First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Need to find out why there is a disconnection

  • retag add tags

working from home now, connect to company vpn network but there is a disconnection in a gap of ~20 min. Log a case to technical but there said probably local issues.( laptop, internet line) perform ping to 3 destination just to capture as evidence. and i perform PCAP. i need to know from PCAP, what trigger the disconnection is it possible ? what filter should I specifically input. Please help me.

flubet's avatar
1
flubet
asked 2021-08-13 05:03:11 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

It is a corporate VPN connection or encrypted tunnel when connected from home. You can try this when the VPN is down.

  1. Start a Wireshark capture
  2. Start VPN connection
  3. Stop Wireshark capture
  4. Analyze the capture to determine if it is a routing or VPN issue. If you need assistance interpreting the results, post your results to this forum.
BigFatCat's avatar
31
BigFatCat
answered 2021-08-13 11:21:34 +0000
edit flag offensive 0 remove flag delete link
more

Comments

yes I do need an assistance. Unfortunately I'm not able to attach file due to low on point. I need to know, leading up to the disconnection what trigger the disconnection or any hint as to why.

9/8/2021
Disconnect Time 5:19 PM Reconnect Time 5:24 PM

flubet's avatar flubet (2021-08-15 03:17:58 +0000) edit
more
  • delete

Hi, Option A

  1. Sanitize the file with tracewrangler.
  2. Don't perform this step unless you are successful with sanitizing the file. Upload to a drop box and post the link to the forum.

Option B From your comments, VPN established and then dropped after 5 minutes.
1. Can you figure out if the connection was TCP or UDP? 2. If it was TCP, what Wireshark TCP options are enabled? Wireshark is great for analyzing TCP.

Option C Ask a friend or peer that has experience with analyzing pcap files.

BigFatCat's avatar BigFatCat (2021-08-15 09:38:08 +0000) edit
more
  • delete

Note to all, this isn't a forum, it's a Q & A site, so only post "Answers" that are actual answers, all other comments and hints should be posted as comments to either the question or an answer.

grahamb's avatar grahamb (2021-08-15 13:05:36 +0000) edit
more
  • delete

The VPN itself is connected but the is lost of connectivity to the destination. Perform ping to 3 destination just to make sure and to get the timestamp. Probably not the VPN itself but maybe the local machine don't see any disconnection.

We are using a cloud base VPN and have several node. Only this one node if selected will not having the disconnection

flubet's avatar flubet (2021-08-17 02:22:19 +0000) edit
more
  • delete

A brief summary of your first paragraph. The "VPN itself is connected", but pings are good to the VPN server. When the "VPN itself is connected", is the VPN status from the client computer screen?

I am going to assume that the VPN is using TCP. In Wireshark, make sure the TCP option "Analyze TCP sequence numbers" is enabled. Look at the Wireshark analysis (square brackets [ ]) in the Wireshark INFO column. TCP DUP-ACKs, retransmission, previous segment not capture, or out-of-order will create VPN connection problems.

BigFatCat's avatar BigFatCat (2021-08-18 09:35:52 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer