Wireshark-users: Re: [Wireshark-users] TCP retransmit, HTTP and web page not loading

From: Steve Bertrand <steve@xxxxxxxxxx>
Date: Wed, 25 Jun 2008 14:22:13 -0400
Sake Blok wrote:

In this trace, the dst mac is: Fortinet_10:67:9c (00:09:0f:10:67:9c)
In the other trace the src mac is: Fortinet_04:82:d4 (00:09:0f:04:82:d4)

Usually the mac addresses of devices are within a short range from
each other. This makes me believe your PC is behind a different
fortinet-device as where the fibre link connects to. Is that true?

That is true. It's simply co-incidence that my office LAN is behind a
Fortigate device, and the client has their own Fortigate device.

How do the fortinet devices, CPE routers and L2 switches all connect
to each other?

Unnecessary cruft left out for brevity:

	'net
	|
	|
--- edge rtr ----- office sw ---- office fortigate ---- me
|
|
vlan sw (COE)
|
|
PUC
|
|
client vlan sw
|
|
client fortigate
|
|
client workstation

I believe I now know where the problem is. I think that there is a hop
within one of our transit networks that is not replying with proper ICMP
type 3 code 4 messages.

tcptraceroute will tell me that very shortly.

Thanks,

Steve