キャンセル
次の結果を表示 
次の代わりに検索 
もしかして: 

FW: Connection Table,Flagsの変遷について

ASA/FWSMにおいて,TCP の Connection Tableとその Flags がそれぞれのパケットでどのように変遷していくかご覧いただけるサンプルとなります.


ネットワーク図
  200.0.0.2 ------- ASA ------- 100.0.0.2
  Outside(Clinet)               Inside(Server)

 


  Inside(Clinet)               Outside(Server)
  Number Flags                 Number Flags         FW Flags
  01     syn         ------>                        saA
                     <------   02     ack,syn         A
  03     ack         ------>                           U
  04     ack         ------>                           U
                     <------   05     ack              UO
  06     ack,psh     ------>                           UO
  07     ack,psh     ------>                           UO
                     <------   08     ack              UIO
                     <------   09     ack              UIO
                     <------   10     ack,psh,fin      UFIO
  11     ack         ------>                           UFRIO
  12     ack,psh,fin ------>                           UfFRIO
                     <------   13     ack             (UfFrRIO)


コンソールログと,1パケット毎の show connの出力結果

##### 01 syn from Inside and built a connection
Feb 24 2014 05:43:50: %ASA-7-609001: Built local-host inside:200.0.0.2
Feb 24 2014 05:43:50: %ASA-7-609001: Built local-host outside:100.0.0.2
Feb 24 2014 05:43:50: %ASA-6-302013: Built outbound TCP connection 13 for outside:100.0.0.2/80 (100.0.0.2/80) to inside:200.0.0.2/41487 (200.0.0.2/41487)
sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:02, bytes 0, flags saA

##### 02 ACK, SYN from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:02, bytes 0, flags A

##### 03 ACK from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:01, bytes 0, flags U

##### 04 ACK from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:02, bytes 0, flags U

##### 05 ACK from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:02, bytes 0, flags U

##### 06 ACK, PSH from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:01, bytes 1, flags UO

##### 07 ACK, PSH from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:02, bytes 3, flags UO

##### 08 ACK from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:01, bytes 3, flags UO

##### 09 ACK from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:01, bytes 125, flags UIO

##### 10 ACK, PSH, FIN from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:01, bytes 125, flags UFIO

##### 11 ACK from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:02, bytes 125, flags UFRIO

##### 12 ACK, PSH, FIN from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside  100.0.0.2:80 inside  200.0.0.2:41487, idle 0:00:01, bytes 125, flags UfFRIO

##### 13 Last ACK from Outside
ciscoasa(config)# Feb 24 2014 05:45:28: %ASA-6-302014: Teardown TCP connection 13 for outside:100.0.0.2/80 to inside:200.0.0.2/41487 duration 0:01:37 bytes 125 TCP FINs
Feb 24 2014 05:45:28: %ASA-7-609002: Teardown local-host inside:200.0.0.2 duration 0:01:37
Feb 24 2014 05:45:28: %ASA-7-609002: Teardown local-host outside:100.0.0.2 duration 0:01:37

ciscoasa(config)# sh conn
0 in use, 1 most used
ciscoasa(config)#

 

バージョン履歴
改訂番号
1/1
最終更新:
‎04-24-2014 07:17 PM
更新者:
 
ラベル(1)