Can ping web server but not from browser

Microsoft Windows xp professional w/serv...
February 12, 2010 at 00:33:53
Specs: Windows Vista
Hi all,

A web server say is used by different agencies (in different cities). All other agencies in different locations can access it in web browser by ip addr Only in my agency this problem is observed and it started 1 week ago. Btw, the ip addr is used in web browser to access it .. no name needed.
I can ping a web server and tracert it but when I type the same ip address in the browser it does not work ... it just stays on loading and then fails. It is the same on all PCs in our agency. No firewall in our agency, A web proxy for internet was disabled for testing because we go to the web server thru another gateway (a router conected to intranet). Things I tried ... disabled PC firewall, Antivirus, Different PCs and different browsers, accessed different web sites beyond our router on kinda the same network but not the same subnet ... ipaddrs like, and I can view them in the browser successfully. I used wireshark to capture packets ... when I ping everything is successful but when I access from browser ... shws packets in red and reply from will come after a delay of 5 -10 secs and it's like TCP dup ack tcp part of packet lost , tcp resubmission, another time tcp beacon port etc ... Please help .. I don't get it. I And it's kinda important because many are affected. Thanks.

See More: Can ping web server but not from browser

Report •

February 12, 2010 at 01:50:24
Can you describe the network setup a little better?? Are there -

Any NAT devices between the two hosts?
Is there more than one path from the server to the client (Multi-homed) ??

ICMP PING is stateless, but TCP needs to maintain state - so it sounds like a layer4 issue...

I've seen things like this in multi-homed setups using NAT - i.e.: client sends a SYN which gets NAT'd onto public internet, the server however has a separate path back to the client using an internal line that bypasses the NAT device, when the packet comes back in, NAT translation is never performed (src/dst ports are wrong) - the client retransmits, but goes through NAT gateway again, & this process repeats...again, only applies to a multi-homed setup though...

But in that scenario, PING works because it's stateless, TCP does not...

Have you verified ping works w/ a large packet size?? Try ping -l 1400 to make sure that large packets are being passed ok (could be an MTU issue) - ping by default uses a small (32 byte) packet, which wouldn't be affected by an MTU mismatch downstream, because it's not large enough...make sure ping works w/ a large packet size.

Also - the best way to do the packet capture is to get both sides of the connection - capture both the client & server sides, then open them up side by side in wireshark & compare the two.

Post some more info about your network - try to verify if TCP works (telnet 164.x.x.x 80) - see if the socket opens correctly w/ telnet (wouldn't be a network issue if that's the case).

If all else fails, you can try posting your packet capture - just capture the 3 way handshake (SYN, SYN/ACK, ACK), then file/export it in wireshark & post the contents of the file.

Report •

February 12, 2010 at 02:19:04
My network desc - intranet connected to a switch (cisco 2800) then a router (adtrans) that connects to the other network (this is quiet big again containing many networks but is not public) where the web server is hosted. I do not have access to it (hosted by a diff vendor and is in a diff city) so I may not be able to capture packets on server. Gateway for all the PCs is the adtrans router Other agencies like us are able to access it just fine. And I can access other web site's beyond our router on that same MAN. Does MTU affect just one website's packets? Can spyware cause this kinda behaviour?

I'll post the capture data frm wireshark soon. thx.

Report •

February 22, 2010 at 00:27:00
Thanks for all the help. The problem was finally resolved.
Network operations on the MAN had enabled encryption
somewhere down the path between our agency and the
webserver but not on the entire path .. now it was enabled on the
entire link. The web page works fine now.

But thanks a lot for the suggestions. It made me feel better I've
some kind of support and no completely by myself. Thanks

Report •
Related Solutions

Ask Question