Are you an IT engineer who consistently receives complaints about the website being inaccessible, or perhaps a Network engineer who frequently encounters issues accessing the website? If so, then you are at the right place.
Today, on our blog, we will discuss the issue of website accessibility. Keep one thing in mind that this blog will focus on client-side troubleshooting of the issue "website not accessible".
Why are we focusing on the client side first? Simply, we need to ensure that there is no issue with the client machine, and once we verify that, we can continue troubleshooting on the other node, such as the firewall or the server side.
We will discuss the following topics
- How to start.
- Commands you can use to troubleshoot on the client side.
- Wireshark command usage.
How to start troubleshooting
Website is internal or external
Websites can be of 2 types: one external, a website that is accessible via the public network or available publicly, or has a public IP address. And the other one is internal, a website that has only a private Ip can be accessible only by the allowed users, such as corporate users.
So you need to know if the website is external or internal, which will help you in checking the routing and if the traffic is going via the correct interface.
Understanding Topology
The first thing you need to know is what the topology is; it is a very crucial part, as this will help you in understanding what hops you need to troubleshoot.
For example, the traffic for the internal website will go via the VPN service you are using and then to the server, or before the server, it can go to the data center after the VPN service, and then to the server, which totally depends on the configuration you have done.
And for the external website, traffic can directly go to the internet or the VPN service, and from there, it can go to the internet.
So, try to understand the topology, and get details about the traffic that is passing through the website.
User impact
To narrow down the issue, user impact can be really useful. You can check how many users are impacted who are not able to access the website, and you can check nodes based on that
for example:
One user is affected: the issue might be on his system, or his ip might not be allowed to access either on the VPN or on the server.
Some users are affected: the issue might be on the VPN, maybe the users are not allowed, or mapping on the VPN is not done properly, or maybe geolocation blocking might be happening.
All users are impacted: The issue might be on the firewall not forwarding the traffic properly, routing might be the issue, and if the users are in one location,n then IP blacklisting might be causing.
Reachability
Check if the website IP is reachable or not. You can do ping or traceroute to check if the website is reachable or not, and if not, on which Hop traffic is getting dropped.
DNS resolution
Check if the user can resolve the DNS or not. You can do nslookup and see if the FQDN is getting resolved to the correct Ip or not, check if the DNS is internal or external, and if the DNS is internal, then you also need to verify if the DNS is reachable or not.
Commands to troubleshoot a website not accessible on the user's machine

Ping :
Ping is a command that you can use to test if the IP or FQDN is reachable or not. With the Ping command, you can get a lot of information.
for example:
Time: You can see the TTL[no of hops remaining] and time taken for each response, and at last it will also show you the average, minimum, and maximum time of the total packets.
Reply from: Ip address of the FQDN
packet drops: you can see how many packets are sent and received
Telnet:
Telnet checks whether a specific port on a remote system is reachable or not, but for this you need to install Telnet first.

Curl:
Instead of the telnet command, I suggest you use the curl command, and it is pre-installed and gives a lot more information.
- It shows the status code.
- show tcp handshake
- DNS resolution
You can simply use curl URL to check the URL, but there are a lot of parameters you can use to make the best of it.
For example,
- curl -i URL: to view the Headers only
- curl -V URL: verbose mode to view complete information.
- curl URL:port: check for the particular port.
Traceroute:
This command can be used to view exactly what is happening on all the nodes, for example, at each hop you can see the following things.
- Ip address of the node.
- average time take on each hop.
- how many hop[nodes it jumps].
OpenSSL:
Similar to CURl but it gives more information about the certificates and encryption which is hidden in the browser.
The only issue is that we need to install OpenSSL in our system to use it.
Command
openssl s_client -connect example.com:443
Wireshark usage in client machine
You can install Wireshark on the user's machine and see all the information at once, which we discussed above.
With the command "DNS" and filtering the string of the URl you can see if the DNS request is going and a response is coming or not.
You can check TCP and TLS handshake check if traffic is coming and going or not.
for example:
tcp.flags.syn==1: will show the handshake for imitation.
tcp.flags.syn && tcp.flags.ack==1: will show the syn packet.
Similarly, to checkthe TLS handshake
ssl.handshake.type==1: to check the client hello.
ssl.handshake.type==2: to check server hello.
If the server hello is coming, it means that something is blocking after the client machine.
To check if the traffic got blocked, look for the command; you might see this as a sign of blockage of the connection, probably due to the server or the VPN.
tcp.flags.rst==1
I hope you like this blog. If you want a blog on any other topic, let me know, and I will be happy to write.

0 Comments