Drops in packet capture

Reply
Highlighted
L4 Transporter

Drops in packet capture

Hello Team,

 

I have a question regarding drops during the packet capture.

 

What is the packet drop means - Firewall dropping any packet or firewall detect drops packet.?

 

Once i performed the packet capture at the same time i have run the command global counter but i didn't get any drop in counter.

 

So could you please let me know what is the meaning of this.

 

Regards,

Jafar Hussain

 

 

 

 

Highlighted
L7 Applicator

The drop stage captures packets that the firewall discards

This could be through policy action, threat detection, or packet malformation

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Highlighted
L4 Transporter

@reaper 

Thank you for your reply.

 

I have configured a VPN tunnel Site A and site B.My client is in site A and the server belongs from Site B.

 

 - In the security policy allowed traffic any with specific IP addresses b/w client and server.

 - Once i copied any big file from Server to client i am getting drops packet in a packet capture.

 - I have checked the files are copied through NBSS and SMB2 protocol.

 - When i checked the drops packet in Wireshark, i can see multiple packets TCP retransmissions from server-side and 2 packets also from server side with error: - Notify Response, Error: STATUS_NOTIFY_CLEANUP.

 - My concern is why the firewall is drop packets.

 

Note: - Files are copied successfully but it takes a too long time.

 

Please suggest.

 

 

 

Highlighted
L7 Applicator

Global counters should help with this

It sounds like there may be packets sent out of order or out of window that the firewall is discarding

 

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Highlighted
L4 Transporter

@reaperThanks you for your quick response.

 

While packet capture I have run the global counter but I didn't get any drops.

 

What steps i need to do for fix this issue. is this a firewall issue?

Highlighted
L7 Applicator

@Jafar_Hussainwhich counters did you see?

 

It sounds like a network issue you may be able to workaround by relaxing the firewalls tolerance if you are unable to address the network latency

 

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
L4 Transporter

@reaper 

I have seen show counter global filter packet-filter yes delta yes.

but didn't get any drops.

I am not getting this point workaround by relaxing the firewalls tolerance could you please brief.

 

Highlighted
L7 Applicator

@Jafar_Hussain  there are several settings that can be set to be less strict (timers, out of window/order packets,...) So network problems are allowed to happen rather than prevented. We'll need to find the global counters you do see to properly advise what to try. Please share the global counters seen

 

 

 

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Highlighted
L4 Transporter

@reaper 

Below is the result of counter command:-

Jafar_Hussain_0-1590229149894.png

 

I want to know only is there any issue with the firewall setting? because i have allowed all traffic b/w client and server.

or the traffic is going via a tunnel it may be cause this issue?

Highlighted
L7 Applicator

Please post the global counters without the drop filter

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!