Delay in connecting to specific site



  • Hello everyone,

    We have recently received complaints that the connection is too slow when accessing a particular page. We tested with the mobile internet and the connection is fast, so we decided to test from our router which was also fast. So we only had pfSense left. The problem is only with this specific IP. Following is the attempt to connect to the site that takes up to 20 seconds.
    pfsense.PNG



  • You only have half the conversation there. What is the other end replying with?



  • @KOM said in Delay in connecting to specific site:

    You only have half the conversation there. What is the other end replying with

    Sorry, loading the page ends here

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on bce1, link-type EN10MB (Ethernet), capture size 262144 bytes
    08:15:20.602064 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [S], seq 77999468 , win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    08:15:20.602305 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [S], seq 23774843 09, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    08:15:20.611667 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 39214443 46, win 513, length 0
    08:15:20.611945 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [P.], seq 0:517, ack 1, win 513, length 517
    08:15:20.612535 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [.], ack 33495985 80, win 513, length 0
    08:15:20.612825 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [P.], seq 0:517, ack 1, win 513, length 517
    08:15:20.624260 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [.], ack 4340, wi n 513, length 0
    08:15:20.624279 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 4340, wi n 513, length 0
    08:15:21.000448 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [P.], seq 517:643 , ack 4340, win 513, length 126
    08:15:21.000762 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [P.], seq 517:643 , ack 4340, win 513, length 126
    08:15:21.000999 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [P.], seq 643:133 4, ack 4340, win 513, length 691
    08:15:21.046291 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 6074, wi n 513, length 0
    08:15:21.047091 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 13774, w in 513, length 0
    08:15:21.050997 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [.], ack 4614, wi n 512, length 0
    08:15:21.067441 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [P.], seq 1334:20 16, ack 13774, win 513, length 682
    08:15:21.068014 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [P.], seq 643:134 1, ack 4614, win 512, length 698
    08:15:21.068150 IP 10.30.31.6.49360 > 179.xx.xxx.xx.443: Flags [S], seq 36079721 80, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    08:15:21.078468 IP 10.30.31.6.49360 > 179.xx.xxx.xx.443: Flags [.], ack 73137259 4, win 513, length 0
    08:15:21.078487 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [.], ack 6089, wi n 513, length 0
    08:15:21.078814 IP 10.30.31.6.49360 > 179.xx.xxx.xx.443: Flags [P.], seq 0:524, ack 1, win 513, length 524
    08:15:21.079604 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [P.], seq 1341:20 52, ack 6089, win 513, length 711
    08:15:21.089073 IP 10.30.31.6.49360 > 179.xx.xxx.xx.443: Flags [P.], seq 524:575 , ack 153, win 512, length 51
    08:15:21.090448 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [.], ack 7957, wi n 513, length 0
    08:15:21.098076 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 25454, w in 513, length 0
    08:15:21.098872 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 35674, w in 513, length 0
    08:15:21.099744 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 40054, w in 513, length 0
    08:15:21.108567 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 50274, w in 513, length 0
    08:15:21.109409 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 60494, w in 513, length 0
    08:15:21.110266 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 70714, w in 513, length 0
    08:15:21.111128 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 80934, w in 513, length 0
    08:15:21.111899 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 89694, w in 479, length 0
    08:15:21.112675 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 92614, w in 467, length 0
    08:15:21.119135 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 102834, win 427, length 0
    08:15:21.119971 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 113054, win 387, length 0
    08:15:21.120808 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 121814, win 353, length 0
    08:15:21.121633 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 132034, win 313, length 0
    08:15:21.122415 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 136499, win 296, length 0
    08:15:21.139026 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 136499, win 513, length 0
    08:15:24.091634 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [.], ack 7989, win 513, length 0
    08:15:24.099696 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [.], ack 136531, win 513, length 0
    08:15:41.118793 IP 10.30.31.6.49360 > 179.xx.xxx.xx.443: Flags [.], ack 185, win 512, length 0
    08:15:41.708431 IP 10.30.31.6.49360 > 179.xx.xxx.xx.443: Flags [F.], seq 575, ack 185, win 512, length 0
    08:15:41.708451 IP 10.30.31.6.49360 > 179.xx.xxx.xx.443: Flags [R.], seq 576, ack 185, win 0, length 0
    08:15:41.708473 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [F.], seq 2052, ack 7989, win 513, length 0
    08:15:41.708488 IP 10.30.31.6.49358 > 179.xx.xxx.xx.443: Flags [R.], seq 2053, ack 7989, win 0, length 0
    08:15:41.708533 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [F.], seq 2016, ack 136531, win 513, length 0
    08:15:41.708550 IP 10.30.31.6.49357 > 179.xx.xxx.xx.443: Flags [R.], seq 2017, ack 136531, win 0, length 0
    08:15:41.708711 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [S], seq 2920622318, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    08:15:41.711794 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [S], seq 834318720, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    08:15:41.719460 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 1585097407, win 513, length 0
    08:15:41.719833 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [P.], seq 0:524, ack 1, win 513, length 524
    08:15:41.722433 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 1766878749, win 513, length 0
    08:15:41.722451 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [P.], seq 0:524, ack 1, win 513, length 524
    08:15:41.728790 IP 10.30.31.6.49364 > 179.xx.xxx.xx.443: Flags [S], seq 1748779978, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    08:15:41.730069 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [P.], seq 524:575, ack 153, win 512, length 51
    08:15:41.730343 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [P.], seq 575:1346, ack 153, win 512, length 771
    08:15:41.732852 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [P.], seq 524:575, ack 153, win 512, length 51
    08:15:41.733145 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [P.], seq 575:1305, ack 153, win 512, length 730
    08:15:41.739199 IP 10.30.31.6.49364 > 179.xx.xxx.xx.443: Flags [.], ack 3506563844, win 513, length 0
    08:15:41.739529 IP 10.30.31.6.49364 > 179.xx.xxx.xx.443: Flags [P.], seq 0:524, ack 1, win 513, length 524
    08:15:41.744749 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [P.], seq 1305:1966, ack 1551, win 513, length 661
    08:15:41.745431 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 10373, win 513, length 0
    08:15:41.746291 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 14753, win 513, length 0
    08:15:41.749766 IP 10.30.31.6.49364 > 179.xx.xxx.xx.443: Flags [P.], seq 524:575, ack 153, win 512, length 51
    08:15:41.757325 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 30813, win 513, length 0
    08:15:41.757690 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 42493, win 513, length 0
    08:15:41.758455 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 43953, win 513, length 0
    08:15:41.768220 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 54173, win 513, length 0
    08:15:41.769342 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 67313, win 513, length 0
    08:15:41.770861 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 67313, win 513, options [nop,nop,sack 1 {68773:70233}], length 0
    08:15:41.770879 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 67313, win 513, options [nop,nop,sack 2 {76073:77533}{68773:70233}], length 0
    08:15:41.770892 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 67313, win 513, options [nop,nop,sack 2 {76073:77979}{68773:70233}], length 0
    08:15:41.781355 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 70233, win 513, options [nop,nop,sack 1 {76073:77979}], length 0
    08:15:41.781375 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 71693, win 513, options [nop,nop,sack 1 {76073:77979}], length 0
    08:15:41.791088 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 74613, win 513, options [nop,nop,sack 1 {76073:77979}], length 0
    08:15:41.791907 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 77979, win 513, length 0
    08:15:41.799648 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 11771, win 513, length 0
    08:15:41.800881 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 16151, win 513, length 0
    08:15:41.810289 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 27831, win 513, length 0
    08:15:41.811052 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 36591, win 513, length 0
    08:15:41.811890 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 45351, win 513, length 0
    08:15:41.821825 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 57031, win 513, length 0
    08:15:41.822848 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 68711, win 513, length 0
    08:15:41.823713 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 80391, win 467, length 0
    08:15:41.824728 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 90611, win 427, length 0
    08:15:41.826480 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 103751, win 376, length 0
    08:15:41.832324 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 113971, win 336, length 0
    08:15:41.833286 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 125651, win 290, length 0
    08:15:41.834276 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 137331, win 245, length 0
    08:15:41.835259 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 147551, win 205, length 0
    08:15:41.836223 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 159231, win 159, length 0
    08:15:41.837213 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 170911, win 114, length 0
    08:15:41.838034 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 181131, win 74, length 0
    08:15:41.838919 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 191351, win 34, length 0
    08:15:41.839683 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 200007, win 0, length 0
    08:15:41.915913 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 200007, win 513, length 0
    08:15:41.926281 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 208871, win 513, length 0
    08:15:41.927250 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 220551, win 513, length 0
    08:15:41.928165 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 230771, win 513, length 0
    08:15:41.929202 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 243911, win 1026, length 0
    08:15:41.930052 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 254131, win 1026, length 0
    08:15:41.930893 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 264351, win 1026, length 0
    08:15:41.931670 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 273111, win 1026, length 0
    08:15:41.932472 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 281871, win 1026, length 0
    08:15:41.933333 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 292091, win 1026, length 0
    08:15:41.934173 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 302311, win 1026, length 0
    08:15:41.934979 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 311681, win 2064, length 0
    08:15:41.955916 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [P.], seq 1966:2645, ack 311681, win 2064, length 679
    08:15:41.970181 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 317521, win 2064, length 0
    08:15:41.971145 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 328676, win 2064, length 0
    08:15:41.972120 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 340356, win 2064, length 0
    08:15:41.973116 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 342472, win 2064, length 0
    08:15:42.206821 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [P.], seq 2645:3573, ack 342472, win 2064, length 928
    08:15:42.278190 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 343069, win 2062, length 0
    08:15:42.517685 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [P.], seq 3573:4282, ack 343069, win 2062, length 709
    08:15:42.528895 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 344740, win 2064, length 0
    08:15:44.747892 IP 10.30.31.6.49362 > 179.xx.xxx.xx.443: Flags [.], ack 78011, win 513, length 0
    08:15:45.531261 IP 10.30.31.6.49363 > 179.xx.xxx.xx.443: Flags [.], ack 344772, win 2064, length 0


  • LAYER 8

    again, there is only one direction ">" from 10.30 to 179.xx
    we don't see any answer on your post ( from 179.xx to 10.30 )
    the tcpdump you have only show one direction



  • @cristiann
    tcpdump -i bce1 host 179.xx.xxx.xx



  • This post is deleted!


  • @Konstanti said in Delay in connecting to specific site:

    tcpdump -i bce1 host 179.xx.xxx.xx

    Sorry,

    [2.4.4-RELEASE][admin@bart.xxx.xxxxxxx.xx]/root: tcpdump -i bce1 host 179.xx.xxx.xx 3
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on bce1, link-type EN10MB (Ethernet), capture size 262144 bytes
    09:46:53.225366 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [S], seq 1606289226, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:46:53.225468 IP 10.30.31.6.52710 > moodle.xxxxxxx.xx.https: Flags [S], seq 2560960879, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:46:53.235052 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [S.], seq 3384653364, ack 1606289227, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    09:46:53.235085 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [S.], seq 2018457620, ack 2560960880, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    09:46:53.235278 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [.], ack 1, win 513, length 0
    09:46:53.235302 IP 10.30.31.6.52710 > moodle.xxxxxxx.xx.https: Flags [.], ack 1, win 513, length 0
    09:46:53.235527 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [P.], seq 1:525, ack 1, win 513, length 524
    09:46:53.235633 IP 10.30.31.6.52710 > moodle.xxxxxxx.xx.https: Flags [P.], seq 1:525, ack 1, win 513, length 524
    09:46:53.244853 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], ack 525, win 237, length 0
    09:46:53.244874 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [.], ack 525, win 237, length 0
    09:46:54.293185 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], seq 1:1461, ack 525, win 237, length 1460
    09:46:54.293498 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], seq 1461:2921, ack 525, win 237, length 1460
    09:46:54.293529 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [P.], seq 2921:4097, ack 525, win 237, length 1176
    09:46:54.293559 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [P.], seq 4097:4340, ack 525, win 237, length 243
    09:46:54.294779 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [.], ack 4340, win 513, length 0
    09:46:54.295458 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [P.], seq 525:651, ack 4340, win 513, length 126
    09:46:54.295957 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [P.], seq 651:1390, ack 4340, win 513, length 739
    09:46:54.304355 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], ack 651, win 237, length 0
    09:46:54.304667 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [P.], seq 4340:4614, ack 651, win 237, length 274
    09:46:54.341139 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], seq 4614:6074, ack 1390, win 249, length 1460
    09:46:54.341163 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], seq 6074:7534, ack 1390, win 249, length 1460
    09:46:54.341283 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], seq 7534:8994, ack 1390, win 249, length 1460
    09:46:54.341310 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], seq 8994:10454, ack 1390, win 249, length 1460
    09:46:54.341332 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], seq 10454:11914, ack 1390, win 249, length 1460
    09:46:54.341358 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], seq 11914:13374, ack 1390, win 249, length 1460
    09:46:54.341389 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [P.], seq 13374:13698, ack 1390, win 249, length 324
    09:46:54.341548 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [.], ack 6074, win 513, length 0
    09:46:54.342391 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [.], ack 13698, win 513, length 0
    09:46:54.388865 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [.], seq 1:1461, ack 525, win 237, length 1460
    09:46:54.388905 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [.], seq 1461:2921, ack 525, win 237, length 1460
    09:46:54.388927 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [P.], seq 2921:4097, ack 525, win 237, length 1176
    09:46:54.388952 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [P.], seq 4097:4340, ack 525, win 237, length 243
    09:46:54.390157 IP 10.30.31.6.52710 > moodle.xxxxxxx.xx.https: Flags [.], ack 4340, win 513, length 0
    09:46:54.390494 IP 10.30.31.6.52710 > moodle.xxxxxxx.xx.https: Flags [P.], seq 525:651, ack 4340, win 513, length 126
    09:46:54.399479 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [.], ack 651, win 237, length 0
    09:46:54.399729 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [P.], seq 4340:4614, ack 651, win 237, length 274
    09:46:54.439725 IP 10.30.31.6.52710 > moodle.xxxxxxx.xx.https: Flags [.], ack 4614, win 512, length 0
    09:46:57.343957 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [P.], seq 13698:13729, ack 1390, win 249, length 31
    09:46:57.343977 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [F.], seq 13729, ack 1390, win 249, length 0
    09:46:57.344356 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [.], ack 13730, win 513, length 0


    DELAY


    09:47:14.418385 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [P.], seq 4614:4645, ack 651, win 237, length 31
    09:47:14.418405 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [F.], seq 4645, ack 651, win 237, length 0
    09:47:14.418703 IP 10.30.31.6.52710 > moodle.xxxxxxx.xx.https: Flags [.], ack 4646, win 512, length 0
    09:47:14.436734 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [F.], seq 1390, ack 13730, win 513, length 0
    09:47:14.436756 IP 10.30.31.6.52709 > moodle.xxxxxxx.xx.https: Flags [R.], seq 1391, ack 13730, win 0, length 0
    09:47:14.436810 IP 10.30.31.6.52710 > moodle.xxxxxxx.xx.https: Flags [F.], seq 651, ack 4646, win 512, length 0
    09:47:14.436833 IP 10.30.31.6.52710 > moodle.xxxxxxx.xx.https: Flags [R.], seq 652, ack 4646, win 0, length 0
    09:47:14.437020 IP 10.30.31.6.52712 > moodle.xxxxxxx.xx.https: Flags [S], seq 1213840202, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    09:47:14.445847 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52709: Flags [.], ack 1391, win 249, length 0
    09:47:14.445934 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52710: Flags [.], ack 652, win 237, length 0
    09:47:14.446602 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52712: Flags [S.], seq 1867083599, ack 1213840203, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    09:47:14.447434 IP 10.30.31.6.52712 > moodle.xxxxxxx.xx.https: Flags [.], ack 1, win 513, length 0
    09:47:14.447694 IP 10.30.31.6.52712 > moodle.xxxxxxx.xx.https: Flags [P.], seq 1:525, ack 1, win 513, length 524
    09:47:14.457820 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52712: Flags [.], ack 525, win 237, length 0
    09:47:14.458083 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52712: Flags [P.], seq 1:153, ack 525, win 237, length 152
    09:47:14.459039 IP 10.30.31.6.52712 > moodle.xxxxxxx.xx.https: Flags [P.], seq 525:576, ack 153, win 512, length 51
    09:47:14.459349 IP 10.30.31.6.52712 > moodle.xxxxxxx.xx.https: Flags [P.], seq 576:1512, ack 153, win 512, length 936
    09:47:14.468619 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52712: Flags [.], ack 1512, win 252, length 0
    09:47:14.474369 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52712: Flags [P.], seq 153:751, ack 1512, win 252, length 598
    09:47:14.514872 IP 10.30.31.6.52712 > moodle.xxxxxxx.xx.https: Flags [.], ack 751, win 510, length 0
    09:47:17.477463 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52712: Flags [P.], seq 751:782, ack 1512, win 252, length 31
    09:47:17.477484 IP moodle.xxxxxxx.xx.https > 10.30.31.6.52712: Flags [F.], seq 782, ack 1512, win 252, length 0
    09:47:17.477936 IP 10.30.31.6.52712 > moodle.xxxxxxx.xx.https: Flags [.], ack 783, win 510, length 0



  • So what does that mean? The DELAY banner is supposed to show when the delay happens? Or does it mean that all the traffic under it is delayed? You seem to have some FIN and RST packets there which will definitely interrupt a connection.

    What is the purpose of the site? Do you have multiple WANs?



  • The banner I placed to show the part where the longest page load delay occurs.

    We are a branch of a university and the site is of another branch for student access. Each branch office has its own independent infrastructure.
    We tested OPNSense and access is normal.

    We only have one WAN



  • Do you have any packages installed, like Squid, pfBlocker, Snort, Suricata...?



  • Thanks. I disabled pfBlocker and the issue is resolved



  • @cristiann said in Delay in connecting to specific site:

    Thanks. I disabled pfBlocker and the issue is resolved

    pfSense troubleshooting 101 ... 😉. Anytime you have connectivity issues with a pfSense installation and you have any packages installed, disable all the packages first and then see if the problem disappears. Odds are it will. After that, you know the core pfSense setup is fine. So then start enabling the packages one-by-one to see which one is the cause of the issue.

    Suricata, Snort, Squid and pfBlocker can all be potential problem makers. Suricata, Snort and pfBlocker rely on third-party inputs (rules for Suricata and Snort) and IP lists (for pfBlocker), and any of those third party tooks can have bad data in them that cause false positives.


Log in to reply