Ack: 1, Len: 699
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 700    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0xa9b5 [correct]
    [SEQ/ACK analysis]
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Info
      7 10.098576   72.14.253.104         172.21.173.207        TCP      http > fjmpss [FIN, ACK] Seq=1 Ack=1 Win=5720 Len=0

Frame 7 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xa944 (43332)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 48
    Protocol: TCP (0x06)
    Header checksum: 0x4230 [correct]
    Source: 72.14.253.104 (72.14.253.104)
    Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 1, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: fjmpss (2509)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x11 (FIN, ACK)
    Window size: 5720
    Checksum: 0x59fc [correct]

No.     Time        Source                Destination           Protocol Info
      8 10.098657   172.21.173.207        72.14.253.104         TCP      fjmpss > http [ACK] Seq=700 Ack=2 Win=65535 Len=0

Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xd7a1 (55201)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x83d2 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 700    (relative sequence number)
    Acknowledgement number: 2    (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
    Window size: 65535
    Checksum: 0x6d99 [correct]
    [SEQ/ACK analysis]

No.     Time        Source                Destination           Protocol Info
      9 10.099079   172.21.173.207        72.14.253.104         TCP      fjmpss > http [FIN, ACK] Seq=700 Ack=2 Win=65535 Len=0

Frame 9 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.104 (72.14.253.104)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xd7a6 (55206)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x83cd [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.104 (72.14.253.104)
Transmission Control Protocol, Src Port: fjmpss (2509), Dst Port: http (80), Seq: 700, Ack: 2, Len: 0
    Source port: fjmpss (2509)
    Destination port: http (80)
    Sequence number: 700    (relative sequence number)
    Acknowledgement number: 2    (relative ack number)
    Header length: 20 bytes
    Flags: 0x11 (FIN, ACK)
    Window size: 65535
    Checksum: 0x6d98 [correct]

No.     Time        Source                Destination           Protocol Info
     10 10.149640   72.14.253.104         172.21.173.207        TCP      http > fjmpss [RST] Seq=2 Win=0 Len=0

Frame 10 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_d4:10:80 (00:13:1a:d4:10:80), Dst: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f)
Internet Protocol, Src: 72.14.253.104 (72.14.253.104), Dst: 172.21.173.207 (172.21.173.207)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xa946 (43334)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 48
    Protocol: TCP (0x06)
    Header checksum: 0x422e [correct]
    Source: 72.14.253.104 (72.14.253.104)
    Destination: 172.21.173.207 (172.21.173.207)
Transmission Control Protocol, Src Port: http (80), Dst Port: fjmpss (2509), Seq: 2, Len: 0
    Source port: http (80)
    Destination port: fjmpss (2509)
    Sequence number: 2    (relative sequence number)
    Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set
    Header length: 20 bytes
    Flags: 0x04 (RST)
    Window size: 0
    Checksum: 0xf62a [correct]

No.     Time        Source                Destination           Protocol Info
     11 24.411687   172.21.173.207        72.14.253.147         HTTP     GET /firefox?client=firefox-a&rls=org.mozilla:en-US:official HTTP/1.1

Frame 11 (677 bytes on wire, 677 bytes captured)
Ethernet II, Src: DellPcba_b2:2e:3f (00:0d:56:b2:2e:3f), Dst: Cisco_d4:10:80 (00:13:1a:d4:10:80)
Internet Protocol, Src: 172.21.173.207 (172.21.173.207), Dst: 72.14.253.147 (72.14.253.147)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 663
    Identification: 0xd821 (55329)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x80b8 [correct]
    Source: 172.21.173.207 (172.21.173.207)
    Destination: 72.14.253.147 (72.14.253.147)
Transmission Control Protocol, Src Port: jbroker (2506), Dst Port: http (80), Seq: 1, Ack: 1, Len: 623
    Source port: jbroker (2506)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 624    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x19 (FIN, PSH, ACK)
    Window size: 65535
    Checksum: 0x857b [correct]
Hypertext Transfer Protocol
greenbeanx81Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian UtterbackPrinciple Software EngineerCommented:
It looks to me like the packets with a TCP data length greater than 0 are being dropped. The web server is waiting
for the request but never sees it. After 10 seconds, it times out and closes the connection. The reset is just because
by the time the FIN,ACK is sent from the client, the web server has forgotten about the client and responds with a
reset, which just means that a packet arrived for a connection it does not currently have.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rsivanandanCommented:
How about posting the pix config here?

Cheers,
Rajesh
0
greenbeanx81Author Commented:
Thank you. WE actually traced the problem to Websense somehow causing this issue. After disabling it on the PIX is fine.
0
myron-szyCommented:
What was the fix?
0
DD-OperationsCommented:
Please provide the fix... :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Broadband

From novice to tech pro — start learning today.