Actual combat case: Remote login to the router web page failed! A certain equipment brand is super black fan

The cases shared in this issue are related to wired network issues.

Background introduction
A friend is an IT manager in a certain unit. The exit router uses the static public IP of a certain P device. He has been upset about it, and I don’t know why. Recently, it was found that the remote PC failed to access the web management page of the exit router through the Internet. It was manifested as being able to load some information, but there was no pop-up login page:

So he was very happy and complained to a certain P after-sales service. As a result, they checked the equipment and found that there was no problem but the line problem. He was very unwilling and asked me for help. If it was a product problem, he would directly take legal procedures for compensation. I don’t know why he was so obsessed, so I did a simple investigation for him.

Investigation and analysis
Step 1: Comparative test

Original topology:

Test results: PC opens the browser, and cannot open the router Web management page and log in through the router public IP + port number.

Comparison topology:

Test results: PC opens the browser, and can open the router Web management page and log in normally through the router public IP + port number

Generally speaking, normal people are almost done at this step, and the comparison is very obvious whether the abnormality is caused by the ISP operation link. This person is more serious: "The router is abnormal after connecting to the broadband, and the compatibility is too bad. It is not worth connecting directly to the PC. Professional troubleshooting is needed. Let's capture a packet and see." Me: "That makes sense, then let's capture a packet in the original topology and see"


Step 2: Message Analysis

Packet capture is naturally to capture the messages at both ends of the link. The first is the remote PC interface message, and the second is the router GE1 (WAN) port message. At the same time, the packet loss situation can be compared to analyze the problem, as follows:

Capture the message of the remote laptop outbound interface when accessing the Web page abnormally, as follows:

It can be seen that the TCP session for loading some resources has not been established through SYN retransmission. Combined with the browser F12 debugging, it can be analyzed that the handshake failed when trying to load jpg images and JS file resources. Let's see if the router has received the handshake request.

Capture the message of the GE1 interface of a certain P router when accessing the Web page abnormally, as follows:


It was found that all the sessions were normal, and there were no abnormal sessions, indicating that the TCP SYN request for the client to request images and JS resources did not come.

Comprehensive analysis:

Some sessions to access the router's Web page were successful, but the requests for some resource sessions did not come, that is, the router's GE1 interface did not receive it. It was basically confirmed that the packet loss in the intermediate operator link was caused.

Solution
Confirm with the operator or change the link for comparison, but this guy thinks that my analysis may have missed some details and bullied him because he could not understand the message. So, what can I say? Friends, do you have such a big malice towards a brand?