cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4022
Views
0
Helpful
3
Replies

Understanding of Ports tcp/0 and udp/0

arjunsawant
Level 1
Level 1

Hi.........

On my firewall logs, I am getiing hits counts like tcp/0 and udp/0 from internet as well as my remote location.

but i am not understand that for which purpose the tcp/0 and udp/0 is used.

As per my knowledge 0 is well known port.

if anyone having idea on this pls suggest me.

Thanx.......

1 Accepted Solution

Accepted Solutions

Those logs could be part of an authentication like I mentioned, or could be traffic that is flowing through the ASA.

Who is sending the logs, the ASA?

What severity are these logs? Are they just informational or critical?

This could be normal traffic or not, in order to find out, we need to know if that traffic showing on the logs is supposed to go through the ASA in the first place.

A configuration will help.

Federico.

View solution in original post

3 Replies 3

Hi,

tcp/0 or udp/0 specifies all TCP/UDP traffic

For example, to enable authentication for TCP connections originated from the inside interface to the outside network:
aaa authentication include tcp/0 inside 192.168.1.0 255.255.255.0 209.165.201.0 255.255.255.224 tacacs+

Most likely you will get in the logs this information if you have enabled authentication through the ASA or Firewall.
Can you post the logs to see if there are critical or just informational logs and what exactly do they mean?

Federico.

Hi Federico,

Thax a lot for your reply......

In my organasation i am using Sonicwall firewall,Pls find the logs for more clarrificaion.I am getting this logs from most of the internet traffic.

But i am wondering about that my traffic size is zero.

And second thing is that also i am getting some other logs tcp/smtp and udp/389 about that i am bit confused.

Pls go through and help me out.

Thanx once again.....

Those logs could be part of an authentication like I mentioned, or could be traffic that is flowing through the ASA.

Who is sending the logs, the ASA?

What severity are these logs? Are they just informational or critical?

This could be normal traffic or not, in order to find out, we need to know if that traffic showing on the logs is supposed to go through the ASA in the first place.

A configuration will help.

Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: