Question : How can I determine if the firewall is not letting through certain TCP packets?

We have a sonicwall tz170 and noticed that the cache is becoming full and causing slowness when accessing the internet. As i look into it further I notice that cetain people have many more connections than others. After ruling out a virus I run the netstat command on their pc and begin to notice that the majority of the open connections are to the ip 173.194.33.148 (google) with a state of LAST_ACK next to them. I called sonicwall and they kepp telling me it is the pc on the network. I am starting to think that it is the firewall. Has anyone experienced this type of problem or know of a way to test for the firewall blockign the tcp responses. I have included two netstat outputs below from the same PC and the processes running below. Thank you.

Mark

ran netstat -ano command below:
Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 2124
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1924
TCP 0.0.0.0:427 0.0.0.0:0 LISTENING 1068
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1043 0.0.0.0:0 LISTENING 960
TCP 0.0.0.0:3703 0.0.0.0:0 LISTENING 1068
TCP 0.0.0.0:4200 0.0.0.0:0 LISTENING 4500
TCP 0.0.0.0:49214 0.0.0.0:0 LISTENING 3460
TCP 127.0.0.1:1026 127.0.0.1:3979 ESTABLISHED 236
TCP 127.0.0.1:1031 127.0.0.1:50701 ESTABLISHED 1068
TCP 127.0.0.1:1032 127.0.0.1:1033 ESTABLISHED 2916
TCP 127.0.0.1:1033 127.0.0.1:1032 ESTABLISHED 2916
TCP 127.0.0.1:1038 127.0.0.1:50701 ESTABLISHED 1068
TCP 127.0.0.1:1044 0.0.0.0:0 LISTENING 960
TCP 127.0.0.1:1045 0.0.0.0:0 LISTENING 3140
TCP 127.0.0.1:1046 127.0.0.1:3979 ESTABLISHED 236
TCP 127.0.0.1:1075 127.0.0.1:3979 ESTABLISHED 3212
TCP 127.0.0.1:3979 0.0.0.0:0 LISTENING 236
TCP 127.0.0.1:3979 127.0.0.1:1026 ESTABLISHED 236
TCP 127.0.0.1:3979 127.0.0.1:1046 ESTABLISHED 236
TCP 127.0.0.1:3979 127.0.0.1:1075 ESTABLISHED 236
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 2720
TCP 127.0.0.1:5152 127.0.0.1:3742 CLOSE_WAIT 2720
TCP 127.0.0.1:50701 0.0.0.0:0 LISTENING 2368
TCP 127.0.0.1:50701 127.0.0.1:1031 ESTABLISHED 2368
TCP 127.0.0.1:50701 127.0.0.1:1038 ESTABLISHED 2368
TCP 192.168.132.145:139 0.0.0.0:0 LISTENING 4
TCP 192.168.132.145:1035 192.168.132.19:139 ESTABLISHED 4
TCP 192.168.132.145:1095 70.37.129.170:80 CLOSE_WAIT 3996
TCP 192.168.132.145:1111 64.62.202.194:11911 ESTABLISHED 4032
TCP 192.168.132.145:1240 173.194.33.148:80 LAST_ACK 4708
TCP 192.168.132.145:1241 173.194.33.148:80 LAST_ACK 4708
TCP 192.168.132.145:1287 192.168.132.10:23 ESTABLISHED 5140
TCP 192.168.132.145:1312 98.136.154.148:80 LAST_ACK 4708
TCP 192.168.132.145:1317 165.254.148.163:80 LAST_ACK 4708
TCP 192.168.132.145:1325 165.254.148.163:80 LAST_ACK 4708
TCP 192.168.132.145:1367 173.194.33.148:80 LAST_ACK 4708
TCP 192.168.132.145:1393 98.136.154.148:80 LAST_ACK 4708
TCP 192.168.132.145:1405 98.136.154.148:80 LAST_ACK 4708
TCP 192.168.132.145:1406 98.136.154.148:80 LAST_ACK 4708
TCP 192.168.132.145:1407 165.254.148.163:80 LAST_ACK 4708
TCP 192.168.132.145:1601 173.194.33.148:80 LAST_ACK 4708
TCP 192.168.132.145:1603 98.136.154.148:80 LAST_ACK 4708
TCP 192.168.132.145:1606 173.194.33.148:80 LAST_ACK 4708
TCP 192.168.132.145:1608 173.194.33.148:80 LAST_ACK 4708
TCP 192.168.132.145:1614 173.194.33.148:80 LAST_ACK 4708
TCP 192.168.132.145:1913 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1921 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1924 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1927 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1932 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1935 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1938 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1942 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1954 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1961 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1966 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1971 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1974 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1986 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1987 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1988 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:1993 173.194.33.148:80 LAST_ACK 372
TCP 192.168.132.145:2043 72.14.204.113:80 LAST_ACK 372
TCP 192.168.132.145:2085 72.14.204.113:80 LAST_ACK 372
TCP 192.168.132.145:2400 173.194.33.148:80 LAST_ACK 4708
TCP 192.168.132.145:2401 64.215.5.128:80 LAST_ACK 4708
TCP 192.168.132.145:2411 216.34.207.176:80 LAST_ACK 4708
TCP 192.168.132.145:2412 64.215.5.128:80 LAST_ACK 4708
TCP 192.168.132.145:2434 64.215.5.128:80 LAST_ACK 4708
TCP 192.168.132.145:2459 173.194.33.148:80 LAST_ACK 4708
TCP 192.168.132.145:2460 98.136.75.194:80 LAST_ACK 4708
TCP 192.168.132.145:2462 216.34.207.176:80 LAST_ACK 4708
TCP 192.168.132.145:2463 98.136.75.194:80 LAST_ACK 4708
TCP 192.168.132.145:2783 173.194.33.148:80 LAST_ACK 3480
TCP 192.168.132.145:2825 98.136.75.194:80 LAST_ACK 3480
TCP 192.168.132.145:2826 98.136.75.194:80 LAST_ACK 3480
TCP 192.168.132.145:2902 98.136.75.194:80 LAST_ACK 3480
TCP 192.168.132.145:2915 98.136.75.194:80 LAST_ACK 3480
TCP 192.168.132.145:2916 173.194.33.148:80 LAST_ACK 3480
TCP 192.168.132.145:2917 98.136.75.194:80 LAST_ACK 3480
TCP 192.168.132.145:2946 98.136.75.194:80 LAST_ACK 3480
TCP 192.168.132.145:2947 173.194.33.148:80 LAST_ACK 3480
TCP 192.168.132.145:2948 98.136.75.194:80 LAST_ACK 3480
TCP 192.168.132.145:3114 173.194.33.148:80 LAST_ACK 3480
TCP 192.168.132.145:3161 67.148.147.104:80 LAST_ACK 3480
TCP 192.168.132.145:3220 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3222 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3227 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3230 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3233 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3235 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3255 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3286 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3296 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3304 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3311 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3365 98.136.154.147:80 LAST_ACK 4764
TCP 192.168.132.145:3366 98.136.154.147:80 LAST_ACK 4764
TCP 192.168.132.145:3367 98.136.154.147:80 LAST_ACK 4764
TCP 192.168.132.145:3400 96.17.72.162:80 LAST_ACK 4764
TCP 192.168.132.145:3411 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3412 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3413 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3414 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3415 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3416 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3417 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3418 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3423 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3424 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3426 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3427 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3431 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3432 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3435 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3436 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3443 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3444 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3452 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3453 173.194.33.148:80 LAST_ACK 4764
TCP 192.168.132.145:3686 192.168.132.10:23 ESTABLISHED 5140
TCP 192.168.132.145:3697 64.62.202.194:11911 ESTABLISHED 4032
TCP 192.168.132.145:3768 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3800 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3818 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3824 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3829 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3832 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3835 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3838 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3841 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3844 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3846 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3848 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3851 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3856 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3869 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3872 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3878 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3881 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3889 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3893 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3895 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3900 64.154.87.60:80 LAST_ACK 4764
TCP 192.168.132.145:3956 72.14.204.102:80 CLOSE_WAIT 3480
TCP 192.168.132.145:3957 173.194.33.104:80 CLOSE_WAIT 3480
TCP 192.168.132.145:3958 72.14.204.101:80 CLOSE_WAIT 3480
UDP 0.0.0.0:427 : 1068
UDP 0.0.0.0:445 : 4
UDP 0.0.0.0:500 : 1688
UDP 0.0.0.0:1030 : 1212
UDP 0.0.0.0:3703 : 1068
UDP 0.0.0.0:4500 : 1688
UDP 127.0.0.1:123 : 280
UDP 127.0.0.1:1083 : 5420
UDP 127.0.0.1:1172 : 4708
UDP 127.0.0.1:1418 : 2536
UDP 127.0.0.1:1628 : 4992
UDP 127.0.0.1:1748 : 4312
UDP 127.0.0.1:1900 : 836
UDP 127.0.0.1:2313 : 3228
UDP 127.0.0.1:2688 : 3480
UDP 127.0.0.1:3188 : 4764
UDP 127.0.0.1:3680 : 5408
UDP 192.168.132.145:123 : 280
UDP 192.168.132.145:137 : 4
UDP 192.168.132.145:138 : 4
UDP 192.168.132.145:1900 : 836
UDP 192.168.132.145:5353 : 1068

run with netstat -ab command below:
Active Connections

Proto Local Address Foreign Address State PID
TCP Mark_Laptop:ftp Mark_Laptop:0 LISTENING 2124
[RJSOFFICE.EXE]

TCP Mark_Laptop:epmap Mark_Laptop:0 LISTENING 1924
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP Mark_Laptop:427 Mark_Laptop:0 LISTENING 1068
[VersionCueCS2.exe]

TCP Mark_Laptop:microsoft-ds Mark_Laptop:0 LISTENING 4
[System]

TCP Mark_Laptop:1043 Mark_Laptop:0 LISTENING 960
[UNS.exe]

TCP Mark_Laptop:3703 Mark_Laptop:0 LISTENING 1068
[VersionCueCS2.exe]

TCP Mark_Laptop:4200 Mark_Laptop:0 LISTENING 4500
[evfctcpd.exe]

TCP Mark_Laptop:49214 Mark_Laptop:0 LISTENING 3460
[javaw.exe]

TCP Mark_Laptop:1044 Mark_Laptop:0 LISTENING 960
[UNS.exe]

TCP Mark_Laptop:1045 Mark_Laptop:0 LISTENING 3140
[ccSvcHst.exe]

TCP Mark_Laptop:3979 Mark_Laptop:0 LISTENING 236
[SMManager.exe]

TCP Mark_Laptop:5152 Mark_Laptop:0 LISTENING 2720
[jqs.exe]

TCP Mark_Laptop:50701 Mark_Laptop:0 LISTENING 2368
[mysqld-nt.exe]

TCP Mark_Laptop:netbios-ssn Mark_Laptop:0 LISTENING 4
[System]

TCP Mark_Laptop:1026 localhost:3979 ESTABLISHED 236
[SMManager.exe]

TCP Mark_Laptop:1031 localhost:50701 ESTABLISHED 1068
[VersionCueCS2.exe]

TCP Mark_Laptop:1032 localhost:1033 ESTABLISHED 2916
[LMS.exe]

TCP Mark_Laptop:1033 localhost:1032 ESTABLISHED 2916
[LMS.exe]

TCP Mark_Laptop:1038 localhost:50701 ESTABLISHED 1068
[VersionCueCS2.exe]

TCP Mark_Laptop:1046 localhost:3979 ESTABLISHED 236
[SMManager.exe]

TCP Mark_Laptop:1075 localhost:3979 ESTABLISHED 3212
[Dell.UCM.exe]

TCP Mark_Laptop:3979 localhost:1075 ESTABLISHED 236
[SMManager.exe]

TCP Mark_Laptop:3979 localhost:1046 ESTABLISHED 236
[SMManager.exe]

TCP Mark_Laptop:3979 localhost:1026 ESTABLISHED 236
[SMManager.exe]

TCP Mark_Laptop:50701 localhost:1038 ESTABLISHED 2368
[mysqld-nt.exe]

TCP Mark_Laptop:50701 localhost:1031 ESTABLISHED 2368
[mysqld-nt.exe]

TCP Mark_Laptop:1035 jamaica2:netbios-ssn ESTABLISHED 4
[System]

TCP Mark_Laptop:1111 64.62.202.194:11911 ESTABLISHED 4032
[IDriveEClsClient.exe]

TCP Mark_Laptop:1287 jamaica:telnet ESTABLISHED 5140
[Bsmdemul.exe]

TCP Mark_Laptop:3686 jamaica:telnet ESTABLISHED 5140
[Bsmdemul.exe]

TCP Mark_Laptop:3697 64.62.202.194:11911 ESTABLISHED 4032
[IDriveEClsClient.exe]

TCP Mark_Laptop:5152 localhost:3742 CLOSE_WAIT 2720
[jqs.exe]

TCP Mark_Laptop:1095 cds165.ewr9.msecn.net:http CLOSE_WAIT 3996
[SeaPort.exe]

TCP Mark_Laptop:3956 iad04s01-in-f102.1e100.net:http CLOSE_WAIT 3480
[iexplore.exe]

TCP Mark_Laptop:3957 173.194.33.104:http CLOSE_WAIT 3480
[iexplore.exe]

TCP Mark_Laptop:3958 iad04s01-in-f101.1e100.net:http CLOSE_WAIT 3480
[iexplore.exe]

TCP Mark_Laptop:1240 173.194.33.148:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1241 173.194.33.148:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1312 mpr6.2ngd.vip.ac4.yahoo.com:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1317 165.254.148.163:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1325 165.254.148.163:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1367 173.194.33.148:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1393 mpr6.2ngd.vip.ac4.yahoo.com:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1405 mpr6.2ngd.vip.ac4.yahoo.com:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1406 mpr6.2ngd.vip.ac4.yahoo.com:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1407 165.254.148.163:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1601 173.194.33.148:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1603 mpr6.2ngd.vip.ac4.yahoo.com:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1606 173.194.33.148:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1608 173.194.33.148:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1614 173.194.33.148:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:1913 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1921 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1924 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1927 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1932 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1935 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1938 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1942 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1954 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1961 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1966 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1971 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1974 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1986 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1987 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1988 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:1993 173.194.33.148:http LAST_ACK 372
[System]

TCP Mark_Laptop:2043 iad04s01-in-f113.1e100.net:http LAST_ACK 372
[System]

TCP Mark_Laptop:2085 iad04s01-in-f113.1e100.net:http LAST_ACK 372
[System]

TCP Mark_Laptop:2400 173.194.33.148:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:2401 64.215.5.128:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:2411 mojofarm.mediaplex.com:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:2412 64.215.5.128:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:2434 64.215.5.128:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:2459 173.194.33.148:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:2460 mpr1.ngd.vip.ac4.yahoo.com:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:2462 mojofarm.mediaplex.com:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:2463 mpr1.ngd.vip.ac4.yahoo.com:http LAST_ACK 4708
[iexplore.exe]

TCP Mark_Laptop:2783 173.194.33.148:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:2825 mpr1.ngd.vip.ac4.yahoo.com:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:2826 mpr1.ngd.vip.ac4.yahoo.com:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:2902 mpr1.ngd.vip.ac4.yahoo.com:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:2915 mpr1.ngd.vip.ac4.yahoo.com:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:2916 173.194.33.148:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:2917 mpr1.ngd.vip.ac4.yahoo.com:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:2946 mpr1.ngd.vip.ac4.yahoo.com:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:2947 173.194.33.148:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:2948 mpr1.ngd.vip.ac4.yahoo.com:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:3114 173.194.33.148:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:3161 67-148-147-104.dia.static.qwest.net:http LAST_ACK 3480
[iexplore.exe]

TCP Mark_Laptop:3220 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3222 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3227 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3230 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3233 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3235 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3255 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3286 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3296 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3304 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3311 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3365 mpr5.2ngd.vip.ac4.yahoo.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3366 mpr5.2ngd.vip.ac4.yahoo.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3367 mpr5.2ngd.vip.ac4.yahoo.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3400 a96-17-72-162.deploy.akamaitechnologies.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3411 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3412 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3413 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3414 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3415 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3416 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3417 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3418 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3423 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3424 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3426 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3427 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3431 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3432 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3435 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3436 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3443 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3444 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3452 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3453 173.194.33.148:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3768 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3800 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3818 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3824 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3829 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3832 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3835 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3838 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3841 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3844 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3846 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3848 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3851 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3856 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3869 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3872 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3878 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3881 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3889 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3893 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3895 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

TCP Mark_Laptop:3900 cs-hg04.hitbox.com:http LAST_ACK 4764
[iexplore.exe]

UDP Mark_Laptop:1030 : 1212
[spoolsv.exe]

UDP Mark_Laptop:3703 : 1068
[VersionCueCS2.exe]

UDP Mark_Laptop:427 : 1068
[VersionCueCS2.exe]

UDP Mark_Laptop:isakmp : 1688
[lsass.exe]

UDP Mark_Laptop:microsoft-ds : 4
[System]

UDP Mark_Laptop:4500 : 1688
[lsass.exe]

UDP Mark_Laptop:3188 : 4764
[iexplore.exe]

UDP Mark_Laptop:2313 : 3228
[Acrobat.exe]

UDP Mark_Laptop:2688 : 3480
[iexplore.exe]

UDP Mark_Laptop:1083 : 5420
[GBTray.exe]

UDP Mark_Laptop:ntp : 280
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP Mark_Laptop:1418 : 2536
[OUTLOOK.EXE]

UDP Mark_Laptop:1748 : 4312
[iexplore.exe]

UDP Mark_Laptop:1900 : 836
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP Mark_Laptop:1628 : 4992
[iexplore.exe]

UDP Mark_Laptop:1172 : 4708
[iexplore.exe]

UDP Mark_Laptop:3680 : 5408
[EXCEL.EXE]

UDP Mark_Laptop:netbios-dgm : 4
[System]

UDP Mark_Laptop:netbios-ns : 4
[System]

UDP Mark_Laptop:1900 : 836
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP Mark_Laptop:ntp : 280
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP Mark_Laptop:5353 : 1068
[VersionCueCS2.exe]

Processes running:
Description ExecutablePath ProcessId
System Idle Process 0
System 4
smss.exe C:\WINDOWS\System32\smss.exe 1484
csrss.exe C:\WINDOWS\system32\csrss.exe 1596
winlogon.exe C:\WINDOWS\system32\winlogon.exe 1632
services.exe C:\WINDOWS\system32\services.exe 1676
lsass.exe C:\WINDOWS\system32\lsass.exe 1688
svchost.exe C:\WINDOWS\system32\svchost.exe 1864
svchost.exe C:\WINDOWS\system32\svchost.exe 1924
svchost.exe C:\WINDOWS\System32\svchost.exe 280
S24EvMon.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe 460
svchost.exe C:\WINDOWS\system32\svchost.exe 552
svchost.exe C:\WINDOWS\system32\svchost.exe 836
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe 1212
stacsv.exe c:\drivers\audio\r213367\stacsv.exe 1264
HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe 1336
HostStorageService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe 1348
scardsvr.exe C:\WINDOWS\System32\SCardSvr.exe 1364
svchost.exe C:\WINDOWS\system32\svchost.exe 1760
SMManager.exe C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe 236
wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe 352
unsecapp.exe C:\WINDOWS\system32\wbem\unsecapp.exe 404
wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe 512
VersionCueCS2.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe 1068
ASFAgent.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe 1076
DCPButtonSvc.exe C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe 1140
csasvc.exe C:\WINDOWS\csasvc.exe 1732
DCPSysMgrSvc.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe 1456
igfxext.exe C:\WINDOWS\system32\igfxext.exe 2052
igfxsrvc.exe C:\WINDOWS\system32\igfxsrvc.exe 2108
EvtEng.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2152
FJTWMKSV.exe C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe 2236
GBPoll.exe C:\Program Files\Norton GoBack\GBPoll.exe 2288
mysqld-nt.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe 2368
IAANTmon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 2532
IDriveE Service.exe C:\Program Files\IDrive\IDriveE Service.exe 2584
IDriveWebM.exe C:\Program Files\IDrive\IDriveWebM.exe 2664
jqs.exe C:\Program Files\Java\jre6\bin\jqs.exe 2720
lms.exe C:\Program Files\Intel\AMT\LMS.exe 2916
MDM.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 2980
ccsvchst.exe C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe 3140
RegSrvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 3860
SeaPort.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 3996
svchost.exe C:\WINDOWS\system32\svchost.exe 4084
TdmService.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe 184
UNS.exe C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe 960
searchindexer.exe C:\WINDOWS\system32\SearchIndexer.exe 2040
ccsvchst.exe C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe 3336
explorer.exe C:\WINDOWS\Explorer.EXE 3924
WavXDocMgr.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe 3296
BcmDeviceAndTaskStatusService.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe 2352
SecureUpgrade.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe 2468
PrivacyIconClient.exe C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe 3612
igfxpers.exe C:\WINDOWS\system32\igfxpers.exe 3012
PDVDDXSrv.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe 804
igfxsrvc.exe C:\WINDOWS\system32\igfxsrvc.exe 3824
OA001Mon.exe C:\WINDOWS\OA001Mon.exe 2872
InfoExec.exe C:\WDSC\iseries\InfoCenter\infoexec.exe 1920
IAAnotif.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe 2020
hkcmd.exe C:\WINDOWS\system32\hkcmd.exe 2220
FtLnSOP.exe C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe 520
FjtwMkup.exe C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe 2988
Dell.ControlPoint.exe C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe 3600
Dell.UCM.exe C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe 3212
Apoint.exe C:\Program Files\DellTPad\Apoint.exe 3396
VersionCueCS2Tray.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe 2688
acrotray.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe 3892
J2GDllCmd.exe C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe 2548
jusched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe 3048
ApMsgFwd.exe C:\Program Files\DellTPad\ApMsgFwd.exe 4304
hidfind.exe C:\Program Files\DellTPad\HidFind.exe 5664
ApntEx.exe C:\Program Files\DellTPad\Apntex.exe 5844
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 5928
OUTLOOK.EXE C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE 2536
evfwlx40.exe C:\WDSC\SYSTEM\EVFWLX40.EXE 6092
javaw.exe C:\WDSC\iseries\InfoCenter\jre\bin\javaw.exe 4324
evfctcpd.exe C:\WDSC\system\evfctcpd.exe 4500
DCPSysMgr.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe 4624
rxapi.exe C:\WDSC\SYSTEM\RXAPI.EXE 4964
FTErGuid.exe C:\Program Files\PFU\Error Recovery Guide\FTErGuid.exe 5032
RJSOFFICE.EXE C:\Program Files\RJSOFFICE\RJSOFFICE.EXE 2124
GBTray.exe C:\Program Files\Norton GoBack\GBTray.exe 5420
WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe 5196
MSOFFICE.EXE C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE 6012
OSA.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE 2404
igfxext.exe C:\WINDOWS\system32\igfxext.exe 4340
javaw.exe C:\WDSC\iseries\InfoCenter\jre\bin\javaw.exe 3460
IDriveETray.exe C:\Program Files\IDrive\IDriveETray.exe 5860
alg.exe C:\WINDOWS\System32\alg.exe 2852
IDriveEClsClient.exe C:\Program Files\IDrive\IDriveEClsClient.exe 4032
IDriveVSS_xp.exe C:\Program Files\IDrive\IDriveVSS_xp.exe 4256
vssvc.exe C:\WINDOWS\System32\vssvc.exe 3916
dllhost.exe C:\WINDOWS\system32\dllhost.exe 4488
dllhost.exe C:\WINDOWS\system32\dllhost.exe 4660
msdtc.exe C:\WINDOWS\system32\msdtc.exe 2324
iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe 4992
iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe 4708
wltuser.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe 2008
bsmdemul.exe C:\BNTP32\Bsmdemul.exe 5140
EXCEL.EXE C:\Program Files\Microsoft Office\Office12\EXCEL.EXE 5408
cmd.exe C:\WINDOWS\system32\cmd.exe 4888
iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe 4312
Acrobat.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe 3228
Adobelm_Cleanup.0001 C:\DOCUME~1\mark\LOCALS~1\Temp\Adobelm_Cleanup.0001 2808
Adobelmsvc.exe C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 1220
Adobelm_Cleanup.0001 C:\DOCUME~1\mark\LOCALS~1\Temp\Adobelm_Cleanup.0001 2560
iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe 3480
iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe 4764
notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE 2756
searchprotocolhost.exe C:\WINDOWS\system32\SearchProtocolHost.exe 2420
searchfilterhost.exe C:\WINDOWS\system32\SearchFilterHost.exe 4980
wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe 4684
wmic.exe C:\WINDOWS\System32\Wbem\wmic.exe 5872

Answer : How can I determine if the firewall is not letting through certain TCP packets?

1) How many systems are exhibiting this behavior? What OS version and service pack are they running? Are they current with updates? Same notes regarding Internet Explorer: what version, and are they patched up current?

2) On a "problem" PC, try temporarily using a different browser - Firefox or Chrome, or upgrading to a newer IE, and see if the problem presents. If not, you may have a corrupt IE installation, undetected malware, problem IE version, etc. If the problem is only present in IE, then consider removing and reinstalling IE, moving to another browser, updating to a newer IE, patching IE, etc.

3) Temporarily connect one of the "problem" PC's directly to the outside network, bypassing the firewall. Does the problem occur?

4) Windows clients close inactive TCP sessions by default in 240 seconds (4 minutes). You can reduce this timeout to cause hanging sessions to drop faster, but that's really just a band-aid until you figure out the underlying issue. Don't reduce too much or you'll get dropped sessions on slow links:

http://msdn.microsoft.com/en-us/library/aa560610%28BTS.10%29.aspx

If you want to monitor traffic on the outside of your firewall, you will need a sniffer with a compatible interface. Is there an ethernet lan segment between the firewall and the isp router? If so, and there there isn't already one, install an ethernet hub (simplest thing to do) or a switch capable of port mirroring on that segment and attach your sniffer to the hub/switch.

If the interface is not ethernet (serial, frame, t1/e1/frac), ISDN, DOCSIS, etc.), then you'll need a sniffer with a compatible interface.

I'm not that familiar with SonicWall, but Cisco devices support packet capture and logging of dropped packets, so it is often possible to use built-ind debugging and logging capabilities without needing to resort to an outside capture device.

Experiment to determine what operations are causing the hanging sessions. Once you can reproduce it, capture as short a conversation as possible between the PC and the remote host (Google host), once from inside the firewall, and once from outside. Even better, if you can, capture both simultaneously on two sniffers. (Remember that on the inside interface it will be between a private address and a public address, but on the outside interface, it will be NATted to a public address, so you will probably just have to filter on the Google host address. Try to do this at a time when you can minimize or eliminate other traffic to this address.

Compare packet-by packet, and see if there is a final inbound ACK (shows on the outside capture, but missing on the inside capture) that is getting filtered or dropped by the firewall. If not, then you probably have an issue on the individual PC(s).

LAST_ACK means that the client application (IE, in this case) has issued a close(), and sent a FIN, and is is waiting for one last ACK from the server application.

http://tangentsoft.net/wskfaq/articles/debugging-tcp.html

- Gary Patterson

Random Solutions

align a paragraph at the bottom of a page Word 2007

How can I present multiple percentages in MSSQL server derived from a single cell then over multiple rows?

Show floating point decimal place even for whole numbers in php

How do I recover my data from a Western Digital 500GB NetCenter NAS drive?

Testing ASP.NET validator controls

BESR 2010 Restore options

Remove Exchange 2003 Server after migration to Exchange 2010

Internet Security settings prevents me from opening a file

T-1 muxing converted into a signal that can be terminated at a cable modem