Gijs Lemahieu1709159845 Posted September 15, 2022 Share Posted September 15, 2022 Hi, first of all some background. I have a customer, communicating with an API hosted over the ADC appliance. Sometimes (some days not, some days once and some days multiple times), there is a problem and the SSL handshake is failing. I have setup debuglogging, but I was not able to identify the problem. I started a trace and I was able to capture one example of the problem. - Clients sends a Client Hello (TLS 1.3) - ADC replies with 'Hello Retry Request' and 'Change Cipher Spec - Clients replies with 'Change Cipher Spec, Client Hello' - ADC responds with RST, ACK (Window 9811) I upgraded the ADC to the latest version but the problem still occurs (less frequently though). As the problem occurs less frequently, I'm not able to capture the problem in a trace file anymore. I have started a trace with these settings : start nstrace -filter CONNECTION.SRCIP.EQ(a.b.c.d) -link ENABLED -size 0 -nf 10 -time 720 -capdroppkt ENABLED -capsslkeys ENABLED -traceformat PCAP but this is creating a lot of data and I'm not able to capture more then 1 hour. I thought that this trace was circular but this is not how I expect circular logging. I would expect some roll over so that the oldest file is overwritten and that I always would be able to go back 1 hour in the past (due to the amount of data) but this doesn't work. After 1 hour, the trace just stops. Is there a way to configure 'roll-over logging' instead of circular logging (which basically just splits up the trace in multiple files) so that the oldest file is overwritten and so that I can go back on hour in the past? Should I be able to configure a filter on the trace some how to capture only on conversations which ends with a Reset packet? This would create much less data and I would be able to capture on a much longer timeframe without filling up the /var directory. Once this is solved I should be able to see if the ADC is still / always responding with RST, ACK (windows 9811) - and search a cause and solution for that ? Thanks! Gijs. Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted September 15, 2022 Share Posted September 15, 2022 Which version of firmware? Have you tried the nstrace from the GUI and see if you get same or different results? Link to comment Share on other sites More sharing options...
Gijs Lemahieu1709159845 Posted September 15, 2022 Author Share Posted September 15, 2022 Hi Rhonda, version 13.0 87.9 GUI has the same result (I tried it initially with the GUI and tried afterwards with the CLI - above command) Regards, Gijs. Link to comment Share on other sites More sharing options...
Gijs Lemahieu1709159845 Posted September 19, 2022 Author Share Posted September 19, 2022 Hi, has anyone an idea how to solve this? Regards, Gijs. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now