Reading Packet captures from ASA

mahesh18 · ‎12-17-2013

Hi Everyone,

I am trying to add ASA to CSM.

Firewall logs where CSM is connected shows connection going to ASA as TCP Reset 0.

I did packet capture. from Firewall which is connected to cisco security manager

1: 16:00:36.323240 802.1Q vlan#512 P0 172.16.10.220.59065 > 172.16.17.199.443: S 3370468132:3370468132(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>

2: 16:00:36.323332 802.1Q vlan#512 P0 172.16.17.199.443 > 172.16.10.220.59065: R 0:0(0) ack 3370468133 win 8192

3: 16:00:36.822482 802.1Q vlan#512 P0 172.16.10.220.59065 > 172.16.17.199.443: S 2488360382:2488360382(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>

4: 16:00:36.822528 802.1Q vlan#512 P0 172.16.17.199.443 > 172.16.10.220.59065: R 0:0(0) ack 2488360383 win 8192

5: 16:00:37.322523 802.1Q vlan#512 P0 172.16.10.220.59065 > 172.16.17.199.443: S 3869032690:3869032690(0) win 8192 <mss 1380,nop,nop,sackOK>

6: 16:00:37.322599 802.1Q vlan#512 P0 172.16.17.199.443 > 172.16.10.220.59065: R 0:0(0) ack 3869032691 win 8192

7: 16:00:37.323423 802.1Q vlan#512 P0 172.16.10.220.59066 > 172.16.17.199.443: S 1705516470:1705516470(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>

8: 16:00:37.323515 802.1Q vlan#512 P0 172.16.17.199.443 > 172.16.10.220.59066: R 0:0(0) ack 1705516471 win 8192

9: 16:00:37.822528 802.1Q vlan#512 P0 172.16.10.220.59066 > 172.16.17.199.443: S 1497300920:1497300920(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>

10: 16:00:37.822589 802.1Q vlan#512 P0 172.16.17.199.443 > 172.16.10.220.59066: R 0:0(0) ack 1497300921 win 8192

11: 16:00:38.322584 802.1Q vlan#512 P0 172.16.10.220.59066 > 172.16.17.199.443: S 2252367676:2252367676(0) win 8192 <mss 1380,nop,nop,sackOK>

12: 16:00:38.322645 802.1Q vlan#512 P0 172.16.17.199.443 > 172.16.10.220.59066: R 0:0(0) ack 2252367677 win 8192

Need to understand what does above mean?

Regards

Mahesh