Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

ASA TCP Problems - Capture Understanding

Hi All,

I have been investigating an issue between two DMZ zones on the same ASA 5510 with different security levels to which I have found a denied SYN ACK on my syslog server. I have a feeling that the first part of the TCP handshake is happening, but there is a delay and so the ASA is closing that connection, and then the packet is being denied.

To clarify this, I have performed a capture for a minute between the zones, but I don't understand the packet capture.

Can anyone break down to me what the below is doing to help me troubleshoot.

1423: 09:46:18.651547 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: S 4116775013:4116775013(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

<--- More --->

             

1424: 09:46:18.651669 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: S 1411665129:1411665129(0) ack 4116775014 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1425: 09:46:18.651974 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: . ack 1411665130 win 49680

1426: 09:46:18.652050 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: P 4116775014:4116775826(812) ack 1411665130 win 49680

1427: 09:46:18.652187 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: . ack 4116775826 win 49680

1428: 09:46:18.652523 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: P 1411665130:1411665395(265) ack 4116775826 win 49680

1429: 09:46:18.652538 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: P 1411665395:1411665401(6) ack 4116775826 win 49680

1430: 09:46:18.652783 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: . ack 1411665395 win 49680

1431: 09:46:18.652798 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: . ack 1411665401 win 49680

1432: 09:46:18.652920 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: F 4116775826:4116775826(0) ack 1411665401 win 49680

1433: 09:46:18.653088 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: . ack 4116775827 win 49680

1434: 09:46:18.653240 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: F 1411665401:1411665401(0) ack 4116775827 win 49680

1435: 09:46:18.653484 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: . ack 1411665402 win 49680

1436: 09:46:18.658031 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: S 384800353:384800353(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1437: 09:46:18.658169 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: S 1411754011:1411754011(0) ack 384800354 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1438: 09:46:18.658443 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: . ack 1411754012 win 49680

1439: 09:46:18.658535 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: P 384800354:384801144(790) ack 1411754012 win 49680

1440: 09:46:18.658718 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: . ack 384801144 win 49680

1441: 09:46:18.659038 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: P 1411754012:1411754277(265) ack 384801144 win 49680

1442: 09:46:18.659054 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: P 1411754277:1411754283(6) ack 384801144 win 49680

1443: 09:46:18.659267 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: . ack 1411754277 win 49680

1444: 09:46:18.659267 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: . ack 1411754283 win 49680

1445: 09:46:18.659420 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: F 384801144:384801144(0) ack 1411754283 win 49680

1446: 09:46:18.659557 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: . ack 384801145 win 49680

1447: 09:46:18.659725 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: F 1411754283:1411754283(0) ack 384801145 win 49680

1448: 09:46:18.659954 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: . ack 1411754284 win 49680

<--- More --->

             

1449: 09:46:18.673320 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: S 3673891174:3673891174(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1450: 09:46:18.673549 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: S 1411824743:1411824743(0) ack 3673891175 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1451: 09:46:18.673808 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: . ack 1411824744 win 49680

1452: 09:46:18.673884 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: P 3673891175:3673891945(770) ack 1411824744 win 49680

1453: 09:46:18.674037 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: . ack 3673891945 win 49680

1454: 09:46:18.674281 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: P 1411824744:1411825009(265) ack 3673891945 win 49680

1455: 09:46:18.674296 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: P 1411825009:1411825015(6) ack 3673891945 win 49680

1456: 09:46:18.674479 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: . ack 1411825009 win 49680

1457: 09:46:18.674495 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: . ack 1411825015 win 49680

1458: 09:46:18.674724 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: F 3673891945:3673891945(0) ack 1411825015 win 49680

1459: 09:46:18.674846 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: . ack 3673891946 win 49680

1460: 09:46:18.675044 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: F 1411825015:1411825015(0) ack 3673891946 win 49680

1461: 09:46:18.675319 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: . ack 1411825016 win 49680

1462: 09:46:18.811588 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: S 5207385:5207385(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1463: 09:46:18.811771 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: S 1412012366:1412012366(0) ack 5207386 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1464: 09:46:18.812046 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: . ack 1412012367 win 49680

1465: 09:46:18.812137 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: P 5207386:5208174(788) ack 1412012367 win 49680

1466: 09:46:18.812320 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: . ack 5208174 win 49680

1467: 09:46:18.812702 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: P 1412012367:1412012632(265) ack 5208174 win 49680

1468: 09:46:18.812717 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: P 1412012632:1412012638(6) ack 5208174 win 49680

1469: 09:46:18.812854 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: . ack 1412012632 win 49680

1470: 09:46:18.812885 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: . ack 1412012638 win 49680

1471: 09:46:18.813022 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: F 5208174:5208174(0) ack 1412012638 win 49680

1472: 09:46:18.813175 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: . ack 5208175 win 49680

1473: 09:46:18.813327 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: F 1412012638:1412012638(0) ack 5208175 win 49680

<--- More --->

             

1474: 09:46:18.813556 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: . ack 1412012639 win 49680

1475: 09:46:18.917600 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: S 717643492:717643492(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1476: 09:46:18.917692 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: S 1412178882:1412178882(0) ack 717643493 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1477: 09:46:18.917936 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: . ack 1412178883 win 49680

1478: 09:46:18.918028 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: P 717643493:717644271(778) ack 1412178883 win 49680

1479: 09:46:18.918150 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: . ack 717644271 win 49680

1480: 09:46:18.918546 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: P 1412178883:1412179148(265) ack 717644271 win 49680

1481: 09:46:18.918562 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: P 1412179148:1412179154(6) ack 717644271 win 49680

1482: 09:46:18.918745 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: . ack 1412179148 win 49680

1483: 09:46:18.918760 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: . ack 1412179154 win 49680

1484: 09:46:18.918897 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: F 717644271:717644271(0) ack 1412179154 win 49680

1485: 09:46:18.919050 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: . ack 717644272 win 49680

1486: 09:46:18.919218 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: F 1412179154:1412179154(0) ack 717644272 win 49680

1487: 09:46:18.919447 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: . ack 1412179155 win 49680

1488: 09:46:18.935361 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: S 3569838835:3569838835(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1489: 09:46:18.935467 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: S 1412389961:1412389961(0) ack 3569838836 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1490: 09:46:18.935666 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: . ack 1412389962 win 49680

1491: 09:46:18.935757 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: P 3569838836:3569839628(792) ack 1412389962 win 49680

1492: 09:46:18.935925 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: . ack 3569839628 win 49680

1493: 09:46:18.936246 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: P 1412389962:1412390227(265) ack 3569839628 win 49680

1494: 09:46:18.936261 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: P 1412390227:1412390233(6) ack 3569839628 win 49680

1495: 09:46:18.936475 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: . ack 1412390227 win 49680

1496: 09:46:18.936490 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: . ack 1412390233 win 49680

1497: 09:46:18.936627 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: F 3569839628:3569839628(0) ack 1412390233 win 49680

1498: 09:46:18.936764 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: . ack 3569839629 win 49680

<--- More --->

             

1499: 09:46:18.936902 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: F 1412390233:1412390233(0) ack 3569839629 win 49680

1500: 09:46:18.937176 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: . ack 1412390234 win 49680

1501: 09:46:19.014617 802.1Q vlan#707 P0 192.168.16.195.51126 > 192.168.18.6.6200: P 1851114221:1851114786(565) ack 2233533715 win 49680

1502: 09:46:19.015151 802.1Q vlan#707 P0 192.168.16.195.51127 > 192.168.18.7.6200: P 328377883:328378448(565) ack 3320721947 win 49680

1503: 09:46:19.066250 802.1Q vlan#707 P0 192.168.16.196.51884 > 192.168.18.6.6200: P 3457297703:3457298268(565) ack 2230750578 win 49680

1504: 09:46:19.066860 802.1Q vlan#707 P0 192.168.16.196.51885 > 192.168.18.7.6200: P 3906235640:3906236205(565) ack 3317627465 win 49680

1505: 09:46:19.128853 802.1Q vlan#707 P0 192.168.18.7.6200 > 192.168.16.195.51127: . ack 328378448 win 49680

1506: 09:46:19.129189 802.1Q vlan#707 P0 192.168.16.195.51127 > 192.168.18.7.6200: P 328378448:328379205(757) ack 3320721947 win 49680

1507: 09:46:19.129967 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.195.51126: . ack 1851114786 win 49680

1508: 09:46:19.130120 802.1Q vlan#707 P0 192.168.18.7.6200 > 192.168.16.196.51885: P 3317627465:3317628030(565) ack 3906236205 win 49680

1509: 09:46:19.130181 802.1Q vlan#707 P0 192.168.16.195.51126 > 192.168.18.6.6200: P 1851114786:1851115543(757) ack 2233533715 win 49680

1510: 09:46:19.130410 802.1Q vlan#707 P0 192.168.16.196.51885 > 192.168.18.7.6200: P 3906236205:3906236962(757) ack 3317628030 win 49680

1511: 09:46:19.130684 802.1Q vlan#707 P0 192.168.18.7.6200 > 192.168.16.196.51885: P 3317628030:3317628787(757) ack 3906236962 win 49680

1512: 09:46:19.131447 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: P 2230750578:2230751143(565) ack 3457298268 win 49680

1513: 09:46:19.131798 802.1Q vlan#707 P0 192.168.16.196.51884 > 192.168.18.6.6200: P 3457298268:3457299025(757) ack 2230751143 win 49680

1514: 09:46:19.131996 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: P 2230751143:2230751900(757) ack 3457299025 win 49680

1515: 09:46:19.202183 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: . 2230751900:2230753280(1380) ack 3457299025 win 49680

1516: 09:46:19.202214 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: . 2230753280:2230754660(1380) ack 3457299025 win 49680

1517: 09:46:19.202229 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: P 2230754660:2230754966(306) ack 3457299025 win 49680

1518: 09:46:19.202260 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.195.51126: P 2233533715:2233534304(589) ack 1851115543 win 49680

1519: 09:46:19.202488 802.1Q vlan#707 P0 192.168.18.7.6200 > 192.168.16.195.51127: P 3320721947:3320722536(589) ack 328379205 win 49680

1520: 09:46:19.202565 802.1Q vlan#707 P0 192.168.16.196.51884 > 192.168.18.6.6200: . ack 2230753280 win 48300

1521: 09:46:19.202580 802.1Q vlan#707 P0 192.168.16.196.51884 > 192.168.18.6.6200: . ack 2230754966 win 49680

1423: 09:46:18.651547 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: S 4116775013:4116775013(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

<--- More --->

             

1424: 09:46:18.651669 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: S 1411665129:1411665129(0) ack 4116775014 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1425: 09:46:18.651974 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: . ack 1411665130 win 49680

1426: 09:46:18.652050 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: P 4116775014:4116775826(812) ack 1411665130 win 49680

1427: 09:46:18.652187 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: . ack 4116775826 win 49680

1428: 09:46:18.652523 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: P 1411665130:1411665395(265) ack 4116775826 win 49680

1429: 09:46:18.652538 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: P 1411665395:1411665401(6) ack 4116775826 win 49680

1430: 09:46:18.652783 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: . ack 1411665395 win 49680

1431: 09:46:18.652798 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: . ack 1411665401 win 49680

1432: 09:46:18.652920 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: F 4116775826:4116775826(0) ack 1411665401 win 49680

1433: 09:46:18.653088 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: . ack 4116775827 win 49680

1434: 09:46:18.653240 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56183: F 1411665401:1411665401(0) ack 4116775827 win 49680

1435: 09:46:18.653484 802.1Q vlan#707 P0 192.168.16.195.56183 > 192.168.18.7.12502: . ack 1411665402 win 49680

1436: 09:46:18.658031 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: S 384800353:384800353(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1437: 09:46:18.658169 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: S 1411754011:1411754011(0) ack 384800354 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1438: 09:46:18.658443 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: . ack 1411754012 win 49680

1439: 09:46:18.658535 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: P 384800354:384801144(790) ack 1411754012 win 49680

1440: 09:46:18.658718 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: . ack 384801144 win 49680

1441: 09:46:18.659038 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: P 1411754012:1411754277(265) ack 384801144 win 49680

1442: 09:46:18.659054 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: P 1411754277:1411754283(6) ack 384801144 win 49680

1443: 09:46:18.659267 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: . ack 1411754277 win 49680

1444: 09:46:18.659267 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: . ack 1411754283 win 49680

1445: 09:46:18.659420 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: F 384801144:384801144(0) ack 1411754283 win 49680

1446: 09:46:18.659557 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: . ack 384801145 win 49680

1447: 09:46:18.659725 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56184: F 1411754283:1411754283(0) ack 384801145 win 49680

1448: 09:46:18.659954 802.1Q vlan#707 P0 192.168.16.195.56184 > 192.168.18.7.12502: . ack 1411754284 win 49680

<--- More --->

             

1449: 09:46:18.673320 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: S 3673891174:3673891174(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1450: 09:46:18.673549 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: S 1411824743:1411824743(0) ack 3673891175 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1451: 09:46:18.673808 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: . ack 1411824744 win 49680

1452: 09:46:18.673884 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: P 3673891175:3673891945(770) ack 1411824744 win 49680

1453: 09:46:18.674037 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: . ack 3673891945 win 49680

1454: 09:46:18.674281 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: P 1411824744:1411825009(265) ack 3673891945 win 49680

1455: 09:46:18.674296 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: P 1411825009:1411825015(6) ack 3673891945 win 49680

1456: 09:46:18.674479 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: . ack 1411825009 win 49680

1457: 09:46:18.674495 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: . ack 1411825015 win 49680

1458: 09:46:18.674724 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: F 3673891945:3673891945(0) ack 1411825015 win 49680

1459: 09:46:18.674846 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: . ack 3673891946 win 49680

1460: 09:46:18.675044 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56185: F 1411825015:1411825015(0) ack 3673891946 win 49680

1461: 09:46:18.675319 802.1Q vlan#707 P0 192.168.16.195.56185 > 192.168.18.7.12502: . ack 1411825016 win 49680

1462: 09:46:18.811588 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: S 5207385:5207385(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1463: 09:46:18.811771 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: S 1412012366:1412012366(0) ack 5207386 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1464: 09:46:18.812046 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: . ack 1412012367 win 49680

1465: 09:46:18.812137 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: P 5207386:5208174(788) ack 1412012367 win 49680

1466: 09:46:18.812320 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: . ack 5208174 win 49680

1467: 09:46:18.812702 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: P 1412012367:1412012632(265) ack 5208174 win 49680

1468: 09:46:18.812717 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: P 1412012632:1412012638(6) ack 5208174 win 49680

1469: 09:46:18.812854 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: . ack 1412012632 win 49680

1470: 09:46:18.812885 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: . ack 1412012638 win 49680

1471: 09:46:18.813022 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: F 5208174:5208174(0) ack 1412012638 win 49680

1472: 09:46:18.813175 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: . ack 5208175 win 49680

1473: 09:46:18.813327 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56186: F 1412012638:1412012638(0) ack 5208175 win 49680

<--- More --->

             

1474: 09:46:18.813556 802.1Q vlan#707 P0 192.168.16.195.56186 > 192.168.18.7.12502: . ack 1412012639 win 49680

1475: 09:46:18.917600 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: S 717643492:717643492(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1476: 09:46:18.917692 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: S 1412178882:1412178882(0) ack 717643493 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1477: 09:46:18.917936 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: . ack 1412178883 win 49680

1478: 09:46:18.918028 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: P 717643493:717644271(778) ack 1412178883 win 49680

1479: 09:46:18.918150 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: . ack 717644271 win 49680

1480: 09:46:18.918546 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: P 1412178883:1412179148(265) ack 717644271 win 49680

1481: 09:46:18.918562 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: P 1412179148:1412179154(6) ack 717644271 win 49680

1482: 09:46:18.918745 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: . ack 1412179148 win 49680

1483: 09:46:18.918760 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: . ack 1412179154 win 49680

1484: 09:46:18.918897 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: F 717644271:717644271(0) ack 1412179154 win 49680

1485: 09:46:18.919050 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: . ack 717644272 win 49680

1486: 09:46:18.919218 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56187: F 1412179154:1412179154(0) ack 717644272 win 49680

1487: 09:46:18.919447 802.1Q vlan#707 P0 192.168.16.195.56187 > 192.168.18.7.12502: . ack 1412179155 win 49680

1488: 09:46:18.935361 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: S 3569838835:3569838835(0) win 49640 <mss 1380,nop,wscale 0,nop,nop,sackOK>

1489: 09:46:18.935467 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: S 1412389961:1412389961(0) ack 3569838836 win 49680 <mss 1460,nop,wscale 0,nop,nop,sackOK>

1490: 09:46:18.935666 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: . ack 1412389962 win 49680

1491: 09:46:18.935757 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: P 3569838836:3569839628(792) ack 1412389962 win 49680

1492: 09:46:18.935925 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: . ack 3569839628 win 49680

1493: 09:46:18.936246 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: P 1412389962:1412390227(265) ack 3569839628 win 49680

1494: 09:46:18.936261 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: P 1412390227:1412390233(6) ack 3569839628 win 49680

1495: 09:46:18.936475 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: . ack 1412390227 win 49680

1496: 09:46:18.936490 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: . ack 1412390233 win 49680

1497: 09:46:18.936627 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: F 3569839628:3569839628(0) ack 1412390233 win 49680

1498: 09:46:18.936764 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: . ack 3569839629 win 49680

<--- More --->

             

1499: 09:46:18.936902 802.1Q vlan#707 P0 192.168.18.7.12502 > 192.168.16.195.56188: F 1412390233:1412390233(0) ack 3569839629 win 49680

1500: 09:46:18.937176 802.1Q vlan#707 P0 192.168.16.195.56188 > 192.168.18.7.12502: . ack 1412390234 win 49680

1501: 09:46:19.014617 802.1Q vlan#707 P0 192.168.16.195.51126 > 192.168.18.6.6200: P 1851114221:1851114786(565) ack 2233533715 win 49680

1502: 09:46:19.015151 802.1Q vlan#707 P0 192.168.16.195.51127 > 192.168.18.7.6200: P 328377883:328378448(565) ack 3320721947 win 49680

1503: 09:46:19.066250 802.1Q vlan#707 P0 192.168.16.196.51884 > 192.168.18.6.6200: P 3457297703:3457298268(565) ack 2230750578 win 49680

1504: 09:46:19.066860 802.1Q vlan#707 P0 192.168.16.196.51885 > 192.168.18.7.6200: P 3906235640:3906236205(565) ack 3317627465 win 49680

1505: 09:46:19.128853 802.1Q vlan#707 P0 192.168.18.7.6200 > 192.168.16.195.51127: . ack 328378448 win 49680

1506: 09:46:19.129189 802.1Q vlan#707 P0 192.168.16.195.51127 > 192.168.18.7.6200: P 328378448:328379205(757) ack 3320721947 win 49680

1507: 09:46:19.129967 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.195.51126: . ack 1851114786 win 49680

1508: 09:46:19.130120 802.1Q vlan#707 P0 192.168.18.7.6200 > 192.168.16.196.51885: P 3317627465:3317628030(565) ack 3906236205 win 49680

1509: 09:46:19.130181 802.1Q vlan#707 P0 192.168.16.195.51126 > 192.168.18.6.6200: P 1851114786:1851115543(757) ack 2233533715 win 49680

1510: 09:46:19.130410 802.1Q vlan#707 P0 192.168.16.196.51885 > 192.168.18.7.6200: P 3906236205:3906236962(757) ack 3317628030 win 49680

1511: 09:46:19.130684 802.1Q vlan#707 P0 192.168.18.7.6200 > 192.168.16.196.51885: P 3317628030:3317628787(757) ack 3906236962 win 49680

1512: 09:46:19.131447 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: P 2230750578:2230751143(565) ack 3457298268 win 49680

1513: 09:46:19.131798 802.1Q vlan#707 P0 192.168.16.196.51884 > 192.168.18.6.6200: P 3457298268:3457299025(757) ack 2230751143 win 49680

1514: 09:46:19.131996 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: P 2230751143:2230751900(757) ack 3457299025 win 49680

1515: 09:46:19.202183 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: . 2230751900:2230753280(1380) ack 3457299025 win 49680

1516: 09:46:19.202214 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: . 2230753280:2230754660(1380) ack 3457299025 win 49680

1517: 09:46:19.202229 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.196.51884: P 2230754660:2230754966(306) ack 3457299025 win 49680

1518: 09:46:19.202260 802.1Q vlan#707 P0 192.168.18.6.6200 > 192.168.16.195.51126: P 2233533715:2233534304(589) ack 1851115543 win 49680

1519: 09:46:19.202488 802.1Q vlan#707 P0 192.168.18.7.6200 > 192.168.16.195.51127: P 3320721947:3320722536(589) ack 328379205 win 49680

1520: 09:46:19.202565 802.1Q vlan#707 P0 192.168.16.196.51884 > 192.168.18.6.6200: . ack 2230753280 win 48300

1521: 09:46:19.202580 802.1Q vlan#707 P0 192.168.16.196.51884 > 192.168.18.6.6200: . ack 2230754966 win 49680

Thanks for your time.

Natalia

2 REPLIES

ASA TCP Problems - Capture Understanding

Hello Natalia,

On the capture I can see some FIN packets, we will need to determine who is the one sending those packets.

Also if would be so much easier to check the captures on wireshark.

You can download them using the following on an inside host if http 0 0 inside is in place

https://asa_ip_address/capture/capture_name/pcap

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Re: ASA TCP Problems - Capture Understanding

Can anyone take a look and see if there are any issues with this pcap with the TCP handshake?

454
Views
0
Helpful
2
Replies
CreatePlease to create content