Diagnosis References - Application Layer

Colasoft Capsa diagnoses the following application layer events.

What diagnosis events you will have in the Diagnosis tab depend on the Analysis Profile settings (See Analysis Profile).

Event Description Severity Possible causes and solutions
DNS Server Slow Response Time The response time form the server is equal to or higher than the Slow Response Time threshold. Notice
  • The route between client and DNS server is very slowly.

    The DNS server is overloaded.
  • The DNS server is attacked.
  • Please check the working status and security of DNS server.
DNS Host or Domain Not Exist Host name or Domain name which client requests does not exist. Fault
  • Host name or domain name which client-side requests is inexistent.
  • Client user requests an incorrect host name or domain name.
  • Update the address of DNS Server configuration in local host or network equipment.
  • Please check if the requested host name or domain name is incorrectly.
DNS Return Error A DNS Server returns an error except "host name or domain name which client requests is inexistent", which means the client requests or domain fail to return. Fault
  • The request format of DNS Server is incorrectly.
  • The request to DNS Server is failed.
  • The return of DNS Server is not achieved, refused or reserved.
  • Please check the configuration of DNS server.
  • Update the address of DNS server configured in local host or network equipment.
SMTP Server Slow Response Time The average server response time is equal to or higher than the Slow Response Time threshold. Performance The SMTP server is overloaded.
Non-SMTP Traffic through SMPT Port A SMTP 25/TCP connection contains non-SMTP traffic.
Security
  • An application running on TCP port 25 produces non-SMTP traffic.
  • Verify the traffic content of source port and destination port.
SMTP Server Returned Error A SMTP connection or request is rejected by a SMTP server after a TCP connection has been established. Fault
  • The client issues an invalid command.
  • The server is busy.
POP3 Server Slow Response Time The average server response time is equal to or higher than the Slow Response Time threshold. Performance The POP3 server is overloaded.
Non-POP3 Traffic through POP3 Port A POP3 110/TCP connection contains non-POP3 traffic. Security
  • An application running through TCP port 110 produces non-POP3 traffic.
  • Verify the traffic content of source port and destination port.
POP3 Server Returned Error A POP3 connection or request is rejected by a POP3 server after the TCP connection has been established. Fault
  • The client issues an invalid command.
  • The server is busy.
FTP Server Slow Response Time The average server response time is equal to or higher than the Slow Response Time threshold. Performance The FTP server is overloaded.
Non-FTP Traffic through FTP Port A FTP control 21/TCP connection contains non-FTP control traffic. Security
  • An application running through TCP port 21 produces non- FTP control traffic.
  • Verify the traffic content of source port and destination port.
FTP Server Returned Error A FTP connection or request is rejected by a FTP server after a TCP connection has already been established. Fault
  • The client issues an invalid command.
  • The server is busy
HTTP Client Error HTTP server returns a 4xx error code other than 404 (Request Not Found) to indicate a client error. Fault The client's request is incomplete or forbiden.
Non-HTTP Traffic through HTTP Port A HTTP 80/TCP connection contains non-HTTP traffic. Security
  • An application running through TCP port 80 produces non-HTTP traffic.
  • Verify the traffic content of source port and destination port
HTTP Request Not Found HTTP server returns this error when the requested URL was not found. Fault
  • User types in an invalid Uniform Resource Location (URL).
  • The connection to the web server is broken
HTTP Server Error HTTP server returns a 5xx error code to indicate a server error; usually the client's request is valid. Fault Inner error exist in the server; the server is overtime.
HTTP Server Slow Response Time The average server response time is equal to or higher than the Slow Response Time threshold. Performance The web server is overloaded.
Back
© 2009 Colasoft. All rights reserved.