Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Invalid Field for Transport=6

Unanswered Question
Sep 19th, 2005
User Badges:

This morning, I recently received this entry on my syslog daemon from my PIX. Can anyone please shed light as to what this means? Thanks.

...%PIX-4-500004: Invalid transport field for protocol=6, from to (My WAN IP)/445

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Patrick Iseli Mon, 09/19/2005 - 06:40
User Badges:
  • Gold, 750 points or more

Looks like someone tryed to fingerprint (OS and open port detection) your PIX with a Port Scanner. Happend all the time !


See section 4:

4) Nmap protocol scan on firewall IP address

A protocol type nmap scan -sO upon the firewall IP showed all protocols as being active (1-133) from the scanners point of view. The firewall dropped all of these packets. Partial logfile:



Patrick Iseli Mon, 09/19/2005 - 06:52
User Badges:
  • Gold, 750 points or more

Cisco log and error message:


Error Message %PIX-4-500004: Invalid transport field for protocol=protocol, from

source_address/source_port to dest_address/dest_port

Explanation This message appears when there is an invalid transport number, in which the source or destination port number for a protocol is zero. The protocol field is 6 for TCP and 17 for UDP.

Recommended Action If these messages persist, contact the peer's administrator.







This Discussion