After you get familiar with using protocol analysis tools like Network Monitor or Wireshark, you’ll get to the most important stage in network trace analysis: How can I comment on packets sent or received in a network trace? Was it normal to see that packet being sent or received? What packet should I have seen…
Year: 2012
Network trace analysis tricks II – How can I focus on a certain packet range in a network trace?
In the second post of “network analysis tricks” series, I’ll explain how to focus on a certain range of packets in a network trace. When I ask for a network trace from a customer, I almost always ask for ICMP markers before and after reproducing the problem. You can see an example action plan…
Network trace analysis tricks I – How can I see all TCP connection attempts in a network trace?
In the “network analysis tricks” series of posts, I’ll try to explain some techniques that I use when analyzing network traces. In this first post, I would like to explain how I find all TCP connection attempts in a network trace. To see all TCP connection attempts in a network trace, you can…
Network traffic capturing hints
In this post, I would like to talk about some important points about network capturing. If a network trace is not collected appropriately, it won’t provide any useful information and it will be a waste of time analyzing such a network trace. Additionally, just collecting the network trace isn’t sufficient if you intend to…
When do we need to collect network traces?
Many Microsoft support engineers dealing with customer technical issues ask for network traces to further troubleshoot and isolate a given problem. In this post I wanted to give you an idea about when we generally ask for a network trace so that you might want to take a similar approach for similar problems. May…
HTTPS access through TMG fails from a certain VLAN with a very unusual error: FWX_E_SEQ_ACK_MISMATCH
In this blog post, I’ll be talking about an interesting problem that I dealt with recently. The problem was that clients running in a certain VLAN were not able to establish HTTPS connections through TMG server. Due to the nature of the network, the clients should be configured as SecureNet clients (my customer cannot configure…
Outlook anywhere (RPC over HTTPS) access to Exchange 2010 server via TMG 2010 fails after some time
In this blog post, I’ll be discussing an Exchange 2010 publishing on TMG 2010 issue. The problem was that after sometime Outlook clients were failing to access to Exchange 2010 server via RPC over HTTPS. There may be many different reasons for Exchange publishing problems, but in this case everything seemed green in the…
Getting HTTP 500 Internal server error when accessing a published web site through ISA 2004
In this post, I’ll be talking about a web publishing problem and how I dealt with it. The problem was that external clients were failing to access an internal Web server published on ISA 2004 server with HTTP 500 internal error. As usual, I asked the following logs from our customer when reproducing the problem:…
Outlook MAPI connection to Exchange 2010 CAS fails through UAG 2010 direct access tunnel
In a recent case, I dealt with an Outlook MAPI connection failure problem through direct access tunnel (configured with UAG 2010) and I’ll be talking about how I troubleshooted this issue in this post. The problem was reported as Outlook 2010 clients were failing to access Exchange 2010 servers that run behind a UAG 2010…
PDF file corrupted when downloaded through TMG server
Recently I dealt with a problem where PDF file downloaded from a certain external web site was always corrupted and I would like to talk about how I troubleshooted that problem. The client was connected to internet through a four node TMG 2010/SP2 array. We decided to collect the following logs to better understand why…