Application layer diagnosis events

The table below describes the diagnosis events on application layer.

Event

Description

Severity

Possible causes

Solutions

DNS Server Slow Response

The response time from the DNS server is equal to or higher than the threshold.

Performance
  1. Network congestion.
  2. The route between client and DNS server is slow.
  3. The DNS server is overloaded.
  4. Poor DNS server performance.
  1. Check the application services running on the network.
  2. Use other DNS server addresses.
  3. Check the security and working status of the DNS server.
  4. Upgrade the DNS server.

Non-existent DNS Host or Domain

Requested host or domain name cannot be found.

Fault
  1. The IP address or domain name is invalid.
  2. The DNS server has an incomplete DNS table.
  3. Reverse DNS lookup is disabled.
  1. Ensure the IP address or domain name is listed on the DNS table.
  2. Ensure the IP address or domain name is typed correctly.
  3. Change the DNS server address.

DNS Server Returned Error

DNS server returns an error other than an invalid name.

Fault
  1. Query format error.
  2. Query failure.
  3. DNS server returns Not Implemented, Refused, or Reserved.
  1. Ensure the DNS query is correct.
  2. Change the DNS server address.

SMTP Server Slow Response

The response time is equal to or higher than the threshold.

Performance
  1. Network congestion.
  2. The connection between client and SMTP server is slow.
  3. The SMTP server is overloaded.
  4. Poor SMTP server performance.
  1. Check the application services running on the network.
  2. Update the configurations of route.
  3. Check the security and the working status of the SMTP server.
  4. Upgrade the SMTP server.

Suspicious SMTP Conversation

 A connection uses TCP port 25 to transmit non-SMTP data.

Security

An application running on TCP port 25 produces non-SMTP traffic.
  1. Check the applications that are using port 25.
  2. Check the traffic content of the source port and destination port.

SMTP Server Returned Error

An SMTP connection or request is rejected by an SMTP server after a TCP connection has already been established.

Fault
  1. The client program executes invalid commands.
  2. The client application configures an incorrect user name and password.
  3. SMTP server is overloaded.
  4. Incorrect configurations of SMTP server software.
  1. Ensure the client executes correct commands.
  2. Check user name and password on the client application.
  3. Look for attempted spam.
  4. Check the configurations of the SMTP server software.

POP3 Server Slow Response

The average response time is equal to or higher than the threshold.

Performance
  1. Network congestion.
  2. The connection between client and POP3 server is slow.
  3. The POP3 server is overloaded.
  4. Poor POP3 server performance.
  1. Check the application services running on the network.
  2. Update the configurations of route.
  3. Check the security and the working status of the POP3 server.
  4. Upgrade the POP3 server.

Suspicious POP3 Conversation

A connection uses TCP port 110 to transmit non-POP3 traffic.

Security

An application running on TCP port 110 produces non-POP3 traffic.
  1. Check the applications using port 110.
  2. Check the traffic content of source port and destination port.

POP3 Server Returned Error

A POP3 connection or request is rejected by a POP3 server after a TCP connection has already been established.

Fault
  1. The client executes invalid commands.
  2. The client application configures incorrect user name and password.
  3. POP3 server is overloaded.
  4. Incorrect configurations of POP3 server software.
  1. Ensure the client executes correct commands.
  2. Check user name and password on the client application.
  3. Check for POP3 server attack.
  4. Check the configurations of the POP3 server software.

FTP Server Slow Response

The response time is equal to or higher than the threshold.

Performance
  1. Network congestion.
  2. The connection between client and FTP server is slow.
  3. The FTP server is overloaded.
  4. Poor FTP server performance.
  1. Check the application services running on the network.
  2. Update the configurations of route.
  3. Check the security and the working status of the FTP server.
  4. Upgrade the FTP server.

Suspicious FTP Conversation

A connection uses TCP port 21 to transmit non-FTP traffic.

Security

An application running on TCP port 21 produces non-FTP traffic.
  1. Check the applications using port 21.
  2. Check the traffic content of the source port and destination port.

FTP Server Returned Error

An FTP connection or request is rejected by an FTP server after a TCP connection has already been established.

Fault
  1. The client executes invalid commands.
  2. The client application configures incorrect user name and password.
  3. POP3 server is overloaded.
  4. The client has a work mode unmatched with the server.
  5. Incorrect configurations of FTP server software.
  1. Ensure the client executes correct commands.
  2. Check user name and password on the client application.
  3. Check for POP3 server attack.
  4. Ensure the client works in a mode supported by the server.
  5. Check the configurations of the POP3 server software.

HTTP Client Error

HTTP server returns a 4xx error code other than 404 (Request Not Found) to indicate a client error.

Fault
  1. The request could not be understood by the server due to malformed syntax.
  2. Unauthorized request.
  3. The access is forbidden.
  4. The request method is not allowed.
  5. The request times out.
  6. The requested URL is too long.
  7. Unsupported media type.
  1. Check the syntax in the original request packet that generated the error.
  2. Change the request.
  3. Change the request or use authorized account.
  4. Change the request method.
  5. The client repeats the request.
  6. Change the requested URL.
  7. Modify the media type.

Suspicious HTTP Conversation

A connection uses TCP port 80 to transmit non-HTTP traffic.

Security

An application running on TCP port 80 produces non-HTTP traffic.
  1. Check the applications using port 80.
  2. Check the traffic content of the source port and destination port.

HTTP Request Not Found

HTTP server returns this error when the requested URL was not found.

Fault
  1. Invalid URL.
  2. DNS server table does not contain the map relationship between the entered domain name and mapped IP address.
  1. Check the validity of the URL.
  2. Change the DNS server address.

HTTP Server Returned Error

HTTP server returns a 5xx error code to indicate a server error; usually the client's request is valid.

Fault
  1. Internal server error, not implemented, gateway timeout, or unavailable service.
  2. HTTP version is not supported.
  1. Update the configurations of the HTTP server.
  2. Upgrade the HTTP server to support the version type.

HTTP Server Slow Response

The average response time is equal to or higher than the threshold.

Performance
  1. Network congestion.
  2. The connection between client and HTTP server is slow.
  3. The HTTP server is overloaded.
  4. Poor HTTP server performance.
  1. Check the application services running on the network.
  2. Update the route configurations.
  3. Check the security and working status of the HTTP server.
  4. Upgrade the HTTP server.
Back