[Hansang Bae <for_list_hbae@xxxxxxxxxx>]

On 6/28/2010 6:03 AM, Chris Hodgson wrote:

Thanks, I am hoping to capture traffic on the firewall level where is suspect the problem is.

 

To confirm the log on page does not appear, as in stays completely blank and the timer continues indicating it is loading- but never does.

 

I’m also seeing problems with other protocols; SNMP is intermittent to the NMS and ssh sessions to the device often drop. I notice the exact packet when it dropped and wireshark revealed ‘TCP previous segment lost’

 

I’m not sure how to identify a too large MTU, would this be configured on the interface on the firewall or connecting switch?

You have to rule out that the FW's tcpdump/snoop etc is not the culprit of the "packet loss."  In fact,  my sharkfest presentations dealt with these "fake packet loss" situations.  I'm a bit late on getting the presentation up there (Sorry!), but expect to get it done this weekend.

If the packet loss is real, and multiple streams are failing, then it's most likely due to packet loss.  If you can upload a snippet of the conversation (use editcap to upload the header:  editcap -s 64 origfile.pcap newfile.pcap), we can help you identify if these packet loss are real or not.

As to your SSL problem, it's possible that you're using IE6 (lots of SSL issues there) so try using Firefox.  If that's not an option, the troubleshooting gets a little more complicated.  Things to look out for are cookie/session changes, ssl timing out etc.  But these types of troubleshooting require some knowledge of ssl/http and packet analysis.  You have to be somewhat experienced to troubleshoot this type of a problem.