Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA-Port Question

Hello,

I've got internal devices connecting back to one particular server using a strange port. I rebooted the server and now there all connecting to a different port still using a strange protocol.

Is there a way to look on the firewall to see if the server is talking to an outside IP address using that same port?  I apologize if I didn't frame the question very good.

 

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions

Hi,You can use 'show local

Hi,

You can use 'show local-host <server-ip> detail' command.

Hi, Sh conn | in <Server IP>

Hi,

 

Sh conn | in <Server IP> to check if there are any current active connections running for that specific server.... Also this gives you the port information as well.....

 

If you want to capture the traffic for certain timelines then you may use capture.....

 

access-list capture extended permit ip host <server ip> any

FW# capture test access-list capture buffer 2048 interface <inside> trace detail

 

leave for certain period say 30 mins or something

 

then check

FW#show capture test

 

Example output:

ASA1# show capture test

15 packets captured

   1: 09:59:45.405389 192.168.1.10 > 192.168.2.10: icmp: echo reply
   2: 09:59:45.529315 192.168.1.10 > 192.168.2.10: icmp: echo reply
   3: 09:59:45.564179 192.168.1.10 > 192.168.2.10: icmp: echo reply
   4: 09:59:45.585266 192.168.1.10 > 192.168.2.10: icmp: echo reply
   5: 09:59:45.628354 192.168.1.10 > 192.168.2.10: icmp: echo reply
   6: 09:59:45.654140 192.168.1.10 > 192.168.2.10: icmp: echo reply
   7: 09:59:45.712304 192.168.1.10 > 192.168.2.10: icmp: echo reply
   8: 09:59:45.756293 192.168.1.10 > 192.168.2.10: icmp: echo reply
   9: 09:59:45.852418 192.168.1.10 > 192.168.2.10: icmp: echo reply
  10: 09:59:46.297225 192.168.1.10 > 192.168.2.10: icmp: echo reply
  11: 09:59:46.335218 192.168.1.10 > 192.168.2.10: icmp: echo reply
  12: 09:59:46.357205 192.168.1.10 > 192.168.2.10: icmp: echo reply
  13: 09:59:46.385203 192.168.1.10 > 192.168.2.10: icmp: echo reply
  14: 09:59:46.419198 192.168.1.10 > 192.168.2.10: icmp: echo reply
  15: 09:59:46.455970 192.168.1.10 > 192.168.2.10: icmp: echo reply
15 packets shown
ASA1#

 

 

Regards

Karthik

4 REPLIES
Hall of Fame Super Silver

The server is inside the

The server is inside the firewall?

If so, connections initiated from the outside should only be allowed according to the access-list you have on the outside interface.

You can always capture traffic on an ASA firewall to see exactly what's being transmitted and received. From ASDM, use "Wizards > Packet capture wizard' and follow the prompts.

Hi,You can use 'show local

Hi,

You can use 'show local-host <server-ip> detail' command.

Hi, Sh conn | in <Server IP>

Hi,

 

Sh conn | in <Server IP> to check if there are any current active connections running for that specific server.... Also this gives you the port information as well.....

 

If you want to capture the traffic for certain timelines then you may use capture.....

 

access-list capture extended permit ip host <server ip> any

FW# capture test access-list capture buffer 2048 interface <inside> trace detail

 

leave for certain period say 30 mins or something

 

then check

FW#show capture test

 

Example output:

ASA1# show capture test

15 packets captured

   1: 09:59:45.405389 192.168.1.10 > 192.168.2.10: icmp: echo reply
   2: 09:59:45.529315 192.168.1.10 > 192.168.2.10: icmp: echo reply
   3: 09:59:45.564179 192.168.1.10 > 192.168.2.10: icmp: echo reply
   4: 09:59:45.585266 192.168.1.10 > 192.168.2.10: icmp: echo reply
   5: 09:59:45.628354 192.168.1.10 > 192.168.2.10: icmp: echo reply
   6: 09:59:45.654140 192.168.1.10 > 192.168.2.10: icmp: echo reply
   7: 09:59:45.712304 192.168.1.10 > 192.168.2.10: icmp: echo reply
   8: 09:59:45.756293 192.168.1.10 > 192.168.2.10: icmp: echo reply
   9: 09:59:45.852418 192.168.1.10 > 192.168.2.10: icmp: echo reply
  10: 09:59:46.297225 192.168.1.10 > 192.168.2.10: icmp: echo reply
  11: 09:59:46.335218 192.168.1.10 > 192.168.2.10: icmp: echo reply
  12: 09:59:46.357205 192.168.1.10 > 192.168.2.10: icmp: echo reply
  13: 09:59:46.385203 192.168.1.10 > 192.168.2.10: icmp: echo reply
  14: 09:59:46.419198 192.168.1.10 > 192.168.2.10: icmp: echo reply
  15: 09:59:46.455970 192.168.1.10 > 192.168.2.10: icmp: echo reply
15 packets shown
ASA1#

 

 

Regards

Karthik

New Member

Thanks  for the tips.  I've

Thanks  for the tips. 

 

I've ran this command and it's a big help. 

 

Thanks,

Derek

48
Views
0
Helpful
4
Replies
CreatePlease to create content