Puzzled: Sometimes connecting to RDP behind firewall is fine, sometimes not



  • On some days, I can connect to RDP behind the firewall and some days (without dong anything to the firewall), i can not. I have captured a weird TCPDUMP sequence and was wondering if someone could see what is wrong. Thanks in advance.

    tcpdump -i ath0 port 3389

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes
    09:13:03.313629 IP MASKED.SERVER.16479 > tge.local.3389: S 2501540767:2501540767(0) win 65535 <mss 1460,nop,nop,sackok="">09:13:03.314119 IP tge.local.3389 > MASKED.SERVER.16479: S 3063361002:3063361002(0) ack 2501540768 win 65535 <mss 1460,nop,nop,sackok="">09:13:03.328974 IP MASKED.SERVER.16479 > tge.local.3389: . ack 1 win 65535
    09:13:03.332558 IP MASKED.SERVER.16479 > tge.local.3389: P 1:20(19) ack 1 win 65535
    09:13:03.488434 IP tge.local.3389 > MASKED.SERVER.16479: . ack 20 win 65516
    09:13:03.526894 IP tge.local.3389 > MASKED.SERVER.16479: P 1:12(11) ack 20 win 65516
    09:13:03.543213 IP MASKED.SERVER.16479 > tge.local.3389: F 20:20(0) ack 12 win 65524
    09:13:03.543676 IP tge.local.3389 > MASKED.SERVER.16479: . ack 21 win 65516
    09:13:03.543874 IP tge.local.3389 > MASKED.SERVER.16479: R 12:12(0) ack 21 win 0
    09:13:03.574288 IP MASKED.SERVER.16501 > tge.local.3389: S 1841222765:1841222765(0) win 65535 <mss 1460,nop,nop,sackok="">09:13:03.574788 IP tge.local.3389 > MASKED.SERVER.16501: S 2437382849:2437382849(0) ack 1841222766 win 65535 <mss 1460,nop,nop,sackok="">09:13:03.589518 IP MASKED.SERVER.16501 > tge.local.3389: . ack 1 win 65535
    09:13:03.593115 IP MASKED.SERVER.16501 > tge.local.3389: P 1:20(19) ack 1 win 65535
    09:13:03.786200 IP tge.local.3389 > MASKED.SERVER.16501: P 1:12(11) ack 20 win 65516
    09:13:03.805520 IP MASKED.SERVER.16501 > tge.local.3389: P 20:448(428) ack 12 win 65524
    09:13:03.806539 IP tge.local.3389 > MASKED.SERVER.16501: P 12:345(333) ack 448 win 65088
    09:13:03.822744 IP MASKED.SERVER.16501 > tge.local.3389: P 448:460(12) ack 345 win 65191
    09:13:03.991553 IP tge.local.3389 > MASKED.SERVER.16501: . ack 460 win 65076
    09:13:04.007995 IP MASKED.SERVER.16501 > tge.local.3389: P 460:468(8) ack 345 win 65191
    09:13:04.008508 IP tge.local.3389 > MASKED.SERVER.16501: P 345:356(11) ack 468 win 65068
    09:13:04.024662 IP MASKED.SERVER.16501 > tge.local.3389: P 468:480(12) ack 356 win 65180
    09:13:04.025110 IP tge.local.3389 > MASKED.SERVER.16501: P 356:371(15) ack 480 win 65056
    09:13:04.040297 IP MASKED.SERVER.16501 > tge.local.3389: P 480:492(12) ack 371 win 65165
    09:13:04.040747 IP tge.local.3389 > MASKED.SERVER.16501: P 371:386(15) ack 492 win 65044
    09:13:04.056487 IP MASKED.SERVER.16501 > tge.local.3389: P 492:504(12) ack 386 win 65150
    09:13:04.056925 IP tge.local.3389 > MASKED.SERVER.16501: P 386:401(15) ack 504 win 65032
    09:13:04.071988 IP MASKED.SERVER.16501 > tge.local.3389: P 504:516(12) ack 401 win 65135
    09:13:04.072420 IP tge.local.3389 > MASKED.SERVER.16501: P 401:416(15) ack 516 win 65020
    09:13:04.088142 IP MASKED.SERVER.16501 > tge.local.3389: P 516:528(12) ack 416 win 65120
    09:13:04.088567 IP tge.local.3389 > MASKED.SERVER.16501: P 416:431(15) ack 528 win 65008
    09:13:04.107273 IP MASKED.SERVER.16501 > tge.local.3389: P 528:540(12) ack 431 win 65105
    09:13:04.107714 IP tge.local.3389 > MASKED.SERVER.16501: P 431:446(15) ack 540 win 64996
    09:13:04.239576 IP MASKED.SERVER.16501 > tge.local.3389: . ack 446 win 65090
    09:13:04.298451 IP MASKED.SERVER.16501 > tge.local.3389: P 540:634(94) ack 446 win 65090
    09:13:04.494632 IP tge.local.3389 > MASKED.SERVER.16501: . ack 634 win 64902
    09:13:04.509572 IP MASKED.SERVER.16501 > tge.local.3389: P 634:997(363) ack 446 win 65090
    09:13:04.510512 IP tge.local.3389 > MASKED.SERVER.16501: P 446:480(34) ack 997 win 64539
    09:13:04.518484 IP tge.local.3389 > MASKED.SERVER.16501: P 480:807(327) ack 997 win 64539
    09:13:04.534031 IP MASKED.SERVER.16501 > tge.local.3389: . ack 807 win 64729
    09:13:04.767079 IP MASKED.SERVER.16501 > tge.local.3389: P 997:1524(527) ack 807 win 64729
    09:13:04.767105 IP MASKED.SERVER.16501 > tge.local.3389: P 1524:2984(1460) ack 807 win 64729
    09:13:04.767118 IP MASKED.SERVER.16501 > tge.local.3389: P 2984:3097(113) ack 807 win 64729
    09:13:04.767133 IP MASKED.SERVER.16501 > tge.local.3389: P 3097:4557(1460) ack 807 win 64729
    09:13:04.767156 IP MASKED.SERVER.16501 > tge.local.3389: P 4557:5939(1382) ack 807 win 64729
    09:13:04.768560 IP tge.local.3389 > MASKED.SERVER.16501: . ack 3097 win 63962
    09:13:04.768761 IP tge.local.3389 > MASKED.SERVER.16501: . ack 5939 win 61120
    09:13:04.768884 IP tge.local.3389 > MASKED.SERVER.16501: P 807:855(48) ack 1524 win 65535
    09:13:04.769215 IP tge.local.3389 > MASKED.SERVER.16501: P 855:907(52) ack 5939 win 61120
    09:13:04.769474 IP tge.local.3389 > MASKED.SERVER.16501: P 907:959(52) ack 5939 win 61120
    09:13:04.769706 IP tge.local.3389 > MASKED.SERVER.16501: . ack 5939 win 62710
    09:13:04.769824 IP tge.local.3389 > MASKED.SERVER.16501: . ack 5939 win 64300
    09:13:04.792037 IP MASKED.SERVER.16501 > tge.local.3389: . ack 959 win 64577
    09:13:28.016193 IP MASKED.SERVER.16501 > tge.local.3389: F 5939:5939(0) ack 959 win 64577
    09:13:28.016709 IP tge.local.3389 > MASKED.SERVER.16501: . ack 5940 win 64300
    09:13:28.016931 IP tge.local.3389 > MASKED.SERVER.16501: R 959:959(0) ack 5940 win 0</mss></mss></mss></mss>


Locked