Key Features
Diagnosis and Localization
Upload Pcap files, automatically diagnose and analyze abnormal issues within them, and determine whether these issues are related to the network or application services.
Causes and Solutions
For identified issues, provide possible root causes and corresponding solutions.
Evidence and Samples
Explain network packet interaction behavior as evidence and provide relevant packet samples.
Business Connection Failed
When a client of a business system accesses the server via WAN, transaction failures occur, and the network administrator needs to locate the fault and its cause.
For access failure issues, the first step is to check if the TCP handshake process is completed normally, followed by checking if the application layer communication is functioning properly.
In this case, both observation points detected TCP handshake failures, and the different details of the handshake failure process indicate that intermediate network devices failed to correctly forward the server's SYN-ACK packets, leading to TCP handshake failures and consequently causing transaction failures.
DNS Resolution Timeout
In a business system, when accessing an external system server via the internet as a client, occasional transactions experience a 5-second access delay. The network administrator needs to identify the location and cause of the fault.
For access delay issues, if accessed via a domain name, the first step is to check if the DNS resolution process is normal, then to check if there is a delay in the TCP handshake, and finally to check if the application layer's response time is reasonable.
In this case, it was observed that the client's access to the primary DNS received no response, and only after a five-second timeout did it switch to the backup DNS to successfully complete the call to the external system.
TLS Certificate Expired
During the TLS certificate switching test for a business system, some users experienced login issues. Monitoring metrics showed a significant increase in TCP RST packets, and the administrator needed to identify the cause of the failure.
For access failure issues, the first step is to check if the TCP handshake process is completed normally. If TLS is involved, the TLS handshake process also needs to be checked, followed by verifying if the application layer communication is functioning properly.
In this case, it was observed that the TCP handshake had completed normally. However, during the TLS handshake, the client terminated the communication with an RST packet. Further analysis revealed a TLS Unknown Certificate error.
