Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense reporting asynchronous routing and blocking

    Scheduled Pinned Locked Moved Firewalling
    14 Posts 2 Posters 1.3k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kiokomanK Offline
      kiokoman LAYER 8
      last edited by

      fragmentation maybe?
      did you try to set Firewall Optimization Options (under Advanced > Firewall/NAT) to conservative ?
      packet capture / tcpdump/ wireshark would be helpful

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 0
      • G Offline
        ganderson
        last edited by

        Yeah, I've changed it to conservative and even tried changing the state type on the two specific firewall rules to sloppy. I can do a packet capture on the .249 PFSense "IPSec" interface, but whats odd to me is that it traverses the LAN interface successfully and then blocks when it tries to leave the "IPSec" interface

        1 Reply Last reply Reply Quote 0
        • G Offline
          ganderson
          last edited by

          Packet capture follows, just limited to traffic referencing 192.168.100.49 during an attempt to access port 22 and port 443

          16:57:21.946095 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60425 > 192.168.101.252.22: tcp 0
          16:57:21.946265 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.22 > 192.168.100.49.60425: tcp 0
          16:57:22.952592 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60425 > 192.168.101.252.22: tcp 0
          16:57:23.953929 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60425 > 192.168.101.252.22: tcp 0
          16:57:24.959019 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60425 > 192.168.101.252.22: tcp 0
          16:57:25.967803 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60425 > 192.168.101.252.22: tcp 0
          16:57:26.972505 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60425 > 192.168.101.252.22: tcp 0
          16:57:29.012658 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60425 > 192.168.101.252.22: tcp 0
          16:57:33.098200 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60425 > 192.168.101.252.22: tcp 0
          16:57:39.238429 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 0
          16:57:39.238616 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.251019 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 0
          16:57:40.251192 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.255340 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 0
          16:57:40.317380 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 190
          16:57:40.317529 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.318554 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 606
          16:57:40.322681 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 0
          16:57:40.349119 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 75
          16:57:40.349947 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.361811 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 6
          16:57:40.361926 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.389024 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 45
          16:57:40.389147 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.389299 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 51
          16:57:40.393282 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 0
          16:57:40.399302 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 206
          16:57:40.399415 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.399654 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 329
          16:57:40.399686 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.403679 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 0
          16:57:40.403694 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 0
          16:57:40.405966 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 31
          16:57:40.406049 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.407596 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60442 > 192.168.101.252.443: tcp 0
          16:57:40.407710 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60442: tcp 0
          16:57:40.414336 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 0
          16:57:40.414488 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.243030 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60425 > 192.168.101.252.22: tcp 0
          16:57:41.443831 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 0
          16:57:41.443952 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.448196 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 0
          16:57:41.452137 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 190
          16:57:41.452254 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.453266 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 607
          16:57:41.457303 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 0
          16:57:41.462602 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 75
          16:57:41.463420 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.467656 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 6
          16:57:41.467773 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.467965 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 45
          16:57:41.468087 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.468265 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 51
          16:57:41.472209 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 0
          16:57:41.473630 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 249
          16:57:41.473744 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.474004 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 329
          16:57:41.474031 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.478166 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 0
          16:57:41.478180 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 0
          16:57:41.478739 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 31
          16:57:41.478750 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60444 > 192.168.101.252.443: tcp 0
          16:57:41.478819 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.478889 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60444: tcp 0
          16:57:41.479345 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 0
          16:57:41.479478 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.508756 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 0
          16:57:42.508924 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.512933 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 0
          16:57:42.515433 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 190
          16:57:42.515548 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.516567 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 606
          16:57:42.520596 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 0
          16:57:42.524682 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 75
          16:57:42.525483 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.526753 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 6
          16:57:42.526869 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.526885 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 45
          16:57:42.527004 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.527179 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 51
          16:57:42.531174 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 0
          16:57:42.532588 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 275
          16:57:42.532703 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.533025 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 352
          16:57:42.537029 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 0
          16:57:42.545859 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 327
          16:57:42.545973 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.546235 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 216
          16:57:42.550350 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 0
          16:57:42.551611 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 288
          16:57:42.551725 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.552100 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 1053
          16:57:42.552150 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 153
          16:57:42.556295 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 0
          16:57:42.556308 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 0
          16:57:42.694924 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 345
          16:57:42.694942 (authentic,confidential): SPI 0xc47c23a9: IP 192.168.100.49.60446 > 192.168.101.252.443: tcp 110
          16:57:42.695048 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.695088 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 0
          16:57:42.721913 (authentic,confidential): SPI 0xc3d30395: IP 192.168.101.252.443 > 192.168.100.49.60446: tcp 1053

          1 Reply Last reply Reply Quote 0
          • kiokomanK Offline
            kiokoman LAYER 8
            last edited by

            set "packet capture" to be more verbose, i think it's "level of details"

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            G 1 Reply Last reply Reply Quote 0
            • G Offline
              ganderson @kiokoman
              last edited by ganderson

              @kiokoman Couldn't set it to "verbose" in the "level of detail" best I could get was "Full"

              14:36:59.265149 AF IPv4 (2), length 204: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 200)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0xa506 (correct), seq 464487249:464487409, ack 97171799, win 65535, length 160
              14:36:59.265422 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 50352, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x632b (correct), seq 1, ack 160, win 32768, length 0
              14:36:59.292169 AF IPv4 (2), length 92: (tos 0x0, ttl 254, id 33790, offset 0, flags [none], proto TCP (6), length 88)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x6891 (correct), seq 1:49, ack 160, win 32768, length 48
              14:36:59.296238 AF IPv4 (2), length 44: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xe2fb (correct), seq 160, ack 49, win 65535, length 0
              14:36:59.296536 AF IPv4 (2), length 124: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 120)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x8d4e (correct), seq 160:240, ack 49, win 65535, length 80
              14:36:59.296642 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 53942, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x62ab (correct), seq 49, ack 240, win 32768, length 0
              14:36:59.296697 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 35901, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x263b (correct), seq 49:113, ack 240, win 32768, length 64
              14:36:59.300734 AF IPv4 (2), length 44: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xe26b (correct), seq 240, ack 113, win 65535, length 0
              14:36:59.300932 AF IPv4 (2), length 540: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 536)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0xb35f (correct), seq 240:736, ack 113, win 65535, length 496
              14:36:59.301045 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 60286, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x607b (correct), seq 113, ack 736, win 32768, length 0
              14:36:59.301124 AF IPv4 (2), length 92: (tos 0x0, ttl 254, id 49017, offset 0, flags [none], proto TCP (6), length 88)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x41c0 (correct), seq 113:161, ack 736, win 32768, length 48
              14:36:59.301174 AF IPv4 (2), length 92: (tos 0x0, ttl 254, id 45013, offset 0, flags [none], proto TCP (6), length 88)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x2378 (correct), seq 161:209, ack 736, win 32768, length 48
              14:36:59.301541 AF IPv4 (2), length 156: (tos 0x0, ttl 254, id 37528, offset 0, flags [none], proto TCP (6), length 152)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x7c66 (correct), seq 209:321, ack 736, win 32768, length 112
              14:36:59.301596 AF IPv4 (2), length 188: (tos 0x0, ttl 254, id 54921, offset 0, flags [none], proto TCP (6), length 184)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x8c8e (correct), seq 321:465, ack 736, win 32768, length 144
              14:36:59.301670 AF IPv4 (2), length 204: (tos 0x0, ttl 254, id 56530, offset 0, flags [none], proto TCP (6), length 200)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x119d (correct), seq 465:625, ack 736, win 32768, length 160
              14:36:59.305188 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xe04b (correct), seq 736, ack 161, win 65535, length 0
              14:36:59.305202 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xe01b (correct), seq 736, ack 209, win 65535, length 0
              14:36:59.305484 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xdfab (correct), seq 736, ack 321, win 65535, length 0
              14:36:59.305496 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xdf1b (correct), seq 736, ack 465, win 65535, length 0
              14:36:59.305513 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xde7b (correct), seq 736, ack 625, win 65535, length 0
              14:36:59.328326 AF IPv4 (2), length 156: (tos 0x0, ttl 254, id 41931, offset 0, flags [none], proto TCP (6), length 152)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0xfc9d (correct), seq 625:737, ack 736, win 32768, length 112
              14:36:59.328402 AF IPv4 (2), length 124: (tos 0x0, ttl 254, id 37833, offset 0, flags [none], proto TCP (6), length 120)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x8ec4 (correct), seq 737:817, ack 736, win 32768, length 80
              14:36:59.332417 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xde0b (correct), seq 736, ack 737, win 65535, length 0
              14:36:59.332429 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xddbb (correct), seq 736, ack 817, win 65535, length 0
              14:37:00.321290 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0xc90f (correct), seq 736:800, ack 817, win 65535, length 64
              14:37:00.321443 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 44579, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x5d7b (correct), seq 817, ack 800, win 32768, length 0
              14:37:00.321523 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 37773, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x9193 (correct), seq 817:881, ack 800, win 32768, length 64
              14:37:00.325711 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xdd3b (correct), seq 800, ack 881, win 65535, length 0
              14:37:00.399119 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x9df0 (correct), seq 800:864, ack 881, win 65535, length 64
              14:37:00.399235 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 54547, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x5cfb (correct), seq 881, ack 864, win 32768, length 0
              14:37:00.399311 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 46984, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0xec45 (correct), seq 881:945, ack 864, win 32768, length 64
              14:37:00.403361 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xdcbb (correct), seq 864, ack 945, win 65535, length 0
              14:37:00.493570 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0xeee4 (correct), seq 864:928, ack 945, win 65535, length 64
              14:37:00.493675 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 34495, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x5c7b (correct), seq 945, ack 928, win 32768, length 0
              14:37:00.493732 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 51509, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x6364 (correct), seq 945:1009, ack 928, win 32768, length 64
              14:37:00.497683 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xdc3b (correct), seq 928, ack 1009, win 65535, length 0
              14:37:00.520289 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 57649, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x6219 (correct), seq 1009:1073, ack 928, win 32768, length 64
              14:37:00.524513 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xdbfb (correct), seq 928, ack 1073, win 65535, length 0
              14:37:01.618605 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x9668 (correct), seq 928:992, ack 1073, win 65535, length 64
              14:37:01.618735 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 33214, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x5bbb (correct), seq 1073, ack 992, win 32768, length 0
              14:37:01.618807 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 36649, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0xd406 (correct), seq 1073:1137, ack 992, win 32768, length 64
              14:37:01.622863 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xdb7b (correct), seq 992, ack 1137, win 65535, length 0
              14:37:01.916696 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x5174 (correct), seq 992:1056, ack 1137, win 65535, length 64
              14:37:01.916814 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 47232, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x5b3b (correct), seq 1137, ack 1056, win 32768, length 0
              14:37:01.916883 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 64694, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0xbbad (correct), seq 1137:1201, ack 1056, win 32768, length 64
              14:37:01.920979 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xdafb (correct), seq 1056, ack 1201, win 65535, length 0
              14:37:02.094039 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x29a1 (correct), seq 1056:1120, ack 1201, win 65535, length 64
              14:37:02.094132 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 36541, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x5abb (correct), seq 1201, ack 1120, win 32768, length 0
              14:37:02.094201 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 64433, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x78bd (correct), seq 1201:1265, ack 1120, win 32768, length 64
              14:37:02.098222 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xda7b (correct), seq 1120, ack 1265, win 65535, length 0
              14:37:02.235478 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0xf75b (correct), seq 1120:1184, ack 1265, win 65535, length 64
              14:37:02.235617 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 57788, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x5a3b (correct), seq 1265, ack 1184, win 32768, length 0
              14:37:02.235683 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 62526, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0xd7df (correct), seq 1265:1329, ack 1184, win 32768, length 64
              14:37:02.239563 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd9fb (correct), seq 1184, ack 1329, win 65535, length 0
              14:37:02.357594 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x4845 (correct), seq 1184:1248, ack 1329, win 65535, length 64
              14:37:02.357716 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 35731, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x59bb (correct), seq 1329, ack 1248, win 32768, length 0
              14:37:02.357767 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 49484, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x4a83 (correct), seq 1329:1393, ack 1248, win 32768, length 64
              14:37:02.361771 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd97b (correct), seq 1248, ack 1393, win 65535, length 0
              14:37:02.435869 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x16d7 (correct), seq 1248:1312, ack 1393, win 65535, length 64
              14:37:02.435976 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 48335, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x593b (correct), seq 1393, ack 1312, win 32768, length 0
              14:37:02.436038 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 45973, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x5a70 (correct), seq 1393:1457, ack 1312, win 32768, length 64
              14:37:02.440091 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd8fb (correct), seq 1312, ack 1457, win 65535, length 0
              14:37:02.682889 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x13d0 (correct), seq 1312:1376, ack 1457, win 65535, length 64
              14:37:02.683003 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 48587, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x58bb (correct), seq 1457, ack 1376, win 32768, length 0
              14:37:02.683070 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 59267, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x9528 (correct), seq 1457:1521, ack 1376, win 32768, length 64
              14:37:02.687139 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd87b (correct), seq 1376, ack 1521, win 65535, length 0
              14:37:02.822569 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0xefc6 (correct), seq 1376:1440, ack 1521, win 65535, length 64
              14:37:02.822676 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 63851, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x583b (correct), seq 1521, ack 1440, win 32768, length 0
              14:37:02.822737 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 50257, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0xb52c (correct), seq 1521:1585, ack 1440, win 32768, length 64
              14:37:02.827012 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd7fb (correct), seq 1440, ack 1585, win 65535, length 0
              14:37:02.969709 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0xa9c2 (correct), seq 1440:1504, ack 1585, win 65535, length 64
              14:37:02.969826 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 53302, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x57bb (correct), seq 1585, ack 1504, win 32768, length 0
              14:37:02.969872 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 47700, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x0d54 (correct), seq 1585:1649, ack 1504, win 32768, length 64
              14:37:02.973872 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd77b (correct), seq 1504, ack 1649, win 65535, length 0
              14:37:03.239520 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x5090 (correct), seq 1504:1568, ack 1649, win 65535, length 64
              14:37:03.239637 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 54413, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x573b (correct), seq 1649, ack 1568, win 32768, length 0
              14:37:03.239705 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 40140, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x7f2f (correct), seq 1649:1713, ack 1568, win 32768, length 64
              14:37:03.243917 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd6fb (correct), seq 1568, ack 1713, win 65535, length 0
              14:37:03.426647 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x7ec2 (correct), seq 1568:1632, ack 1713, win 65535, length 64
              14:37:03.426759 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 39782, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x56bb (correct), seq 1713, ack 1632, win 32768, length 0
              14:37:03.426860 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 58274, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x6a1f (correct), seq 1713:1777, ack 1632, win 32768, length 64
              14:37:03.431042 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd67b (correct), seq 1632, ack 1777, win 65535, length 0
              14:37:03.501564 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0x076a (correct), seq 1632:1696, ack 1777, win 65535, length 64
              14:37:03.501666 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 56591, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x563b (correct), seq 1777, ack 1696, win 32768, length 0
              14:37:03.501728 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 54021, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x64f6 (correct), seq 1777:1841, ack 1696, win 32768, length 64
              14:37:03.505873 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd5fb (correct), seq 1696, ack 1841, win 65535, length 0
              14:37:03.648296 AF IPv4 (2), length 108: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 104)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [P.], cksum 0xb73f (correct), seq 1696:1760, ack 1841, win 65535, length 64
              14:37:03.648422 AF IPv4 (2), length 44: (tos 0x0, ttl 254, id 62111, offset 0, flags [none], proto TCP (6), length 40)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [.], cksum 0x55bb (correct), seq 1841, ack 1760, win 32768, length 0
              14:37:03.648499 AF IPv4 (2), length 108: (tos 0x0, ttl 254, id 61725, offset 0, flags [none], proto TCP (6), length 104)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x5d2a (correct), seq 1841:1905, ack 1760, win 32768, length 64
              14:37:03.652541 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd57b (correct), seq 1760, ack 1905, win 65535, length 0
              14:37:03.675183 AF IPv4 (2), length 124: (tos 0x0, ttl 254, id 49149, offset 0, flags [none], proto TCP (6), length 120)
              192.168.101.252.22 > 192.168.100.49.55017: Flags [P.], cksum 0x3fbe (correct), seq 1905:1985, ack 1760, win 32768, length 80
              14:37:03.679289 AF IPv4 (2), length 44: (tos 0x10, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 40)
              192.168.100.49.55017 > 192.168.101.252.22: Flags [.], cksum 0xd52b (correct), seq 1760, ack 1985, win 65535, length 0
              14:39:01.558723 AF IPv4 (2), length 102: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 98)
              192.168.100.49.55032 > 192.168.101.249.443: Flags [P.], cksum 0x915f (correct), seq 1717342412:1717342458, ack 4192580823, win 4096, options [nop,nop,TS val 2082755550 ecr 2475673005], length 46
              14:39:01.558776 AF IPv4 (2), length 56: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
              192.168.101.249.443 > 192.168.100.49.55032: Flags [.], cksum 0x4617 (correct), seq 1, ack 46, win 509, options [nop,nop,TS val 2475799912 ecr 2082755550], length 0
              14:39:01.558811 AF IPv4 (2), length 87: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 83)
              192.168.100.49.55032 > 192.168.101.249.443: Flags [P.], cksum 0x044d (correct), seq 46:77, ack 1, win 4096, options [nop,nop,TS val 2082755550 ecr 2475673005], length 31
              14:39:01.558836 AF IPv4 (2), length 56: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
              192.168.101.249.443 > 192.168.100.49.55032: Flags [.], cksum 0x45f8 (correct), seq 1, ack 77, win 509, options [nop,nop,TS val 2475799912 ecr 2082755550], length 0
              14:39:01.558908 AF IPv4 (2), length 56: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
              192.168.101.249.443 > 192.168.100.49.55032: Flags [F.], cksum 0x45f6 (correct), seq 1, ack 77, win 510, options [nop,nop,TS val 2475799912 ecr 2082755550], length 0
              14:39:01.561306 AF IPv4 (2), length 56: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 52)
              192.168.100.49.55032 > 192.168.101.249.443: Flags [F.], cksum 0x27af (correct), seq 77, ack 1, win 4096, options [nop,nop,TS val 2082755552 ecr 2475673005], length 0
              14:39:01.561339 AF IPv4 (2), length 56: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
              192.168.101.249.443 > 192.168.100.49.55032: Flags [F.], cksum 0x45f1 (correct), seq 1, ack 78, win 510, options [nop,nop,TS val 2475799914 ecr 2082755552], length 0
              14:39:01.562679 AF IPv4 (2), length 56: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 52)
              192.168.100.49.55032 > 192.168.101.249.443: Flags [F.], cksum 0x37f0 (correct), seq 77, ack 2, win 4096, options [nop,nop,TS val 2082755553 ecr 2475799912], length 0

              1 Reply Last reply Reply Quote 0
              • kiokomanK Offline
                kiokoman LAYER 8
                last edited by

                there is nothing/i don't see anything strange here, ..push and ack ..
                the block on the firewall are there because they are out of state. idk .. maybe someone else have a better suggestion

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                1 Reply Last reply Reply Quote 0
                • G Offline
                  ganderson
                  last edited by

                  Yeah, that was what I was afraid of. I did some looking around to see if I saw the "TCP:PA" and TCP:A" with a root cause of anything but asynchronous routing, but thats all I could find. This sucks too, cause I had almost talked everyone into buying the equipment and support for PFSense and talked up how stable it was.

                  1 Reply Last reply Reply Quote 0
                  • kiokomanK Offline
                    kiokoman LAYER 8
                    last edited by kiokoman

                    uhm based on this https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-for-legitimate-connection-packets.html
                    This happens because on occasion a packet will be lost, and the retransmits will be blocked because the firewall has already closed the connection.

                    did you try MTU or MSS related settings?

                    ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                    Please do not use chat/PM to ask for help
                    we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                    Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                    1 Reply Last reply Reply Quote 1
                    • G Offline
                      ganderson
                      last edited by

                      No I've left both default, should I try increasing them? I thought we didn't see any fragmentation going on through the packet capture?

                      1 Reply Last reply Reply Quote 0
                      • kiokomanK Offline
                        kiokoman LAYER 8
                        last edited by

                        yeah right.. i'm also trying to keep the discussion active to see if someone else has any ideas ...
                        in this type of forum information is the key to a solution ... the more you test and report back the more information we have

                        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                        Please do not use chat/PM to ask for help
                        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                        1 Reply Last reply Reply Quote 0
                        • G Offline
                          ganderson
                          last edited by

                          I've changed the MTU size to 1600 on the IPSec interface it was blocking on. It seems to have stopped blocking on that interface. I have everything set to 1500 MTU, and we saw no fragmentation, but it seems to be stable so far, been about 3 hours now.

                          1 Reply Last reply Reply Quote 0
                          • kiokomanK Offline
                            kiokoman LAYER 8
                            last edited by

                            is it still working?
                            ...network's mistery?

                            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                            Please do not use chat/PM to ask for help
                            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                            1 Reply Last reply Reply Quote 0
                            • G Offline
                              ganderson
                              last edited by

                              Yeah, its still working, about 23 hours so far stable. Still can't really explain why it happened. I didn't make any changes that would necessitate an MTU change. I was making acl changes on a machine farther into the network when it started happening.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.