Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX packet capture explanation

Hi Expert,

Could someone help to explan the following packets about udp 45 and udp 47 captured from PIX, thanks.

5 REPLIES
New Member

Re: PIX packet capture explanation

Those look like DNS packets since the port is UDP 53. DNS request probably.  What is the server with IP 10.68.68.201?

New Member

Re: PIX packet capture explanation

The 10.68.68.201 is a terminal server, my problem is the ip 61.20.223.89 to query DNS server 10.64.176.106, what does udp 45 mean ?

If I permit port 53 rule only, the DNS query was not work. it's need permit a range udp ports as 1 - 100 for this ip 61.20.223.89.

Super Bronze

Re: PIX packet capture explanation

45 is just the length of the UDP packet. It is still a DNS packet (on UDP/53)

From your example:

   5: 13:54:07.974116 61.20.223.89.3835 > 10.64.176.106.53:  udp 45

Highlighted in red is the port number (53) - which is DNS.


New Member

Re: PIX packet capture explanation

How are you creating rules?

UDP is stateless so you may need to allow both directions (outbound DNS requests and inbound DNS replies) if you are filtering on either direction.

Would help to see the access lists you are having problems with.

Cisco Employee

Re: PIX packet capture explanation

   5: 13:54:07.974116 61.20.223.89.3835 > 10.64.176.106.53:  udp 45

3835 is the udp source port used by the client 61.20.223.89

53 is the dns port that the DNS server 10.64.176.106 listens and responds to.

45 is the udp packet size.

-KS

296
Views
0
Helpful
5
Replies