Hi Hesten123,
Apologize for the late reply.
The below is the analyze result from Mike:
I just analyzed the netmon traces on fromproperties.cap and viewdevice.cap
From the GIF, I saw the client is able to open the admin page from properties and failed in click view device.
fromproperties.cap
65 0 3:12:21 AM 2/13/2015
6.4557292 192.168.2.128 192.168.2.123
TCP TCP:Flags=......S., SrcPort=50859, DstPort=HTTPS(443), PayloadLen=0, Seq=3342895909, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 {TCP:40, IPv4:39}
66 0 3:12:21 AM 2/13/2015
6.4559219 192.168.2.123 192.168.2.128
TCP TCP:Flags=...A..S., SrcPort=HTTPS(443), DstPort=50859, PayloadLen=0, Seq=3735137660, Ack=3342895910, Win=14600 ( Negotiated scale factor 0x3 ) = 116800
{TCP:40, IPv4:39}
67 0 3:12:21 AM 2/13/2015
6.4559988 192.168.2.128 192.168.2.123
TCP TCP:Flags=...A...., SrcPort=50859, DstPort=HTTPS(443), PayloadLen=0, Seq=3342895910, Ack=3735137661, Win=256 (scale factor 0x8) = 65536 {TCP:40, IPv4:39}
73 190 3:12:21 AM 2/13/2015 6.4585627
192.168.2.128 192.168.2.123 TLS TLS:TLS Rec Layer-1 HandShake: Client Hello.
{TLS:46, SSLVersionSelector:45, TCP:40, IPv4:39}
75 0 3:12:21 AM 2/13/2015
6.4587913 192.168.2.123 192.168.2.128
TCP TCP:Flags=...A...., SrcPort=HTTPS(443), DstPort=50859, PayloadLen=0, Seq=3735137661, Ack=3342896100, Win=1959 (scale factor 0x3) = 15672 {TCP:40, IPv4:39}
80 1152 3:12:21 AM 2/13/2015 6.4649721
192.168.2.123 192.168.2.128 TLS TLS:TLS Rec Layer-1 HandShake: Server Hello.; TLS Rec Layer-2 HandShake: Certificate.;
TLS Rec Layer-3 HandShake: Server Key Exchange.; TLS Rec Layer-4 HandShake: Server Hello Done. {TLS:46, SSLVersionSelector:45, TCP:40, IPv4:39}
81 0 3:12:21 AM 2/13/2015
6.4650016 192.168.2.128 192.168.2.123
TCP TCP:Flags=...A...., SrcPort=50859, DstPort=HTTPS(443), PayloadLen=0, Seq=3342896100, Ack=3735138813, Win=252 (scale factor 0x8) = 64512 {TCP:40, IPv4:39}
94 126 3:12:22 AM 2/13/2015 6.4775177
192.168.2.128 192.168.2.123 TLS TLS:TLS Rec Layer-1 HandShake: Client Key Exchange.; TLS Rec Layer-2 Cipher
Change Spec; TLS Rec Layer-3 HandShake: Encrypted Handshake Message. {TLS:46, SSLVersionSelector:45, TCP:40, IPv4:39}
95 258 3:12:22 AM 2/13/2015 6.4786686
192.168.2.123 192.168.2.128 TLS TLS:TLS Rec Layer-1 HandShake: Encrypted Handshake Message.; TLS Rec Layer-2
Cipher Change Spec; TLS Rec Layer-3 HandShake: Encrypted Handshake Message. {TLS:46, SSLVersionSelector:45, TCP:40, IPv4:39}
96 0 3:12:22 AM 2/13/2015
6.4787183 192.168.2.128 192.168.2.123
TCP TCP:Flags=...A...., SrcPort=50859, DstPort=HTTPS(443), PayloadLen=0, Seq=3342896226, Ack=3735139071, Win=251 (scale factor 0x8) = 64256 {TCP:40, IPv4:39}
114 0 3:12:22 AM 2/13/2015
6.4893397 192.168.2.128 192.168.2.123
TCP TCP:Flags=...A...F, SrcPort=50859, DstPort=HTTPS(443), PayloadLen=0, Seq=3342896226, Ack=3735139071, Win=251 (scale factor 0x8) = 64256 {TCP:40, IPv4:39}
120 31 3:12:22 AM 2/13/2015 6.4903987
192.168.2.123 192.168.2.128 TLS TLS:TLS Rec Layer-1 Encrypted Alert
{TLS:46, SSLVersionSelector:45, TCP:40, IPv4:39}
121 0 3:12:22 AM 2/13/2015
6.4904282 192.168.2.128 192.168.2.123
TCP TCP:Flags=...A.R.., SrcPort=50859, DstPort=HTTPS(443), PayloadLen=0, Seq=3342896227, Ack=3735139102, Win=0 (scale factor 0x8) = 0
{TCP:40, IPv4:39}
viewdevice.cap
443 (0x1BB) 24 0
3:11:01 AM 2/13/2015 2.3067099 System 192.168.2.128
192.168.2.123 TCP TCP:Flags=......S., SrcPort=50852, DstPort=HTTPS(443), PayloadLen=0, Seq=3369775565, Ack=0, Win=65535
( Negotiating scale factor 0x8 ) = 65535 {TCP:13, IPv4:12}
50852 (0xC6A4) 25 0 3:11:01 AM 2/13/2015
2.3068862 System 192.168.2.123 192.168.2.128 TCP
TCP:Flags=...A..S., SrcPort=HTTPS(443), DstPort=50852, PayloadLen=0, Seq=2371583130, Ack=3369775566, Win=14600 ( Negotiated scale factor 0x3 ) = 116800 {TCP:13, IPv4:12}
443 (0x1BB) 26 0
3:11:01 AM 2/13/2015 2.3069814 System 192.168.2.128
192.168.2.123 TCP TCP:Flags=...A...., SrcPort=50852, DstPort=HTTPS(443), PayloadLen=0, Seq=3369775566, Ack=2371583131,
Win=1024 (scale factor 0x8) = 262144 {TCP:13, IPv4:12}
443 (0x1BB) 27 156 3:11:01
AM 2/13/2015 2.3072129 System 192.168.2.128 192.168.2.123
TLS TLS:TLS Rec Layer-1 HandShake: Client Hello. {TLS:15, SSLVersionSelector:14, TCP:13, IPv4:12}
50852 (0xC6A4) 28 0 3:11:01 AM 2/13/2015
2.3072962 System 192.168.2.123 192.168.2.128 TCP
TCP:Flags=...A...., SrcPort=HTTPS(443), DstPort=50852, PayloadLen=0, Seq=2371583131, Ack=3369775722, Win=1959 (scale factor 0x3) = 15672 {TCP:13, IPv4:12}
50852 (0xC6A4) 29 1338 3:11:01 AM 2/13/2015
2.3112361 System 192.168.2.123 192.168.2.128 TLS
TLS:TLS Rec Layer-1 HandShake: Server Hello.; TLS Rec Layer-2 HandShake: Certificate.; TLS Rec Layer-3 HandShake: Server Key Exchange.; TLS Rec Layer-4 HandShake: Server Hello Done. {TLS:15, SSLVersionSelector:14, TCP:13, IPv4:12}
443 (0x1BB) 30 0
3:11:01 AM 2/13/2015 2.3112979 System 192.168.2.128
192.168.2.123 TCP TCP:Flags=...A...., SrcPort=50852, DstPort=HTTPS(443), PayloadLen=0, Seq=3369775722, Ack=2371584469,
Win=1018 (scale factor 0x8) = 260608 {TCP:13, IPv4:12}
443 (0x1BB) 37 0
3:11:01 AM 2/13/2015 2.3190298 System 192.168.2.128
192.168.2.123 TCP TCP:Flags=...A...F, SrcPort=50852, DstPort=HTTPS(443), PayloadLen=0, Seq=3369775722, Ack=2371584469,
Win=1018 (scale factor 0x8) = 260608 {TCP:13, IPv4:12}
50852 (0xC6A4) 38 0 3:11:01 AM 2/13/2015
2.3193700 System 192.168.2.123 192.168.2.128 TCP
TCP:Flags=...A...F, SrcPort=HTTPS(443), DstPort=50852, PayloadLen=0, Seq=2371584469, Ack=3369775723, Win=1959 (scale factor 0x3) = 15672 {TCP:13, IPv4:12}
443 (0x1BB) 39 0
3:11:01 AM 2/13/2015 2.3194104 System 192.168.2.128
192.168.2.123 TCP TCP:Flags=...A...., SrcPort=50852, DstPort=HTTPS(443), PayloadLen=0, Seq=3369775723, Ack=2371584470,
Win=1018 (scale factor 0x8) = 260608 {TCP:13, IPv4:12}
After comparing the packets, we can see after TCP three handshakes completes and certificate exchange finishes, the client did not send the client key exchange information to the NAS device when click on view device to open the
admin page. However, we can see this behavior when trying to open the page from properties.
From the GIF, we can see the client failed to download one file from NAS with third party explorer chrome, since the traffic is encrypted, we cannot see the actual information.
For we are not familiar with google products, could you please set the windows IE explore as default explorer and make sure the system will launch IE when click on view device.
We have to exclude the possibility that the issue is caused by chrome first.
Best regards