Looking at some unusual ICMP traffic that was being reported by our MARS box. The MARS is primarily reporting on VPN clients so I set up a capture on the inside interface of one of the ASAs and pinged an address from my PC.
On the PC (192.168.1.145) I see
Pinging 192.168.3.5 with 32 bytes of data:
Reply from 192.168.9.1: TTL expired in transit. Reply from 192.168.9.1: TTL expired in transit. Reply from 192.168.9.1: TTL expired in transit. Reply from 192.168.9.1: TTL expired in transit.
Ping statistics for 192.168.3.5: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
The basic path is 192.168.1.145 connects to a Cat3560 which connects to a Cat 6513 running 12.2(17r)S4- The ASA connects to a Cat 3560 which connect to a Cat 6513 running 12.2(18)SXF16 and the two Cat 6513 are connected with a 10gig connection. The 192.168.9.1 address is the default gateway for the ASA which resides on the Cat 6513 that the ASA's Cat 3560 connects to. The default gateway for the PC is on the Cat 6513 that the PC's Cat 3560 connects to.
So the question is what generated the 1010 pings for the 4 that were sent? Wireshark on the PC shows only the four pings.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...