Understanding of Ports tcp/0 and udp/0

Answered Question
Mar 10th, 2010

Hi.........

On my firewall logs, I am getiing hits counts like tcp/0 and udp/0 from internet as well as my remote location.

but i am not understand that for which purpose the tcp/0 and udp/0 is used.

As per my knowledge 0 is well known port.

if anyone having idea on this pls suggest me.

Thanx.......

I have this problem too.
0 votes
Correct Answer by Federico Coto F... about 6 years 9 months ago

Those logs could be part of an authentication like I mentioned, or could be traffic that is flowing through the ASA.

Who is sending the logs, the ASA?

What severity are these logs? Are they just informational or critical?

This could be normal traffic or not, in order to find out, we need to know if that traffic showing on the logs is supposed to go through the ASA in the first place.

A configuration will help.

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Federico Coto F... Wed, 03/10/2010 - 11:02

Hi,

tcp/0 or udp/0 specifies all TCP/UDP traffic

For example, to enable authentication for TCP connections originated from the inside interface to the outside network:
aaa authentication include tcp/0 inside 192.168.1.0 255.255.255.0 209.165.201.0 255.255.255.224 tacacs+

Most likely you will get in the logs this information if you have enabled authentication through the ASA or Firewall.
Can you post the logs to see if there are critical or just informational logs and what exactly do they mean?

Federico.

arjunsawant Wed, 03/10/2010 - 20:53

Hi Federico,

Thax a lot for your reply......

In my organasation i am using Sonicwall firewall,Pls find the logs for more clarrificaion.I am getting this logs from most of the internet traffic.

But i am wondering about that my traffic size is zero.

And second thing is that also i am getting some other logs tcp/smtp and udp/389 about that i am bit confused.

Pls go through and help me out.

Thanx once again.....

Attachment: 
Correct Answer
Federico Coto F... Thu, 03/11/2010 - 11:51

Those logs could be part of an authentication like I mentioned, or could be traffic that is flowing through the ASA.

Who is sending the logs, the ASA?

What severity are these logs? Are they just informational or critical?

This could be normal traffic or not, in order to find out, we need to know if that traffic showing on the logs is supposed to go through the ASA in the first place.

A configuration will help.

Federico.

Actions

This Discussion