TheScotsman
Occasional Visitor
I'm running Asuswrt-merlin 388.1 on a GT-AXE11000 and am trying to debug an intermittent connectivity issue with my wife's Windows 10 laptop. Initially I thought she was losing the wireless connection, or that hunting was taking place between the main router and my AiMesh node, or across frequencies - so the AiMesh node is powered down, and I set different SSIDs on each frequency to ensure she's only connecting to the one band, and I cranked the logging up to "debug" level. From what I've observed today, she's not losing wireless - in fact, she doesn't appear to be losing all connectivity. With two windows open running continuous pings (one to an internal server, one to Google), when her connectivity locks up it's only the internet traffic failing - the pings to google stop responding, and all her web/streaming/O365/etc. traffic freezes, but the pings to the internal server continue. Nothing shows out of the ordinary in the syslog, but on the "Connections" tab I can see a ton of connections in "SYN_RECV" state, as well as many UNREPLIED UDP (all DNS in the one snapshot I'm looking at), as well as a few TCP in ESTABLISHED, CLOSE, or FIN_WAIT and several UDP in ASSURED. When she hangs, pings I have running from other wireless and wired devices are all still going through fine, so the issue seems limited to her machine. Dropping/reconnecting wireless on her machine clears it right up.
On the router, parental controls & QoS are currently off; AiProtection is on but not complaining it has blocked anything; Firewall and DoS protection are enabled (no inbound rules set on the firewall). With the SYN_WAIT and UNREPLIED packets in the connections list, I'm wondering if something on the router might be intermittently blocking return traffic to her machine - if DoS protection fired, would I see that logged anywhere? I've enabled logging of dropped packets, but am apparently not caffeinated enough right now to decode what I'm seeing to determine if the dropped packets are actually destined for her machine (can that be identified from the "it looks way too long for a MAC to me" MAC field?)
Thanks for any pointers, tips, or suggestions!
On the router, parental controls & QoS are currently off; AiProtection is on but not complaining it has blocked anything; Firewall and DoS protection are enabled (no inbound rules set on the firewall). With the SYN_WAIT and UNREPLIED packets in the connections list, I'm wondering if something on the router might be intermittently blocking return traffic to her machine - if DoS protection fired, would I see that logged anywhere? I've enabled logging of dropped packets, but am apparently not caffeinated enough right now to decode what I'm seeing to determine if the dropped packets are actually destined for her machine (can that be identified from the "it looks way too long for a MAC to me" MAC field?)
Thanks for any pointers, tips, or suggestions!