Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problem with some client in Site To Site MERAKI VPN

Luca_
Conversationalist
‎Apr 23 2021 1:37 AM
‎Apr 23 2021 1:37 AM

Problem with some client in Site To Site MERAKI VPN

Hello,

I have two offices with mx each one (MX67) connected with Meraki Site To Site VPN.

From the main office i tried to connect from my pc (192.168.5.20) with rdp or VNC to a pc (172.16.15.201) in the secondary office but not work (ping work)

 

In some case if I change ip on the secondary PC (for example 172.16.15.203) rdp star to work.

 

I have this problem also if i tried to connect to some pc in main office from some Client VPN, also in this case if i change ip of local pc RDP start to work.

 

I already checked ip and there aren't duplicate ip.

 

This is an example of packet capture from Meraki Dashboard. Any idea? i have the same problem with http and other protocols too also with firewall ad antivirus disable on all pc.

 

Thanks

 

 

--- Start Of Stream ---
06:06:30.997943 IP (tos 0x0, ttl 126, id 40367, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [S], cksum 0xaa64 (correct), seq 2293793326, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
06:06:30.998325 IP (tos 0x0, ttl 128, id 3427, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.64295: Flags [S.], cksum 0x58b5 (correct), seq 3598079432, ack 2293793327, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
06:06:31.000960 IP (tos 0x0, ttl 126, id 40368, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [R], cksum 0xb7c6 (correct), seq 3835316595, win 0, length 0
06:06:32.013341 IP (tos 0x0, ttl 126, id 40369, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [S], cksum 0x55fe (correct), seq 1389235327, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
06:06:32.013968 IP (tos 0x0, ttl 128, id 3428, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.64295: Flags [S.], cksum 0x58b5 (correct), seq 3598079432, ack 2293793327, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
06:06:32.016784 IP (tos 0x0, ttl 126, id 40370, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [R], cksum 0x6360 (correct), seq 2930758596, win 0, length 0
06:06:34.033704 IP (tos 0x0, ttl 126, id 40371, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [S], cksum 0x71b4 (correct), seq 2682233783, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
06:06:34.034340 IP (tos 0x0, ttl 128, id 3429, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.64295: Flags [S.], cksum 0x58b5 (correct), seq 3598079432, ack 2293793327, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0there aren't duplicate ips
06:06:34.038709 IP (tos 0x0, ttl 126, id 40372, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [R], cksum 0x7f16 (correct), seq 4223757052, win 0, length 0
06:06:37.047169 IP (tos 0x0, ttl 128, id 3430, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.64295: Flags [S.], cksum 0x58b5 (correct), seq 3598079432, ack 2293793327, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
06:06:38.046921 IP (tos 0x0, ttl 126, id 40374, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [S], cksum 0x9798 (correct), seq 2635628698, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
06:06:38.048530 IP (tos 0x0, ttl 128, id 3431, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.64295: Flags [S.], cksum 0x58b5 (correct), seq 3598079432, ack 2293793327, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
06:06:38.051216 IP (tos 0x0, ttl 126, id 40375, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [R], cksum 0xa4fa (correct), seq 4177151967, win 0, length 0
06:06:44.066784 IP (tos 0x0, ttl 128, id 3432, offset 0, flags [DF], proto TCP (6), length 48)
172.16.15.201.3389 > 192.168.5.20.64295: Flags [S.], cksum 0x6cc4 (correct), seq 3598079432, ack 2293793327, win 8192, options [mss 1460,nop,nop,sackOK], length 0
06:06:46.048302 IP (tos 0x0, ttl 126, id 40377, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [S], cksum 0xf1ff (correct), seq 2853509430, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
06:06:46.048862 IP (tos 0x0, ttl 128, id 3433, offset 0, flags [DF], proto TCP (6), length 48)
172.16.15.201.3389 > 192.168.5.20.64295: Flags [S.], cksum 0x6cc4 (correct), seq 3598079432, ack 2293793327, win 8192, options [mss 1460,nop,nop,sackOK], length 0
06:06:46.051289 IP (tos 0x0, ttl 126, id 40378, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.64295 > 172.16.15.201.3389: Flags [R], cksum 0xff62 (correct), seq 100065403, win 0, length 0
--- End Of Stream ---

 

0 Kudos
Subscribe
3 Replies 3
Bruce
Kind of a big deal
‎Apr 23 2021 4:53 AM
‎Apr 23 2021 4:53 AM

Based on the output it looks like you took the packet capture on the MX at the secondary office, but it really doesn’t show anything other than the SYN, SYN-ACK, and then your machine sends a RESET.  

 

The RDP server seems to keep sending a packet with the same sequence number and acknowledgement to the first packet over and over, which makes me think the SYN-ACK is never making it back to your PC (so it’s never being ACKed - which makes sense as it’s not in the capture). Is there anything else between your PC and the MX in head office, anything in the head office event logs in the Dashboard?

 

Are you able to do the packet capture on the MX at head office?

Subscribe
In response to Bruce
Luca_
Conversationalist
‎Apr 23 2021 6:00 AM
‎Apr 23 2021 6:00 AM

Hello Bruce,
i took some log from the head office MX, i got 2 different outcomes with 2 different computer the first one (192.168.5.27) connected immediately (without any kind of retry) to the remote client (172.16..15.201), the second one (192.168.5.20) didn't connect at all.  If i change IP on the remote client in 172.16.15.203 seems to work.

 

We have this issues with others PC in this network

 

Here are the logs of those tries:

--- Start Of Stream --- 192.168.5.20 NOT WORKING
tcpdump: listening on all_lan_sniff, link-type EN10MB (Ethernet), capture size 262144 bytes
12:30:23.276719 IP (tos 0x0, ttl 127, id 13134, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [S], cksum 0xe2cc (correct), seq 3173788155, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
12:30:23.278102 IP (tos 0x0, ttl 127, id 8242, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.59006: Flags [S.], cksum 0x66e4 (correct), seq 2979046699, ack 3173788156, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0
12:30:23.285722 IP (tos 0x0, ttl 127, id 13135, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [R], cksum 0x3448 (correct), seq 3922853922, win 0, length 0
12:30:24.280069 IP (tos 0x0, ttl 127, id 13136, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [S], cksum 0x5777 (correct), seq 3530924039, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
12:30:24.281285 IP (tos 0x0, ttl 127, id 8248, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.59006: Flags [S.], cksum 0x66e4 (correct), seq 2979046699, ack 3173788156, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0
12:30:24.290056 IP (tos 0x0, ttl 127, id 13137, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [R], cksum 0xa8f2 (correct), seq 4279989806, win 0, length 0
12:30:26.286766 IP (tos 0x0, ttl 127, id 13138, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [S], cksum 0x7c8d (correct), seq 2745674175, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
12:30:26.287929 IP (tos 0x0, ttl 127, id 8301, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.59006: Flags [S.], cksum 0x66e4 (correct), seq 2979046699, ack 3173788156, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0
12:30:26.292301 IP (tos 0x0, ttl 127, id 13139, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [R], cksum 0xce08 (correct), seq 3494739942, win 0, length 0
12:30:29.296200 IP (tos 0x0, ttl 127, id 8327, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.59006: Flags [S.], cksum 0x66e4 (correct), seq 2979046699, ack 3173788156, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0
12:30:30.299681 IP (tos 0x0, ttl 127, id 13141, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [S], cksum 0x60f4 (correct), seq 3799615110, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
12:30:30.300978 IP (tos 0x0, ttl 127, id 8332, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.201.3389 > 192.168.5.20.59006: Flags [S.], cksum 0x66e4 (correct), seq 2979046699, ack 3173788156, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0
12:30:30.305149 IP (tos 0x0, ttl 127, id 13142, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [R], cksum 0xb270 (correct), seq 253713581, win 0, length 0
12:30:36.316398 IP (tos 0x0, ttl 127, id 8334, offset 0, flags [DF], proto TCP (6), length 48)
172.16.15.201.3389 > 192.168.5.20.59006: Flags [S.], cksum 0x7af3 (correct), seq 2979046699, ack 3173788156, win 8192, options [mss 1392,nop,nop,sackOK], length 0
12:30:38.309351 IP (tos 0x0, ttl 127, id 13144, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [S], cksum 0x45e8 (correct), seq 3675564279, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
12:30:38.310579 IP (tos 0x0, ttl 127, id 8335, offset 0, flags [DF], proto TCP (6), length 48)
172.16.15.201.3389 > 192.168.5.20.59006: Flags [S.], cksum 0x7af3 (correct), seq 2979046699, ack 3173788156, win 8192, options [mss 1392,nop,nop,sackOK], length 0
12:30:38.313580 IP (tos 0x0, ttl 127, id 13145, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.20.59006 > 172.16.15.201.3389: Flags [R], cksum 0x9764 (correct), seq 129662750, win 0, length 0
--- End Of Stream ---

 

 

 

 

--- Start Of Stream --- 192.168..5.27 WORKING
tcpdump: listening on all_lan_sniff, link-type EN10MB (Ethernet), capture size 262144 bytes
12:26:10.857566 IP (tos 0x0, ttl 126, id 56897, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.27.59223 > 172.16.15.203.3389: Flags [S], cksum 0x619f (correct), seq 3660451375, win 64240, options [mss 1408,nop,wscale 8,nop,nop,sackOK], length 0
12:26:10.859019 IP (tos 0x0, ttl 127, id 5102, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.203.3389 > 192.168.5.27.59223: Flags [S.], cksum 0x77e3 (correct), seq 3983398717, ack 3660451376, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0
12:26:10.863644 IP (tos 0x0, ttl 126, id 56898, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59223 > 172.16.15.203.3389: Flags [.], cksum 0xd66e (correct), ack 1, win 516, length 0
12:26:10.865220 IP (tos 0x0, ttl 126, id 56899, offset 0, flags [DF], proto TCP (6), length 87)
192.168.5.27.59223 > 172.16.15.203.3389: Flags [P.], cksum 0xcc1d (correct), seq 1:48, ack 1, win 516, length 47
12:26:10.866532 IP (tos 0x0, ttl 127, id 5103, offset 0, flags [DF], proto TCP (6), length 40)
172.16.15.203.3389 > 192.168.5.27.59223: Flags [.], cksum 0xd73e (correct), ack 48, win 261, length 0
12:26:10.866675 IP (tos 0x0, ttl 127, id 5104, offset 0, flags [DF], proto TCP (6), length 59)
172.16.15.203.3389 > 192.168.5.27.59223: Flags [P.], cksum 0xaa00 (correct), seq 1:20, ack 48, win 261, length 19
12:26:10.879802 IP (tos 0x0, ttl 126, id 56900, offset 0, flags [DF], proto TCP (6), length 223)
192.168.5.27.59223 > 172.16.15.203.3389: Flags [P.], cksum 0x680c (correct), seq 48:231, ack 20, win 516, length 183
12:26:10.882976 IP (tos 0x0, ttl 127, id 5105, offset 0, flags [DF], proto TCP (6), length 1225)
172.16.15.203.3389 > 192.168.5.27.59223: Flags [P.], cksum 0x846a (correct), seq 20:1205, ack 231, win 260, length 1185
12:26:10.890172 IP (tos 0x0, ttl 126, id 56901, offset 0, flags [DF], proto TCP (6), length 222)
192.168.5.27.59223 > 172.16.15.203.3389: Flags [P.], cksum 0x006a (correct), seq 231:413, ack 1205, win 511, length 182
12:26:10.892613 IP (tos 0x0, ttl 127, id 5106, offset 0, flags [DF], proto TCP (6), length 147)
172.16.15.203.3389 > 192.168.5.27.59223: Flags [P.], cksum 0xb1b3 (correct), seq 1205:1312, ack 413, win 259, length 107
12:26:10.898666 IP (tos 0x0, ttl 126, id 56902, offset 0, flags [DF], proto TCP (6), length 173)
192.168.5.27.59223 > 172.16.15.203.3389: Flags [P.], cksum 0xa649 (correct), seq 413:546, ack 1312, win 511, length 133
12:26:10.907659 IP (tos 0x0, ttl 127, id 5108, offset 0, flags [DF], proto TCP (6), length 349)
172.16.15.203.3389 > 192.168.5.27.59223: Flags [P.], cksum 0xaaaa (correct), seq 1312:1621, ack 546, win 259, length 309
12:26:10.916128 IP (tos 0x0, ttl 126, id 56903, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59223 > 172.16.15.203.3389: Flags [R.], cksum 0xcff9 (correct), seq 546, ack 1621, win 0, length 0
12:26:11.001102 IP (tos 0x0, ttl 126, id 56904, offset 0, flags [DF], proto TCP (6), length 52)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [S], cksum 0xa8ca (correct), seq 352226355, win 64240, options [mss 1408,nop,wscale 8,nop,nop,sackOK], length 0
12:26:11.002336 IP (tos 0x0, ttl 127, id 5109, offset 0, flags [DF], proto TCP (6), length 52)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [S.], cksum 0xd51d (correct), seq 2788231275, ack 352226356, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0
12:26:11.007093 IP (tos 0x0, ttl 126, id 56905, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x33a9 (correct), ack 1, win 516, length 0
12:26:11.008364 IP (tos 0x0, ttl 126, id 56906, offset 0, flags [DF], proto TCP (6), length 87)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x2962 (correct), seq 1:48, ack 1, win 516, length 47
12:26:11.010669 IP (tos 0x0, ttl 127, id 5110, offset 0, flags [DF], proto TCP (6), length 40)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x3479 (correct), ack 48, win 261, length 0
12:26:11.010963 IP (tos 0x0, ttl 127, id 5111, offset 0, flags [DF], proto TCP (6), length 59)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x073c (correct), seq 1:20, ack 48, win 261, length 19
12:26:11.017559 IP (tos 0x0, ttl 126, id 56907, offset 0, flags [DF], proto TCP (6), length 193)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x26fd (correct), seq 48:201, ack 20, win 516, length 153
12:26:11.020826 IP (tos 0x0, ttl 127, id 5112, offset 0, flags [DF], proto TCP (6), length 1225)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x9ccf (correct), seq 20:1205, ack 201, win 260, length 1185
12:26:11.027680 IP (tos 0x0, ttl 126, id 56908, offset 0, flags [DF], proto TCP (6), length 222)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x7595 (correct), seq 201:383, ack 1205, win 511, length 182
12:26:11.030437 IP (tos 0x0, ttl 127, id 5113, offset 0, flags [DF], proto TCP (6), length 147)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xb388 (correct), seq 1205:1312, ack 383, win 259, length 107
12:26:11.038367 IP (tos 0x0, ttl 126, id 56909, offset 0, flags [DF], proto TCP (6), length 621)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xf0ea (correct), seq 383:964, ack 1312, win 511, length 581
12:26:11.040383 IP (tos 0x0, ttl 127, id 5114, offset 0, flags [DF], proto TCP (6), length 237)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x2e98 (correct), seq 1312:1509, ack 964, win 257, length 197
12:26:11.044675 IP (tos 0x0, ttl 126, id 56910, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xdeee (correct), seq 964:1049, ack 1509, win 516, length 85
12:26:11.044680 IP (tos 0x0, ttl 126, id 56911, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x4ce5 (correct), seq 1049:1134, ack 1509, win 516, length 85
12:26:11.046066 IP (tos 0x0, ttl 127, id 5115, offset 0, flags [DF], proto TCP (6), length 40)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x2a5c (correct), ack 1134, win 256, length 0
12:26:11.046156 IP (tos 0x0, ttl 127, id 5116, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xc60f (correct), seq 1509:1594, ack 1134, win 256, length 85
12:26:11.050961 IP (tos 0x0, ttl 126, id 56912, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xf7e3 (correct), seq 1134:1219, ack 1594, win 516, length 85
12:26:11.052343 IP (tos 0x0, ttl 127, id 5117, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x7b62 (correct), seq 1594:1679, ack 1219, win 256, length 85
12:26:11.056637 IP (tos 0x0, ttl 126, id 56913, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x4f0b (correct), seq 1219:1304, ack 1679, win 515, length 85
12:26:11.057963 IP (tos 0x0, ttl 127, id 5118, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x27a5 (correct), seq 1679:1764, ack 1304, win 256, length 85
12:26:11.063462 IP (tos 0x0, ttl 126, id 56914, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x66d0 (correct), seq 1304:1389, ack 1764, win 515, length 85
12:26:11.064663 IP (tos 0x0, ttl 127, id 5119, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x2a69 (correct), seq 1764:1849, ack 1389, win 255, length 85
12:26:11.068800 IP (tos 0x0, ttl 126, id 56915, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xe672 (correct), seq 1389:1474, ack 1849, win 515, length 85
12:26:11.070120 IP (tos 0x0, ttl 127, id 5120, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xa1a1 (correct), seq 1849:1934, ack 1474, win 261, length 85
12:26:11.075724 IP (tos 0x0, ttl 126, id 56916, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x1f15 (correct), seq 1474:1559, ack 1934, win 514, length 85
12:26:11.077019 IP (tos 0x0, ttl 127, id 5121, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xcd71 (correct), seq 1934:2019, ack 1559, win 260, length 85
12:26:11.081668 IP (tos 0x0, ttl 126, id 56917, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xe265 (correct), seq 1559:1644, ack 2019, win 514, length 85
12:26:11.082964 IP (tos 0x0, ttl 127, id 5122, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x482f (correct), seq 2019:2104, ack 1644, win 260, length 85
12:26:11.087853 IP (tos 0x0, ttl 126, id 56918, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x9390 (correct), seq 1644:1729, ack 2104, win 514, length 85
12:26:11.089597 IP (tos 0x0, ttl 127, id 5123, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xb98c (correct), seq 2104:2189, ack 1729, win 260, length 85
12:26:11.094358 IP (tos 0x0, ttl 126, id 56919, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xe5bb (correct), seq 1729:1814, ack 2189, win 513, length 85
12:26:11.095644 IP (tos 0x0, ttl 127, id 5124, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x7804 (correct), seq 2189:2274, ack 1814, win 259, length 85
12:26:11.100704 IP (tos 0x0, ttl 126, id 56920, offset 0, flags [DF], proto TCP (6), length 125)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xbf89 (correct), seq 1814:1899, ack 2274, win 513, length 85
12:26:11.102125 IP (tos 0x0, ttl 127, id 5125, offset 0, flags [DF], proto TCP (6), length 125)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xf141 (correct), seq 2274:2359, ack 1899, win 259, length 85
12:26:11.163016 IP (tos 0x0, ttl 126, id 56921, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x230c (correct), ack 2359, win 513, length 0
12:26:11.377862 IP (tos 0x0, ttl 126, id 56922, offset 0, flags [DF], proto TCP (6), length 493)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xd2cb (correct), seq 1899:2352, ack 2359, win 513, length 453
12:26:11.380479 IP (tos 0x0, ttl 127, id 5126, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x86a5 (correct), seq 2359:2476, ack 2352, win 257, length 117
12:26:11.427204 IP (tos 0x0, ttl 126, id 56923, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x20d3 (correct), ack 2476, win 512, length 0
12:26:11.527658 IP (tos 0x0, ttl 127, id 5127, offset 0, flags [DF], proto TCP (6), length 557)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x7b18 (correct), seq 2476:2993, ack 2352, win 257, length 517
12:26:11.563455 IP (tos 0x0, ttl 126, id 56924, offset 0, flags [DF], proto TCP (6), length 733)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xbb0c (correct), seq 2352:3045, ack 2993, win 516, length 693
12:26:11.563456 IP (tos 0x0, ttl 126, id 56925, offset 0, flags [DF], proto TCP (6), length 157)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xfb88 (correct), seq 3045:3162, ack 2993, win 516, length 117
12:26:11.563457 IP (tos 0x0, ttl 126, id 56926, offset 0, flags [DF], proto TCP (6), length 157)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xbc9c (correct), seq 3162:3279, ack 2993, win 516, length 117
12:26:11.563458 IP (tos 0x0, ttl 126, id 56927, offset 0, flags [DF], proto TCP (6), length 157)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x0ebd (correct), seq 3279:3396, ack 2993, win 516, length 117
12:26:11.564615 IP (tos 0x0, ttl 126, id 56928, offset 0, flags [DF], proto TCP (6), length 157)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x49e2 (correct), seq 3396:3513, ack 2993, win 516, length 117
12:26:11.564766 IP (tos 0x0, ttl 127, id 5128, offset 0, flags [DF], proto TCP (6), length 40)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x1bb8 (correct), ack 3396, win 258, length 0
12:26:11.564909 IP (tos 0x0, ttl 127, id 5129, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x0a05 (correct), seq 2993:3110, ack 3396, win 258, length 117
12:26:11.564910 IP (tos 0x0, ttl 127, id 5130, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x3e73 (correct), seq 3110:3227, ack 3396, win 258, length 117
12:26:11.564911 IP (tos 0x0, ttl 127, id 5131, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x6bbe (correct), seq 3227:3344, ack 3396, win 258, length 117
12:26:11.565623 IP (tos 0x0, ttl 127, id 5132, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xe81b (correct), seq 3344:3461, ack 3513, win 258, length 117
12:26:11.568944 IP (tos 0x0, ttl 126, id 56929, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x186f (correct), ack 3461, win 514, length 0
12:26:11.652482 IP (tos 0x0, ttl 127, id 5133, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xfdc9 (correct), seq 3461:4853, ack 3513, win 258, length 1392
12:26:11.652486 IP (tos 0x0, ttl 127, id 5134, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x3978 (correct), seq 4853:6245, ack 3513, win 258, length 1392
12:26:11.652569 IP (tos 0x0, ttl 127, id 5135, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xc52b (correct), seq 6245:7637, ack 3513, win 258, length 1392
12:26:11.652751 IP (tos 0x0, ttl 127, id 5136, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xdf15 (correct), seq 7637:9029, ack 3513, win 258, length 1392
12:26:11.657473 IP (tos 0x0, ttl 126, id 56930, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x02ad (correct), ack 9029, win 516, length 0
12:26:11.658754 IP (tos 0x0, ttl 127, id 5138, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x0bbd (correct), seq 9029:10421, ack 3513, win 258, length 1392
12:26:11.658758 IP (tos 0x0, ttl 127, id 5139, offset 0, flags [DF], proto TCP (6), length 66)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x7a17 (correct), seq 10421:10447, ack 3513, win 258, length 26
12:26:11.662636 IP (tos 0x0, ttl 126, id 56931, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xfd22 (correct), ack 10447, win 516, length 0
12:26:11.748848 IP (tos 0x0, ttl 127, id 5140, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x9577 (correct), seq 10447:11839, ack 3513, win 258, length 1392
12:26:11.748851 IP (tos 0x0, ttl 127, id 5141, offset 0, flags [DF], proto TCP (6), length 909)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xdf02 (correct), seq 11839:12708, ack 3513, win 258, length 869
12:26:11.751514 IP (tos 0x0, ttl 126, id 56932, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xf44d (correct), ack 12708, win 516, length 0
12:26:11.857834 IP (tos 0x0, ttl 127, id 5142, offset 0, flags [DF], proto TCP (6), length 541)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xd6bc (correct), seq 12708:13209, ack 3513, win 258, length 501
12:26:11.969195 IP (tos 0x0, ttl 127, id 5143, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x8a2e (correct), seq 13209:14601, ack 3513, win 258, length 1392
12:26:11.969203 IP (tos 0x0, ttl 127, id 5144, offset 0, flags [DF], proto TCP (6), length 1261)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xf117 (correct), seq 14601:15822, ack 3513, win 258, length 1221
12:26:11.972135 IP (tos 0x0, ttl 126, id 56933, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xe823 (correct), ack 15822, win 516, length 0
12:26:12.043803 IP (tos 0x0, ttl 127, id 5145, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x79bc (correct), seq 15822:15939, ack 3513, win 258, length 117
12:26:12.047137 IP (tos 0x0, ttl 126, id 56934, offset 0, flags [DF], proto TCP (6), length 157)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x7d90 (correct), seq 3513:3630, ack 15939, win 516, length 117
12:26:12.047139 IP (tos 0x0, ttl 126, id 56935, offset 0, flags [DF], proto TCP (6), length 173)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x6211 (correct), seq 3630:3763, ack 15939, win 516, length 133
12:26:12.048144 IP (tos 0x0, ttl 127, id 5146, offset 0, flags [DF], proto TCP (6), length 40)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xe7b7 (correct), ack 3763, win 257, length 0
12:26:12.048457 IP (tos 0x0, ttl 127, id 5147, offset 0, flags [DF], proto TCP (6), length 189)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x178a (correct), seq 15939:16088, ack 3763, win 257, length 149
12:26:12.048460 IP (tos 0x0, ttl 127, id 5148, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x73ea (correct), seq 16088:16205, ack 3763, win 257, length 117
12:26:12.050754 IP (tos 0x0, ttl 126, id 56936, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xe5ab (correct), ack 16205, win 515, length 0
12:26:12.051376 IP (tos 0x0, ttl 126, id 56937, offset 0, flags [DF], proto TCP (6), length 189)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xa1b0 (correct), seq 3763:3912, ack 16205, win 515, length 149
12:26:12.076339 IP (tos 0x0, ttl 127, id 5149, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x0fa2 (correct), seq 16205:17597, ack 3912, win 256, length 1392
12:26:12.076341 IP (tos 0x0, ttl 127, id 5150, offset 0, flags [DF], proto TCP (6), length 93)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xcd81 (correct), seq 17597:17650, ack 3912, win 256, length 53
12:26:12.080292 IP (tos 0x0, ttl 126, id 56938, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xdf70 (correct), ack 17650, win 516, length 0
12:26:12.186029 IP (tos 0x0, ttl 127, id 5164, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xba19 (correct), seq 17650:19042, ack 3912, win 256, length 1392
12:26:12.186031 IP (tos 0x0, ttl 127, id 5165, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x4dd6 (correct), seq 19042:20434, ack 3912, win 256, length 1392
12:26:12.186108 IP (tos 0x0, ttl 127, id 5166, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x5870 (correct), seq 20434:21826, ack 3912, win 256, length 1392
12:26:12.186219 IP (tos 0x0, ttl 127, id 5167, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x3e1a (correct), seq 21826:23218, ack 3912, win 256, length 1392
12:26:12.186334 IP (tos 0x0, ttl 127, id 5168, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x4c11 (correct), seq 23218:24610, ack 3912, win 256, length 1392
12:26:12.186442 IP (tos 0x0, ttl 127, id 5169, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x693f (correct), seq 24610:26002, ack 3912, win 256, length 1392
12:26:12.186600 IP (tos 0x0, ttl 127, id 5170, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xcfd4 (correct), seq 26002:27394, ack 3912, win 256, length 1392
12:26:12.186723 IP (tos 0x0, ttl 127, id 5171, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xcc40 (correct), seq 27394:28786, ack 3912, win 256, length 1392
12:26:12.186724 IP (tos 0x0, ttl 127, id 5172, offset 0, flags [DF], proto TCP (6), length 477)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x505e (correct), seq 28786:29223, ack 3912, win 256, length 437
12:26:12.189040 IP (tos 0x0, ttl 126, id 56939, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xb960 (correct), ack 27394, win 516, length 0
12:26:12.189042 IP (tos 0x0, ttl 126, id 56940, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xb23b (correct), ack 29223, win 516, length 0
12:26:12.294780 IP (tos 0x0, ttl 127, id 5355, offset 0, flags [DF], proto TCP (6), length 1229)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x513b (correct), seq 29223:30412, ack 3912, win 256, length 1189
12:26:12.345706 IP (tos 0x0, ttl 126, id 56941, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xad9b (correct), ack 30412, win 511, length 0
12:26:12.394253 IP (tos 0x0, ttl 127, id 5356, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x08bb (correct), seq 30412:30529, ack 3912, win 256, length 117
12:26:12.394415 IP (tos 0x0, ttl 127, id 5357, offset 0, flags [DF], proto TCP (6), length 141)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x0172 (correct), seq 30529:30630, ack 3912, win 256, length 101
12:26:12.396994 IP (tos 0x0, ttl 126, id 56942, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xacbc (correct), ack 30630, win 516, length 0
12:26:12.425327 IP (tos 0x0, ttl 127, id 5358, offset 0, flags [DF], proto TCP (6), length 557)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xa6ed (correct), seq 30630:31147, ack 3912, win 256, length 517
12:26:12.437947 IP (tos 0x0, ttl 126, id 56943, offset 0, flags [DF], proto TCP (6), length 733)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xe13c (correct), seq 3912:4605, ack 31147, win 514, length 693
12:26:12.437949 IP (tos 0x0, ttl 126, id 56944, offset 0, flags [DF], proto TCP (6), length 157)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0xa326 (correct), seq 4605:4722, ack 31147, win 514, length 117
12:26:12.437949 IP (tos 0x0, ttl 126, id 56945, offset 0, flags [DF], proto TCP (6), length 157)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x5b64 (correct), seq 4722:4839, ack 31147, win 514, length 117
12:26:12.437950 IP (tos 0x0, ttl 126, id 56946, offset 0, flags [DF], proto TCP (6), length 157)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x4e57 (correct), seq 4839:4956, ack 31147, win 514, length 117
12:26:12.439052 IP (tos 0x0, ttl 127, id 5359, offset 0, flags [DF], proto TCP (6), length 40)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xa7a5 (correct), ack 4956, win 258, length 0
12:26:12.439189 IP (tos 0x0, ttl 127, id 5360, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x08ec (correct), seq 31147:31264, ack 4956, win 258, length 117
12:26:12.439190 IP (tos 0x0, ttl 127, id 5361, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xf6dd (correct), seq 31264:31381, ack 4956, win 258, length 117
12:26:12.439191 IP (tos 0x0, ttl 127, id 5362, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xb16d (correct), seq 31381:31498, ack 4956, win 258, length 117
12:26:12.441191 IP (tos 0x0, ttl 126, id 56947, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0xa547 (correct), ack 31498, win 513, length 0
12:26:12.442863 IP (tos 0x0, ttl 126, id 56948, offset 0, flags [DF], proto TCP (6), length 157)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x2fc4 (correct), seq 4956:5073, ack 31498, win 513, length 117
12:26:12.443727 IP (tos 0x0, ttl 127, id 5363, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x7465 (correct), seq 31498:31615, ack 5073, win 258, length 117
12:26:12.469882 IP (tos 0x0, ttl 127, id 5365, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xe560 (correct), seq 31615:33007, ack 5073, win 258, length 1392
12:26:12.470002 IP (tos 0x0, ttl 127, id 5366, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x7e26 (correct), seq 33007:34399, ack 5073, win 258, length 1392
12:26:12.470005 IP (tos 0x0, ttl 127, id 5367, offset 0, flags [DF], proto TCP (6), length 541)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xeb5c (correct), seq 34399:34900, ack 5073, win 258, length 501
12:26:12.470252 IP (tos 0x0, ttl 127, id 5368, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x3fb0 (correct), seq 34900:36292, ack 5073, win 258, length 1392
12:26:12.470367 IP (tos 0x0, ttl 127, id 5369, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x05aa (correct), seq 36292:37684, ack 5073, win 258, length 1392
12:26:12.470485 IP (tos 0x0, ttl 127, id 5370, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x5f61 (correct), seq 37684:39076, ack 5073, win 258, length 1392
12:26:12.470604 IP (tos 0x0, ttl 127, id 5371, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xd2e7 (correct), seq 39076:40468, ack 5073, win 258, length 1392
12:26:12.470729 IP (tos 0x0, ttl 127, id 5372, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x52c2 (correct), seq 40468:41860, ack 5073, win 258, length 1392
12:26:12.470736 IP (tos 0x0, ttl 127, id 5373, offset 0, flags [DF], proto TCP (6), length 141)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xad30 (correct), seq 41860:41961, ack 5073, win 258, length 101
12:26:12.473402 IP (tos 0x0, ttl 126, id 56949, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x7bf0 (correct), ack 41961, win 516, length 0
12:26:12.575725 IP (tos 0x0, ttl 127, id 5374, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x0fec (correct), seq 41961:43353, ack 5073, win 258, length 1392
12:26:12.575731 IP (tos 0x0, ttl 127, id 5375, offset 0, flags [DF], proto TCP (6), length 685)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x3380 (correct), seq 43353:43998, ack 5073, win 258, length 645
12:26:12.679721 IP (tos 0x0, ttl 126, id 56950, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x73fb (correct), ack 43998, win 516, length 0
12:26:13.365510 IP (tos 0x0, ttl 127, id 5379, offset 0, flags [DF], proto TCP (6), length 765)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x9b02 (correct), seq 43998:44723, ack 5073, win 258, length 725
12:26:13.365513 IP (tos 0x0, ttl 127, id 5380, offset 0, flags [DF], proto TCP (6), length 765)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x4d7c (correct), seq 44723:45448, ack 5073, win 258, length 725
12:26:13.365515 IP (tos 0x0, ttl 127, id 5381, offset 0, flags [DF], proto TCP (6), length 157)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x642f (correct), seq 45448:45565, ack 5073, win 258, length 117
12:26:13.368159 IP (tos 0x0, ttl 126, id 56951, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x6ddc (correct), ack 45565, win 516, length 0
12:26:13.369246 IP (tos 0x0, ttl 126, id 56952, offset 0, flags [DF], proto TCP (6), length 141)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x2a00 (correct), seq 5073:5174, ack 45565, win 516, length 101
12:26:13.376786 IP (tos 0x0, ttl 126, id 56953, offset 0, flags [DF], proto TCP (6), length 141)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [P.], cksum 0x03fc (correct), seq 5174:5275, ack 45565, win 516, length 101
12:26:13.377719 IP (tos 0x0, ttl 127, id 5382, offset 0, flags [DF], proto TCP (6), length 40)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x6e15 (correct), ack 5275, win 257, length 0
12:26:13.387839 IP (tos 0x0, ttl 127, id 5383, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xcfab (correct), seq 45565:46957, ack 5275, win 257, length 1392
12:26:13.387945 IP (tos 0x0, ttl 127, id 5384, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x72d1 (correct), seq 46957:48349, ack 5275, win 257, length 1392
12:26:13.388019 IP (tos 0x0, ttl 127, id 5385, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xb82f (correct), seq 48349:49741, ack 5275, win 257, length 1392
12:26:13.388132 IP (tos 0x0, ttl 127, id 5386, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xa68f (correct), seq 49741:51133, ack 5275, win 257, length 1392
12:26:13.388255 IP (tos 0x0, ttl 127, id 5387, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x362f (correct), seq 51133:52525, ack 5275, win 257, length 1392
12:26:13.388354 IP (tos 0x0, ttl 127, id 5388, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xa295 (correct), seq 52525:53917, ack 5275, win 257, length 1392
12:26:13.388476 IP (tos 0x0, ttl 127, id 5389, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x97b7 (correct), seq 53917:55309, ack 5275, win 257, length 1392
12:26:13.388603 IP (tos 0x0, ttl 127, id 5390, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x7a6f (correct), seq 55309:56701, ack 5275, win 257, length 1392
12:26:13.388610 IP (tos 0x0, ttl 127, id 5391, offset 0, flags [DF], proto TCP (6), length 317)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x1e65 (correct), seq 56701:56978, ack 5275, win 257, length 277
12:26:13.388720 IP (tos 0x0, ttl 127, id 5392, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x86b1 (correct), seq 56978:58370, ack 5275, win 257, length 1392
12:26:13.388785 IP (tos 0x0, ttl 127, id 5393, offset 0, flags [DF], proto TCP (6), length 925)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0x1773 (correct), seq 58370:59255, ack 5275, win 257, length 885
12:26:13.388926 IP (tos 0x0, ttl 127, id 5394, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xee40 (correct), seq 59255:60647, ack 5275, win 257, length 1392
12:26:13.389052 IP (tos 0x0, ttl 127, id 5395, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x6539 (correct), seq 60647:62039, ack 5275, win 257, length 1392
12:26:13.389057 IP (tos 0x0, ttl 127, id 5396, offset 0, flags [DF], proto TCP (6), length 237)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xd5bf (correct), seq 62039:62236, ack 5275, win 257, length 197
12:26:13.389192 IP (tos 0x0, ttl 127, id 5397, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0xb9e3 (correct), seq 62236:63628, ack 5275, win 257, length 1392
12:26:13.389310 IP (tos 0x0, ttl 127, id 5398, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x330f (correct), seq 63628:65020, ack 5275, win 257, length 1392
12:26:13.389313 IP (tos 0x0, ttl 127, id 5399, offset 0, flags [DF], proto TCP (6), length 285)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xc1ee (correct), seq 65020:65265, ack 5275, win 257, length 245
12:26:13.389444 IP (tos 0x0, ttl 127, id 5400, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x4363 (correct), seq 65265:66657, ack 5275, win 257, length 1392
12:26:13.389570 IP (tos 0x0, ttl 127, id 5401, offset 0, flags [DF], proto TCP (6), length 1432)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [.], cksum 0x425f (correct), seq 66657:68049, ack 5275, win 257, length 1392
12:26:13.389572 IP (tos 0x0, ttl 127, id 5402, offset 0, flags [DF], proto TCP (6), length 173)
172.16.15.203.3389 > 192.168.5.27.59224: Flags [P.], cksum 0xaf3b (correct), seq 68049:68182, ack 5275, win 257, length 133
12:26:13.390724 IP (tos 0x0, ttl 126, id 56954, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x5752 (correct), ack 51133, win 516, length 0
12:26:13.394283 IP (tos 0x0, ttl 126, id 56955, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x3798 (correct), ack 59255, win 516, length 0
12:26:13.394284 IP (tos 0x0, ttl 126, id 56956, offset 0, flags [DF], proto TCP (6), length 40)
192.168.5.27.59224 > 172.16.15.203.3389: Flags [.], cksum 0x14b9 (correct), ack 68182, win 516, length 0
--- End Of Stream ---

0 Kudos
Subscribe
In response to Luca_
Bruce
Kind of a big deal
‎Apr 24 2021 12:38 AM
‎Apr 24 2021 12:38 AM

Okay, I don’t know what is wrong, bit there a couple of points that need clarification. The two differences I see between .5.20 and .5.27 are that .5.20 is showing a mss of 1380, and a ttl of 127, whereas as .5.27 is showing a mss of 1408 and a ttl of 126.

 

To me this starts to suggest that there is a problem with the path MTU since every IP packet also seems to have the don’t fragment flags set. Has someone made any manual registry entires to .5.20 regarding mss size? Or is ICMP being blocked somewhere in the network?

 

The difference in ttl seems to suggest that traffic from .5.27 is hitting another Layer 3 device before it’s getting to the MX as it’s being decremented one more than the .5.20 device - what would this device be? (Unless of course someone has changed the default ttl, which I find unlikely).

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.