Destination Port Ranking : Returns destination ports. Ranked by either number of sessions with that destination port or by bytes transmitted in sessions that contain events that meet the query criteria.
Refer the following url for more info on "top destination port "0"":
Activity: Network Usage - Top Destination Ports: This report ranks destination ports by number of network sessions. This report requires that the syslog level of routers or firewalls be set to high to be able to capture session events. This report provides a general usage pattern of the network.
connections to tcp port 0 are usually used for Operating Systems fingerprinting, and could mean scans are undergoing. Probably there's malware in the computers on your network (as most networks).
You should block everything in your Firewalls, and only allow the tcp ports needed, you can confirm the tcp port 0 connections were blocked checking the path graph of those incidents. Move the mouse over the lines in the path graph and check if the path turns red until reaching the internet or if it stops at your firewalls.
I worked with TAC and it is b/c the PIX is sending SYSLOG level "debug" to the CS-MARS and everything it cannot classify is in "0"... This includes ICMP, xlation build/teardown, etc; unfortunately, CS-MARS needs those for sessionization according to the documentation, so they have to come in.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...