![]() ![]() Destination unreachable (Fragmentation needed). ![]() Thank goodness for the SharkTap! Here's what I saw on the 'other side' which helped me crack this case: The place that seemed to cause the most problems most consistently involves the certificate passing piece of TLS negotiation.Įventually I was able to get a packet capture from the specialized network appliance on the other side of the connection. Previously in the packet trace I can see that the TCP 3-way handshake succeeded (and succeeds EVERY time a connection attempt was made). The above traffic is filtered to a window that shows the error state. Appliances that lack a native ability to capture traffic / PCAP files contributes to less direct troubleshooting paths.įor reference, here is an image that shows the type of traffic I was seeing on a system attempting to initiate a secure session: This issue took longer to troubleshoot than I would have liked due to the specialized nature of endpoints involved. The core problem was an MTU mis-match between our gigabit network and our 100-megabit VPN tunnel. I performed a comprehensive analysis of our networking infrastructure and router configurations and captured PCAP files to gather enough data to root cause the problem. Some machines were unable to communicate at all while other machines could occasionally and sporadically establish a connection that would fail at inopportune times. ![]() We had a mysterious issue in our network that caused certain SSH sessions and HTTPS/TLS sessions to fail intermittently.
0 Comments
Leave a Reply. |