4GE SSM - FP L2 rule drop
ASA 5510 running without issues for a while but we needed extra port so added a 4GE SSM.
Having installed the 4GE SSM we had some issues with the card not liking a connection to our switches and only working by plugging directly from the server into the firewall, not great as we wanted extra servers on the line in the future. So we upgraded the firmware and no are at an impasse.
We have upgraded to 8.0(4)3 and now we cannot get any traffic through the port, we can't even connect to an external DNS server. Running a packet trace I get an immediate error on the first step '(l2_acl) FP L2 rule drop', and it appears as though the outside connection is down.
I have some experience on setting up basic port forwarding and NAT for internet access, webservers, mail but this has thrown me. To be honest its a case of if it aint broke don't fix it so I need some expert help in resolving the problem.
OK here goes, I have powered down the ASA and reseated the card but still no success. Here is the result of 'show interface'.
Result of the command: "show interface"
Interface Ethernet0/0 "external", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 0018.199e.7f58, MTU 1500
IP address 2XX.1XX.1XX.XXX, subnet mask 255.255.255.240
50599 packets input, 43869014 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
40389 packets output, 11509330 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/244)
output queue (blocks free curr/low): hardware (255/235)
Traffic Statistics for "external":
50599 packets input, 42920030 bytes
40389 packets output, 10636033 bytes
656 packets dropped
1 minute input rate 78 pkts/sec, 78310 bytes/sec
1 minute output rate 59 pkts/sec, 8896 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 68 pkts/sec, 64069 bytes/sec
5 minute output rate 55 pkts/sec, 14343 bytes/sec
5 minute drop rate, 1 pkts/sec
Interface Ethernet0/1 "dmz1", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 0018.199e.7f59, MTU 1500
IP address 192.168.2.1, subnet mask 255.255.255.0
10626 packets input, 5136754 bytes, 0 no buffer
Received 85 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
14826 packets output, 15929354 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
14 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/246)
output queue (blocks free curr/low): hardware (255/246)
Traffic Statistics for "dmz1":
10612 packets input, 4910710 bytes
14826 packets output, 15652088 bytes
63 packets dropped
1 minute input rate 1 pkts/sec, 516 bytes/sec
1 minute output rate 1 pkts/sec, 494 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 7 pkts/sec, 6167 bytes/sec
5 minute output rate 6 pkts/sec, 2384 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Ethernet0/2 "internal", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 0018.199e.7f5a, MTU 1500
IP address , subnet mask
59265 packets input, 23635653 bytes, 0 no buffer
Received 9823 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
55517 packets output, 44176321 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
167 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/230)
Traffic Statistics for "internal":
59098 packets input, 22407185 bytes
55517 packets output, 43110583 bytes
3447 packets dropped
1 minute input rate 80 pkts/sec, 10312 bytes/sec
1 minute output rate 88 pkts/sec, 80758 bytes/sec
1 minute drop rate, 6 pkts/sec
5 minute input rate 65 pkts/sec, 11128 bytes/sec
5 minute output rate 64 pkts/sec, 62661 bytes/sec
5 minute drop rate, 4 pkts/sec
Interface Ethernet0/3 "cdmdmz", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 0018.199e.7f5b, MTU 1500
IP address 192.168.3.1, subnet mask 255.255.255.0
106 packets input, 18378 bytes, 0 no buffer
Received 57 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
49 packets output, 17150 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
11 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/249)
output queue (blocks free curr/low): hardware (255/251)
Traffic Statistics for "cdmdmz":
95 packets input, 15728 bytes
49 packets output, 16178 bytes
42 packets dropped
1 minute input rate 0 pkts/sec, 23 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 18 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Management0/0 "management", is down, line protocol is down
Hardware is i82557, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
MAC address 0018.199e.7f57, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 input reset drops, 0 output reset drops
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/0) software (0/0)
Traffic Statistics for "management":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management-only interface. Blocked 0 through-the-device packets
Interface GigabitEthernet1/0 "dmz2", is up, line protocol is up
Hardware is VCS7380 rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
Media-type configured as RJ45 connector
MAC address 0172.10a1.21db, MTU 1500
IP address 192.168.4.1, subnet mask 255.255.255.0
234 packets input, 21658 bytes, 0 no buffer
Received 59 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
3 packets output, 192 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Traffic Statistics for "dmz2":
231 packets input, 17276 bytes
3 packets output, 84 bytes
229 packets dropped
1 minute input rate 0 pkts/sec, 5 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 19 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface GigabitEthernet1/1 "dmz3", is down, line protocol is down
Hardware is VCS7380 rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Media-type configured as RJ45 connector
MAC address 0172.10a1.21dc, MTU 1500
IP address 192.168.5.1, subnet mask 255.255.255.0
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Traffic Statistics for "dmz3":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface GigabitEthernet1/2 "", is administratively down, line protocol is down
Hardware is VCS7380 rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Media-type configured as RJ45 connector
Available but not configured via nameif
MAC address 0172.10a1.21dd, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Interface GigabitEthernet1/3 "", is administratively down, line protocol is down
Hardware is VCS7380 rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Media-type configured as RJ45 connector
Available but not configured via nameif
MAC address 0172.10a1.21de, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Similar Messages
-
What are the limitation of the 4 Port Gigabit ethernet Security Service Module (4GE SSM)?
I was wondering if anyone can help me out. I am trying to create a redundancy topology which require several connections to an ASA 5510. I am looking at extending the connections to my ASA 5510 appliance with the four port gig ethernet security module (4GE SSM). I am trying to find out what the limitations are on this particular module.
I have heard that there might be limitations to the 4GE SSM. Such as the interfaces on this module might process data separately from the ASA 5510 appliance. My question is does the ASA four port gig ethernet security module (4GE SSM) interfaces act as a extension of the ASA 5510 appliance or does it process and filter data separate from the ASA 5510 appliance ?
My concerns are that the 4GE SSM does not utilize all the security features of the ASA 5510 appliance, and that it just separates traffic into security zones. I interpret that to mean that each interface can be placed in a separate security level in which case has a separate security algorithm and uses the security level to force security policies. Nothing more.
My second question if relevant would be what are the limitations?
Thank you for your help on this topic.
mikeThe 4GE SSM just gives you the four additional ports. It doesn't increase the processing capacity of the 5510 (a relatively low end box whose replacement - the 5515X - has been out since this past spring). It works off the same configuration script and CPU as all the built-in ports.
The only limitation I can think of off the top of my head is that members of an Etherchannel cannot span the SSM and the built-in ports. -
Forwarding Rule drops attachments
I have a Mail Rule that forwards an incoming weekly report to a group of colleagues. The incoming Mail includes an attachment which always has the same basic name. With Snow Leopard and Mail 4 the rule works perfectly; with Lion and Mail 5.1 the Rule forwards the message but without the attachment. Has anyone else seen this problem? Can anyone suggest a solution?
Have not noticed but next time I do, I will check it out.
-
Drop the Rules of one table from existing bi directional replication setup
Hi All,
I have one small question on bi directional replication setup, Its regarding table add in existing replication setup.
What happened ,When we add a new table to existing replication setup if any reason table is not replicating between two database even we are not getting
any error in dba_apply_error ,then we have to remove the rules for that particular table and setup again. Some time what happened we got error "queue has
errors" i dont know the ORA number. But in that case what happened Apply process ABORETED and when we try to start the process it gives same error
("Queue has errors" ) and ABORTED again.
then on metalink for doc id 203225.1 .we have remove the whole replication Manually and setup again. It's horriable....
Could you please help that before drop the rules for particular table from exisitng bi directional replication setup then wht should we do ?
Do we need to unscheduled the propagation process and then drop the rules becuase i read on metalink that reason behind the error ,queue has errors
"negative rules drops while propagation process using the same rule set" .
Please Suggest!!!!!!!!!!
Many ThanksHow huge those tables?. If those are small tables use Oracle MINUS function to get the defference records.
-
Dynamic Rule based implementation in PL/SQL
Hi,
We are trying to implement a dynamic rule based application in Oracle 9i. Its simple logic where we store expressions as case statments and actions seperated by commas as follows.
Rule: 'Age > 18 and Age <65'
True Action: 'Status = ''Valid'' , description = ''age in range'''
False Action: 'Status =''Invalid'', Description=''Age not in range'''
Where Age,Status, description are all part of one table.
One way of implementing this is fire rule for each record in the table and then based on true or false call action as update.
i.e
select (case when 'Age > 18 and Age <65' then 1 else 0 end) age_rule from tableX
(above query will in in a cursor xcur)
Then we search for
if age_rule = 1 then
update tablex set Status = ''Valid'' , description = ''age in range'' where id=xcur.id;
else
update tablex set Status =''Invalid'', Description=''Age not in range'' where id=xcur.id;
end if;
This method will result in very slow performance due to high i/o. We want to implement this in collection based method.
Any ideas on how to dynamically check rules and apply actions to collection without impact on performance. (we have nearly 3million rows and 80 rules to be applied)
Thanks in advanceReturning to your original question, first of all, there is a small flaw in the requirements, because if you apply all the rules to the same table/cols, than the table will have results of only last rule that was processed.
Suppose rule#1:
Rule: 'Age > 18 and Age <65'
True Action: 'Status = ''Valid'' , description = ''age in range'''
False Action: 'Status =''Invalid'', Description=''Age not in range'''
and Rule#2:
Rule: 'Name like ''A%'''
True Action: 'Status = 'Invalid'' , description = ''name begins with A'''
False Action: 'Status =''Invalid'', Description=''name not begins with A'''
Then after applying of rule#1 and rule#2, results of the rule#1 will be lost, because second rule will modify the results of the first rule.
Regarding to using collections instead of row by row processing, I think that a better approach would be to move that evaluating cursor inside an update statement, in my tests this considerably reduced processed block count and response time.
Regarding to the expression filter, even so, that you are not going to move to 10g, you still can test this feature and see how it is implemented, to get some ideas of how to better implement your solution. There is a nice paper http://www-db.cs.wisc.edu/cidr2003/program/p27.pdf that describes expression filter implementation.
Here is my example of two different methods for expression evaluation that I've benchmarked, first is similar to your original example and second is with expression evaluation moved inside an update clause.
-- fist create two tables rules and data.
drop table rules;
drop table data;
create table rules( id number not null primary key, rule varchar(255), true_action varchar(255), false_action varchar(255) );
create table data( id integer not null primary key, name varchar(255), age number, status varchar(255), description varchar(255) );
-- populate this tables with information.
insert into rules
select rownum id
, 'Age > '||least(a,b)||' and Age < '||greatest(a,b) rule
, 'Status = ''Valid'', description = ''Age in Range''' true_action
, 'Status = ''Invalid'', description = ''Age not in Range''' false_action
from (
select mod(abs(dbms_random.random),60)+10 a, mod(abs(dbms_random.random),60)+10 b
from all_objects
where rownum <= 2
insert into data
select rownum, object_name, mod(abs(dbms_random.random),60)+10 age, null, null
from all_objects
commit;
-- this is method #1, evaluate rule against every record in the data and do the action
declare
eval number;
id number;
data_cursor sys_refcursor;
begin
execute immediate 'alter session set cursor_sharing=force';
for rules in ( select * from rules ) loop
open data_cursor for 'select case when '||rules.rule||' then 1 else 0 end eval, id from data';
loop
fetch data_cursor into eval, id;
exit when data_cursor%notfound;
if eval = 1 then
execute immediate 'update data set '||rules.true_action|| ' where id = :id' using id;
else
execute immediate 'update data set '||rules.false_action|| ' where id = :id' using id;
end if;
end loop;
end loop;
end;
-- this is method #2, evaluate rule against every record in the data and do the action in update, not in select
begin
execute immediate 'alter session set cursor_sharing=force';
for rules in ( select * from rules ) loop
execute immediate 'update data set '||rules.true_action|| ' where id in (
select id
from (
select case when '||rules.rule||' then 1 else 0 end eval, id
from data
where eval = 1 )';
execute immediate 'update data set '||rules.false_action|| ' where id in (
select id
from (
select case when '||rules.rule||' then 1 else 0 end eval, id
from data
where eval = 0 )';
end loop;
end;
Here are SQL_TRACE results for method#1:
call count cpu elapsed disk query current rows
Parse 37 0.01 0.04 0 0 0 0
Execute 78862 16.60 17.50 0 187512 230896 78810
Fetch 78884 3.84 3.94 2 82887 1 78913
total 157783 20.46 21.49 2 270399 230897 157723
and this is results for method#2:
call count cpu elapsed disk query current rows
Parse 6 0.00 0.00 0 0 0 0
Execute 6 1.93 12.77 0 3488 170204 78806
Fetch 1 0.00 0.00 0 7 0 2
total 13 1.93 12.77 0 3495 170204 78808
You can compare this two methods using SQL_TRACE. -
Looking for Mail Rules Management Tools and Advice
I missed article #302257 Mac OS X 10.4.3: Some Mail rules may be disabled after syncing with .Mac
Now I have a big mess with lots of mails being directed to the Trash
unintentionally. I having difficulty sorting this all out.
I'm synching among 3 machines.
I had started with 153 rules. Without realizing it (see the article above) that number almost doubled but I was puzzled that some rules got turned off. Having so many rules I failed to check for duplicates at first - not that it really should have matter except to slow down the evaluation process a bit.
Rules seemed to be scrattered more widely than they were originally due to the syncing anomoly. But it is hard to get the "big view" with so many rules.
Last night I eliminated the dups on my main home machine. I tried to reorganizing for logic's and clarities sake. But made the mistake of renaming several rules. Now it seems that this caused problem, too.
Is there a better way or, even better, an application that works with Mail.app rules that can help one organize, helps tests the rules, and helps one make sure that the stop evaluating rules drop down is selected?
If there a non destructive way to open and print out the Mail.app rules file in an understandable way? And then use that information to write better mail rules?
Thanks in advance.
Frank
G4 933, G4 Powerbook 667 Mac OS X (10.4.3) 1 Gig RAMJan-David,
1) Have a look at Cantemo Portal which also has a Final Cut Server migration tool.
http://cantemo.com/index.html
André Aulich (moosystems) has built the FCSvr migration tool, and the integration with Archiware P5 Archive:
http://moosystems.com/products/moofs/
Check out the YouTube videos for FCP X and Premiere integration:
http://www.youtube.com/watch?v=XnjBbDajC6U
http://www.youtube.com/watch?v=GTawWFiIyTw
2) And you might also check out Axle Video:
http://www.axlevideo.com
This is on the lower end. It has fewer features, but it aims to be a simple MAM, not an Enterprise tool.
I don't think there is a Final Cut Server migration tool yet, but that might be coming soon. -
Hi Guys
I have a problem. I´m trying to configure a SIP Dial Rule in the CUCM 8.6 , using an ATA187, but no works.
Here, with and without PLAR.
Any idea?
TIA
CristianHi Robert
I performed the following steps:
Step 1 Create a partition, for example, P1, and a calling search space, for example CSS1, so CSS1 contains P1. (In Cisco Unified Communications Manager Administration, choose Call Routing > Class of Control > Partition or Calling Search Space.)
Step 2 Create a null (blank) translation pattern, for example, TP1, which contains calling search space CSS1 and partition P1. In this null (blank) pattern, make sure that you enter the directory number for the B1 PLAR destination in the Called Party Transformation Mask field. (In Cisco Unified Communications Manager Administration, choose Call Routing > Translation Pattern.)
Step 3 Assign the calling search space, CS1, to either A or A'. (In Cisco Unified Communications Manager Administration, choose Device > Phone.)
Step 4 Assign the P1 partition to the directory number for B1, which is the PLAR destination. (In Cisco Unified Communications Manager Administration, choose Call Routing > Directory Number.)
Step 5 For phones that are running SIP, create a SIP dial rule. (In Cisco Unified Communications Manager Administration, choose Call Routing > Dial Rules > SIP Dial Rules. Choose 7940_7960_OTHER. Enter a name for the pattern; for example, PLAR1. Click Save; then, click Add Plar. Click Save.)
Step 6 For phones that are running SIP, assign the SIP dial rule configuration that you created for PLAR to the phones, which, in this example, are A and A'. ((In Cisco Unified Communications Manager Administration, choose Device > Phone. Choose the SIP dial rule configuration from the SIP Dial Rules drop-down list box.)
But not works
TIA
Cristian -
VRF issue with Firewall in transparent Mode.
Hi Guys,
I have 7609 Router and 6513 L3 Switch connected Through ASA 5545.
I am running Multiple VRF between router and Switch and BGP routing Protocol. When they are connected directly to each other everything is normal, however, when I have connected them via ASA 5545 then everything fails. I am using ASA in transparent Mode.
My question is: Do ASA require different setting in case of VRF? If yes, then please give me sample config.I have taken following output from Firewall will this be any help?
sh interface ouTSIDE
Interface GigabitEthernet0/1 "OUTSIDE", is up, line protocol is up
Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 7c69.f68f.df78, MTU 1500
IP address 175.4.8.35, subnet mask 255.255.255.248
8435 packets input, 680680 bytes, 0 no buffer
Received 8135 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
8138 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (476/461)
output queue (blocks free curr/low): hardware (511/511)
Traffic Statistics for "OUTSIDE":
297 packets input, 118503 bytes
0 packets output, 0 bytes
297 packets dropped
1 minute input rate 0 pkts/sec, 13 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
ciscoasa# show asp drop
Frame drop:
FP L2 rule drop (l2_acl) 297
ASA Version 9.0(1)
firewall transparent
ciscoasa# show module all
Mod Card Type Model Serial No.
0 ASA 5545-X with SW, 8 GE Data, 1 GE Mgmt ASA5545
ips ASA 5545-X IPS Security Services Processor ASA5545-IPS
Mod MAC Address Range Hw Version Fw Version Sw Version
0 7c69.f68f.df77 to 7c69.f68f.df80 1.0 2.1(9)8 9.0(1)
ips 7c69.f68f.df75 to 7c69.f68f.df75 N/A N/A 7.1(4)E4
Mod SSM Application Name Status SSM Application Version
ips IPS Up 7.1(4)E4
Mod Status Data Plane Status Compatibility
0 Up Sys Not Applicable
ips Up Up
Mod License Name License Status Time Remaining
ips IPS Module Enabled perpetual
ciscoasa#
I have create Ehtertype ACL and permit any traffic.
cdp traffic has passed through but I am still not able to ping :( -
Dispatch Unit - High Cpu Usage
Hi,
ASA5510 8.2.5(50)
The Dispatch unit process is contantly having high cpu usage for last 10 hours.
Things checked:
1. show proc cpu-usage
2. show perf
It seems fine . Output attached
3. Show interfaces for error
No error, overruns, underrruns on interfaces
4. show traffic
Total cumulative through put on approx 4 Mbps.
drop rate max is 3 pkts /sec randomly and rare occurance on some interfaces
5. Connections and Xlate seem normal.
approx 1100.
Counters were reset 1 hour before the data was collected.
# sh cpu usage
CPU utilization for 5 seconds = 39%; 1 minute: 38%; 5 minutes: 44%
# sh processes cpu-usage sorted
PC Thread 5Sec 1Min 5Min Process
081aadc4 a79aff7c 35.7% 37.5% 42.5% Dispatch Unit
0853f89e a79a0b68 0.4% 0.2% 0.2% ARP Thread
# show perfmon
PERFMON STATS: Current Average
Xlates 0/s 0/s
Connections 21/s 32/s
TCP Conns 17/s 28/s
UDP Conns 1/s 1/s
URL Access 0/s 0/s
URL Server Req 0/s 0/s
TCP Fixup 0/s 0/s
TCP Intercept Established Conns 0/s 0/s
TCP Intercept Attempts 0/s 0/s
sh interface e0/0 | inc overrun
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
fw01/act# sh interface e0/1 | inc overrun
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
# sh conn all
1135 in use, 8777 most used
# sh xlate count
112 in use, 265 most used
# show asp drop frame
No route to host (no-route) 870
Flow is denied by configured rule (acl-drop) 103915
First TCP packet not SYN (tcp-not-syn) 1317
Bad TCP checksum (bad-tcp-cksum) 2
TCP failed 3 way handshake (tcp-3whs-failed) 6695
TCP RST/FIN out of order (tcp-rstfin-ooo) 4025
TCP packet SEQ past window (tcp-seq-past-win) 13
TCP Out-of-Order packet buffer full (tcp-buffer-full) 1949
TCP Out-of-Order packet buffer timeout (tcp-buffer-timeout) 600
TCP RST/SYN in window (tcp-rst-syn-in-win) 5
TCP dup of packet in Out-of-Order queue (tcp-dup-in-queue) 617
TCP packet failed PAWS test (tcp-paws-fail) 1248
IPSEC tunnel is down (ipsec-tun-down) 2
Slowpath security checks failed (sp-security-failed) 1699
DNS Inspect id not matched (inspect-dns-id-not-matched) 4
FP L2 rule drop (l2_acl) 15436
Dropped pending packets in a closed socket (np-socket-closed) 2
Please let us know what reason can be there for high cpu usage by Dispatch unit under current statistics?
What else should be checked to ensure cpu usage comes down?
Regards,
Gurjit Singh
Network Engineer
Spooster IT Services.Hi Gurjar,
r u getting the below mentioned syslog messages?
Flow is denied by configured rule (acl-drop) 103915
106023, 106100, 106004
TCP Out-of-Order packet buffer full (tcp-buffer-full) 1949
TCP Out-of-Order packet buffer full:
This counter is incremented and the packet is dropped when appliance receives an
out-of-order TCP packet on a connection and there is no buffer space to store this packet.
Typically TCP packets are put into order on connections that are inspected by the
appliance or when packets are sent to SSM for inspection. There is a default queue size
and when packets in excess of this default queue size are received they will be dropped.
Recommendations:
On ASA platforms the queue size could be increased using queue-limit configuration
under tcp-map.
Similarly you need to check many reasons for the asp drop logs that you have captured and you need to monitor how much it is increasing and the difference.......
but 40 % CPU utilization is a okay kind of thing and you do not need to worry if that happens only during peak hours ans it is not increasing drastically more and more.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/s2.html#wp1435096
Regards
Karthik -
ASA 5505 & VPN Client will not access remote lan
I have an ASA 5505 that is on the parimeter of a hub & spoke vpn network, when I connect to this device using the VPN client I can connect to any device accross the VPN ifrastructure with the exception of the subnet that the client is connected to, for instance:
VPN client internal network connects to 192.168.113.0 /24 and is issued that ip address 192.168.113.200, the VPN client can be pinged from another device in this network however the client cannot access anyting on this subnet, all other sites can be accesed ie. main site 192.168.16.0/24, second site 192.168.110/24 and third site 192.168.112/24. The ACL Manager has a single entry of "Source 192.168.113.0/24 Destination 192.168.0.0/16 and the "Standared ACL 192.168.8.8./16 permit.
What am I doing wrong?Thanks for getting back to me, I have carried out the steps as instructed, one interesting point is that the IP address that was issued to the VPN Client 192.168.113.200 does not appear in the output.
Result of the command: "show run all sysopt"
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp inside
no sysopt noproxyarp outside
========================================================================
Result of the command: "show capture drop"
3862 packets captured
1: 16:20:12.552675 eb4f.1df5.0453 1503.0100.16d1 0x97da 27: Drop-reason: (np-socket-closed) Dropped pending packets in a closed socket
2: 16:20:12.565980 802.1Q vlan#1 P0 192.168.113.2.1351 > 192.168.113.1.443: F 344642397:344642397(0) ack 2841808872 win 64834 Drop-reason: (tcp-not-syn) First TCP packet not SYN
3: 16:20:18.108469 df4c.9238.6de4 1503.0100.1615 0x80e6 27: Drop-reason: (np-socket-closed) Dropped pending packets in a closed socket
4: 16:20:49.326505 802.1Q vlan#1 P0 802.3 encap packet
5: 16:20:50.326582 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
6: 16:20:51.326643 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
7: 16:20:52.326734 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
8: 16:20:53.326780 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
9: 16:20:54.326811 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
10: 16:20:55.326933 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
11: 16:20:56.327024 802.1Q vlan#1 P0 802.3 encap packet
12: 16:20:57.327116 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
13: 16:20:58.327131 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
14: 16:20:59.327207 802.1Q vlan#1 P0 802.3 encap packet
15: 16:21:00.327253 802.1Q vlan#1 P0 802.3 encap packet
16: 16:21:46.298202 802.1Q vlan#2 P0 188.47.231.204.4804 > x.x.x.x: S 1269179881:1269179881(0) win 65535 Drop-reason: (acl-drop) Flow is denied by configured rule
17: 16:21:49.249971 802.1Q vlan#2 P0 188.47.231.204.4804 >x.x.x.x: S 1269179881:1269179881(0) win 65535 Drop-reason: (acl-drop) Flow is denied by configured rule
18: 16:22:01.331449 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
19: 16:22:02.331541 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
20: 16:22:02.847002 802.1Q vlan#1 P0 192.168.113.102.3601 > 192.168.16.7.389: . ack 776344922 win 0 Drop-reason: (tcp-3whs-failed) TCP failed 3 way handshake
21: 16:22:03.331617 802.1Q vlan#1 P0 802.3 encap packet
22: 16:22:04.331693 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
23: 16:22:05.331769 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
24: 16:22:06.331830 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
25: 16:22:07.331907 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
26: 16:22:08.331937 802.1Q vlan#1 P0 802.3 encap packet
27: 16:22:09.332029 802.1Q vlan#1 P0 802.3 encap packet
28: 16:22:10.332075 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
29: 16:22:11.332136 802.1Q vlan#1 P0 802.3 encap packet
30: 16:22:12.332258 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
31: 16:22:24.346081 802.1Q vlan#2 P0 46.108.60.22.80 > x.x.x.x: S 3922541222:3922541222(0) ack 1002562688 win 8192 Drop-reason: (sp-security-failed) Slowpath security checks failed
32: 16:22:30.981119 802.1Q vlan#1 P0 192.168.113.102.3597 > 192.168.16.7.135: . ack 2880086683 win 0 Drop-reason: (tcp-3whs-failed) TCP failed 3 way handshake
33: 16:22:33.120583 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209 Drop-reason: (sp-security-failed) Slowpath security checks failed
34: 16:22:55.556016 802.1Q vlan#1 P0 192.168.113.103.56162 > 192.168.16.6.135: . ack 1318982887 win 0 Drop-reason: (tcp-3whs-failed) TCP failed 3 way handshake
35: 16:23:13.102671 802.1Q vlan#2 P0 192.168.16.24.2222 > 192.168.113.2.1358: . ack 965718404 win 65103
36: 16:23:13.336423 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
37: 16:23:14.336515 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
38: 16:23:15.336591 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
39: 16:23:16.336621 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
40: 16:23:17.336698 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
41: 16:23:18.336774 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
42: 16:23:19.336850 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
43: 16:23:20.336911 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
44: 16:23:21.337033 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
45: 16:23:22.337033 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
46: 16:23:23.337125 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
47: 16:23:24.337156 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
48: 16:23:25.838900 788c.24f4.af1e 1503.0100.1644 0x6336 27:
49: 16:23:25.902602 802.1Q vlan#1 P0 192.168.113.2.1360 > 192.168.113.1.443: F 1261179433:1261179433(0) ack 346419241 win 65535 Drop-reason: (tcp-not-syn) First TCP packet not SYN
50: 16:23:26.172491 8aa9.7eaf.b518 1503.0100.162a 0xcc22 27:
51: 16:23:26.183858 802.1Q vlan#1 P0 192.168.113.2.1361 > 192.168.113.1.443: F 3073385160:3073385160(0) ack 330255452 win 65535
52: 16:23:26.411447 ac6e.3686.6139 1503.0100.16aa 0x15c4 27:
53: 16:23:26.412225 802.1Q vlan#1 P0 192.168.113.2.1362 > 192.168.113.1.443: F 3114673537:3114673537(0) ack 2528250261 win 65535
54: 16:23:54.887695 802.1Q vlan#1 P0 192.168.113.100.53324 > 192.168.16.5.1433: . ack 2023126490 win 0
55: 16:23:55.944577 802.1Q vlan#1 P0 192.168.113.100.53325 > 192.168.16.5.1433: . ack 94487779 win 0
56: 16:23:58.797871 802.1Q vlan#1 P0 192.168.113.2.1364 > 192.168.113.1.443: F 1356011818:1356011818(0) ack 2268294164 win 64505
57: 16:23:58.799153 580a.0f16.0e1a 1503.0100.1625 0x6642 27:
58: 16:24:12.472265 802.1Q vlan#1 P0 192.168.113.2.1366 > 192.168.113.1.443: F 2587530253:2587530253(0) ack 997846426 win 64501
59: 16:24:12.473059 c38c.f9d3.267b 1503.0100.16c9 0xe516 27:
60: 16:24:20.997476 802.1Q vlan#2 P0 192.168.16.7.1025 > 192.168.113.100.53333: . ack 3487921852 win 64975
61: 16:24:25.341443 802.1Q vlan#1 P0 802.3 encap packet
62: 16:24:26.341443 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
63: 16:24:27.341535 802.1Q vlan#1 P0 802.3 encap packet
64: 16:24:28.341565 802.1Q vlan#1 P0 802.3 encap packet
65: 16:24:29.341687 802.1Q vlan#1 P0 802.3 encap packet
66: 16:24:30.341748 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
67: 16:24:31.341779 802.1Q vlan#1 P0 802.3 encap packet
68: 16:24:31.744285 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56171: . ack 712258524 win 65535
69: 16:24:32.341870 802.1Q vlan#1 P0 802.3 encap packet
70: 16:24:33.209385 802.1Q vlan#1 P0 192.168.113.103.56173 > 192.168.16.6.389: . ack 154944525 win 0
71: 16:24:33.341916 802.1Q vlan#1 P0 802.3 encap packet
72: 16:24:34.341962 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
73: 16:24:35.342084 802.1Q vlan#1 P0 802.3 encap packet
74: 16:24:36.342160 802.1Q vlan#1 P0 802.3 encap packet
75: 16:24:46.196843 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
76: 16:24:47.981196 802.1Q vlan#1 P0 192.168.113.101.138 > 192.168.113.255.138: udp 214
77: 16:25:24.513370 802.1Q vlan#1 P0 192.168.113.2.1370 > 192.168.113.1.443: F 2400826:2400826(0) ack 249202338 win 64383
78: 16:25:24.514377 8684.9fef.d151 1503.0100.1680 0xdf2e 27:
79: 16:25:37.346326 802.1Q vlan#1 P0 802.3 encap packet
80: 16:25:38.346417 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
81: 16:25:39.230350 802.1Q vlan#1 P0 192.168.113.100.53340 > 192.168.16.6.135: . ack 188710898 win 0
82: 16:25:39.230395 802.1Q vlan#1 P0 192.168.113.100.53341 > 192.168.16.7.135: . ack 2767236437 win 0
83: 16:25:39.232257 802.1Q vlan#1 P0 192.168.113.100.53343 > 192.168.16.7.1025: . ack 689444713 win 0
84: 16:25:39.346478 802.1Q vlan#1 P0 802.3 encap packet
85: 16:25:40.346509 802.1Q vlan#1 P0 802.3 encap packet
86: 16:25:41.346631 802.1Q vlan#1 P0 802.3 encap packet
87: 16:25:42.346661 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
88: 16:25:43.346738 802.1Q vlan#1 P0 802.3 encap packet
89: 16:25:44.346844 802.1Q vlan#1 P0 802.3 encap packet
90: 16:25:45.346936 802.1Q vlan#1 P0 802.3 encap packet
91: 16:25:46.346936 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
92: 16:25:47.347043 802.1Q vlan#1 P0 802.3 encap packet
93: 16:25:48.347119 802.1Q vlan#1 P0 802.3 encap packet
94: 16:25:59.497197 802.1Q vlan#1 P0 192.168.113.100.53350 > 192.168.16.8.1168: . ack 1640347657 win 0
95: 16:26:09.189016 802.1Q vlan#2 P0 112.204.234.145.39894 >x.x.x.x.5900: S 3415732392:3415732392(0) win 65535
96: 16:26:09.192906 802.1Q vlan#2 P0 112.204.234.145.39893 > x.x.x.x.5900: S 4277351748:4277351748(0) win 65535
97: 16:26:09.415917 802.1Q vlan#2 P0 112.204.234.145.39902 > x.x.x.x.5900: S 2622006339:2622006339(0) win 65535
98: 16:26:12.062389 802.1Q vlan#2 P0 112.204.234.145.39894 > x.x.x.x.5900: S 3415732392:3415732392(0) win 65535
99: 16:26:12.176840 802.1Q vlan#2 P0 112.204.234.145.39893 >x.x.x.x.5900: S 4277351748:4277351748(0) win 65535
100: 16:26:12.277222 802.1Q vlan#2 P0 112.204.234.145.39902 >x.x.x.x.5900: S 2622006339:2622006339(0) win 65535
101: 16:26:18.090418 802.1Q vlan#2 P0 79.26.104.252.2960 > x.x.x.x.445: S 2362092149:2362092149(0) win 65535
102: 16:26:21.016097 802.1Q vlan#2 P0 79.26.104.252.2960 > x.x.x.x.445: S 2362092149:2362092149(0) win 65535
103: 16:26:29.047269 802.1Q vlan#1 P0 192.168.113.100.53349 > 192.168.16.8.135: . ack 1602664145 win 0
104: 16:26:29.047315 802.1Q vlan#1 P0 192.168.113.100.53351 > 192.168.16.6.135: . ack 2983532581 win 0
105: 16:26:30.854707 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 201
106: 16:26:31.566697 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
107: 16:26:49.351254 802.1Q vlan#1 P0 802.3 encap packet
108: 16:26:50.351269 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
109: 16:26:51.351345 802.1Q vlan#1 P0 802.3 encap packet
110: 16:26:52.351391 802.1Q vlan#1 P0 802.3 encap packet
111: 16:26:53.351498 802.1Q vlan#1 P0 802.3 encap packet
112: 16:26:54.351529 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
113: 16:26:55.351681 802.1Q vlan#1 P0 802.3 encap packet
114: 16:26:56.351696 802.1Q vlan#1 P0 802.3 encap packet
115: 16:26:57.351742 802.1Q vlan#1 P0 802.3 encap packet
116: 16:26:58.351910 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
117: 16:26:59.351925 802.1Q vlan#1 P0 802.3 encap packet
118: 16:27:00.352002 802.1Q vlan#1 P0 802.3 encap packet
119: 16:27:40.086131 802.1Q vlan#1 P0 192.168.113.2.1376 > 192.168.113.1.443: F 66250328:66250328(0) ack 15807648 win 64600
120: 16:27:40.086665 c969.9bb4.8522 1503.0100.160b 0xaa70 27:
121: 16:27:49.601043 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
122: 16:27:56.085536 802.1Q vlan#2 P0 192.168.16.113.61369 > 192.168.113.2.3389: . 1356749934:1356750395(461) ack 2198032306 win 32768
123: 16:28:01.356106 802.1Q vlan#1 P0 802.3 encap packet
124: 16:28:02.356198 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
125: 16:28:03.356274 802.1Q vlan#1 P0 802.3 encap packet
126: 16:28:04.356320 802.1Q vlan#1 P0 802.3 encap packet
127: 16:28:05.356426 802.1Q vlan#1 P0 802.3 encap packet
128: 16:28:06.356487 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
129: 16:28:07.356533 802.1Q vlan#1 P0 802.3 encap packet
130: 16:28:08.356625 802.1Q vlan#1 P0 802.3 encap packet
131: 16:28:09.356671 802.1Q vlan#1 P0 802.3 encap packet
132: 16:28:10.356747 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
133: 16:28:11.356808 802.1Q vlan#1 P0 802.3 encap packet
134: 16:28:11.623350 802.1Q vlan#2 P0 192.168.16.113.61370 > 192.168.113.2.3389: . ack 236838803 win 32764
135: 16:28:12.356884 802.1Q vlan#1 P0 802.3 encap packet
136: 16:28:13.517597 802.1Q vlan#1 P0 192.168.113.2.1384 > 192.168.16.24.2222: . ack 358563673 win 0
137: 16:28:36.442390 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1388: . ack 3605529264 win 65535
138: 16:28:41.392862 802.1Q vlan#1 P0 192.168.113.2.1402 > 192.168.16.6.389: . ack 3155576226 win 0
139: 16:28:46.584808 802.1Q vlan#2 P0 192.168.16.113.61370 > 192.168.113.2.3389: . ack 236894788 win 32682
140: 16:28:54.008468 802.1Q vlan#2 P0 195.57.0.146.18831 >x.x.x.x.445: S 3177136782:3177136782(0) win 65535
141: 16:28:56.157813 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 174
142: 16:28:57.070537 802.1Q vlan#2 P0 195.57.0.146.18831 > x.x.x.47.445: S 3177136782:3177136782(0) win 65535
143: 16:29:00.678492 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
144: 16:29:01.428475 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
145: 16:29:02.178625 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
146: 16:29:03.067943 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
147: 16:29:03.180090 802.1Q vlan#1 P0 192.168.113.2.1409 > 255.255.255.255.1434: udp 1
148: 16:29:03.196950 802.1Q vlan#2 P0 195.57.0.146.18831 > x.x.x.47.445: S 3177136782:3177136782(0) win 65535
149: 16:29:10.270951 802.1Q vlan#1 P0 192.168.113.21.138 > 192.168.113.255.138: udp 201
150: 16:29:13.361080 802.1Q vlan#1 P0 802.3 encap packet
151: 16:29:14.361156 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
152: 16:29:15.361202 802.1Q vlan#1 P0 802.3 encap packet
153: 16:29:16.361263 802.1Q vlan#1 P0 802.3 encap packet
154: 16:29:17.361370 802.1Q vlan#1 P0 802.3 encap packet
155: 16:29:18.361431 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
156: 16:29:19.361462 802.1Q vlan#1 P0 802.3 encap packet
157: 16:29:20.361523 802.1Q vlan#1 P0 802.3 encap packet
158: 16:29:21.361645 802.1Q vlan#1 P0 802.3 encap packet
159: 16:29:22.361675 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
160: 16:29:23.361767 802.1Q vlan#1 P0 802.3 encap packet
161: 16:29:24.361828 802.1Q vlan#1 P0 802.3 encap packet
162: 16:29:26.454276 802.1Q vlan#1 P0 192.168.113.2.1379 > 192.168.16.6.135: . ack 1950662540 win 0
163: 16:29:55.650326 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1413: . ack 1437557360 win 65535
164: 16:30:06.193486 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
165: 16:30:06.275788 802.1Q vlan#1 P0 192.168.113.2.1419 > 192.168.113.1.443: F 2901932674:2901932674(0) ack 2194877438 win 65535
166: 16:30:06.276108 f51d.deb4.fe29 1503.0100.1667 0xef26 27:
167: 16:30:06.458624 802.1Q vlan#1 P0 192.168.113.101.63801 > 23.51.192.60.443: R 2143801199:2143801199(0) ack 856889377 win 0
168: 16:30:06.943447 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
169: 16:30:07.693857 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
170: 16:30:11.228595 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.101.60989: . ack 1672597860 win 65535
171: 16:30:11.300765 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.101.60990: . ack 3222644503 win 64285
172: 16:30:11.535677 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.101.60992: . ack 4073444089 win 65535
173: 16:30:12.626234 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1395: . ack 1607137060 win 64650
174: 16:30:12.626676 802.1Q vlan#1 P0 192.168.113.2.1414 > 192.168.16.6.135: . ack 1802016687 win 0
175: 16:30:14.321028 802.1Q vlan#1 P0 192.168.113.100.53382 > 192.168.16.8.1168: . ack 3656217567 win 0
176: 16:30:20.957622 802.1Q vlan#1 P0 192.168.113.101.138 > 192.168.113.255.138: udp 214
177: 16:30:22.886520 802.1Q vlan#1 P0 192.168.113.101.137 > 192.168.113.255.137: udp 50
178: 16:30:23.650906 802.1Q vlan#1 P0 192.168.113.101.137 > 192.168.113.255.137: udp 50
179: 16:30:24.415261 802.1Q vlan#1 P0 192.168.113.101.137 > 192.168.113.255.137: udp 50
180: 16:30:25.366024 802.1Q vlan#1 P0 802.3 encap packet
181: 16:30:26.366069 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
182: 16:30:27.366192 802.1Q vlan#1 P0 802.3 encap packet
183: 16:30:28.366298 802.1Q vlan#1 P0 802.3 encap packet
184: 16:30:29.366314 802.1Q vlan#1 P0 802.3 encap packet
185: 16:30:30.366344 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
186: 16:30:31.366405 802.1Q vlan#1 P0 802.3 encap packet
187: 16:30:32.366512 802.1Q vlan#1 P0 802.3 encap packet
188: 16:30:33.366588 802.1Q vlan#1 P0 802.3 encap packet
189: 16:30:34.366603 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
190: 16:30:35.366726 802.1Q vlan#1 P0 802.3 encap packet
191: 16:30:36.366787 802.1Q vlan#1 P0 802.3 encap packet
192: 16:30:41.354550 802.1Q vlan#2 P2 86.144.206.150.4500 > x.x.x.42.4500: udp 1
193: 16:31:41.317641 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
194: 16:31:41.410135 802.1Q vlan#2 P2 86.144.206.150.4500 > x.x.x.42.4500: udp 1
195: 16:31:42.067531 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
196: 16:31:42.625211 802.1Q vlan#1 P0 192.168.113.2.1425 > 192.168.16.6.1026: . ack 324632995 win 0
197: 16:31:42.817447 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
198: 16:31:43.621641 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
199: 16:31:44.364391 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
200: 16:31:45.114373 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
201: 16:32:17.514194 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P ack 705237681 win 64410
202: 16:32:17.712991 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: . ack 705237697 win 64394
203: 16:32:19.914289 802.1Q vlan#1 P0 192.168.113.2.1441 > 192.168.113.1.443: F 3616971343:3616971343(0) ack 2537053001 win 64501
204: 16:32:19.914976 0aee.f71f.4e9f 1503.0100.1693 0x6f0c 27:
205: 16:32:29.859559 802.1Q vlan#1 P0 192.168.113.2.1442 > 192.168.113.1.443: F 1397115987:1397115987(0) ack 4256161373 win 64503
206: 16:32:29.860749 dd44.a305.9308 1503.0100.1656 0x8911 27:
207: 16:32:37.739189 802.1Q vlan#1 P0 192.168.113.100.50120 > 192.168.16.5.1433: . ack 2902970569 win 0
208: 16:32:44.122887 802.1Q vlan#1 P0 192.168.113.2.1443 > 192.168.113.1.443: F 2657615761:2657615761(0) ack 4200892746 win 64503
209: 16:32:44.124062 f6a1.d7ab.e83a 1503.0100.1680 0xc43a 27:
210: 16:32:47.656719 802.1Q vlan#1 P0 192.168.113.100.49261 > 192.168.16.7.1025: . ack 3158609488 win 0
211: 16:33:04.969783 802.1Q vlan#1 P0 192.168.113.2.1445 > 192.168.113.1.443: F 814444399:814444399(0) ack 1634267102 win 64503
212: 16:33:04.970881 aa38.dfad.c613 1503.0100.1676 0x82be 27:
213: 16:33:12.628095 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1435: . ack 2283288029 win 65171
214: 16:33:27.120065 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 64394
215: 16:33:27.720421 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 64394
216: 16:33:28.925199 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
217: 16:33:30.033689 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
218: 16:33:31.240466 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
219: 16:33:33.658123 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
220: 16:34:28.894362 802.1Q vlan#2 P0 78.8.246.9.4932 > x.x.x.47.445: S 3906206304:3906206304(0) win 65535
221: 16:34:31.868103 802.1Q vlan#2 P0 78.8.246.9.4932 > x.x.x.47.445: S 3906206304:3906206304(0) win 65535
222: 16:34:39.949657 802.1Q vlan#1 P0 192.168.113.102.138 > 192.168.113.255.138: udp 201
223: 16:35:01.222492 802.1Q vlan#1 P0 192.168.113.100.68 > 255.255.255.255.67: udp 300
224: 16:35:01.650952 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
225: 16:35:02.400995 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
226: 16:35:03.151084 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
227: 16:35:04.022093 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
228: 16:35:04.772146 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
229: 16:35:05.522220 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
230: 16:35:20.168295 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
231: 16:35:20.524264 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
232: 16:35:20.918333 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
233: 16:35:21.274354 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
234: 16:35:21.668346 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
235: 16:35:22.024412 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
236: 16:35:41.391978 802.1Q vlan#1 P0 192.168.113.102.138 > 192.168.113.255.138: udp 201
237: 16:35:41.734932 802.1Q vlan#2 P0 192.168.16.10.445 > 192.168.113.102.3524: . ack 2927988043 win 63730
238: 16:35:44.540041 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
239: 16:35:45.290100 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
240: 16:35:45.678050 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
241: 16:35:46.040143 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
242: 16:35:46.220005 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
243: 16:35:46.428124 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
244: 16:35:47.178213 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
245: 16:35:48.479345 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
246: 16:35:49.229373 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
247: 16:35:49.979380 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
248: 16:36:01.674388 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
249: 16:36:01.674952 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 181
250: 16:36:01.675074 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
251: 16:36:31.389170 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56182: . ack 1459294663 win 65535
252: 16:36:31.674174 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
253: 16:36:32.426354 802.1Q vlan#1 P0 192.168.113.103.56183 > 192.168.16.6.389: . ack 3653264448 win 0
254: 16:36:32.426384 802.1Q vlan#1 P0 192.168.113.103.56183 > 192.168.16.6.389: . ack 3653264448 win 0
255: 16:37:01.673808 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
256: 16:37:05.540468 802.1Q vlan#1 P0 192.168.113.103.56179 > 192.168.16.6.1026: . ack 2381360421 win 0
257: 16:37:29.018050 802.1Q vlan#1 P0 0.0.0.0.68 > 255.255.255.255.67: udp 323
258: 16:37:29.019545 802.1Q vlan#1 P0 192.168.113.2.67 > 255.255.255.255.68: udp 327
259: 16:37:31.263887 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49158: . ack 978836481 win 65297
260: 16:37:31.442710 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49167: . ack 4028718881 win 65221
261: 16:37:31.524920 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49170: . ack 1787569991 win 65535
262: 16:37:31.631391 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49171: . ack 1175931771 win 65221
263: 16:37:31.673472 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
264: 16:37:31.910536 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49175: . ack 1489216443 win 65535
265: 16:37:32.324140 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49173: . ack 3658936090 win 65458
266: 16:37:32.368785 802.1Q vlan#1 P0 192.168.113.100.49165 > 192.168.16.6.389: . ack 72233897 win 0
267: 16:37:32.483510 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
268: 16:37:32.531146 802.1Q vlan#1 P0 192.168.113.100.49157 > 192.168.16.7.389: . ack 4263416637 win 0
269: 16:37:32.736488 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
270: 16:37:32.998788 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49182: . ack 3004547102 win 64245
271: 16:37:33.069179 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49184: . ack 3786025013 win 65535
272: 16:37:33.111429 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
273: 16:37:33.486501 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
274: 16:37:34.236529 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
275: 16:37:34.548982 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49190: . ack 713312844 win 65535
276: 16:37:35.396524 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
277: 16:37:36.149940 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
278: 16:37:36.914289 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
279: 16:37:37.630094 802.1Q vlan#1 P0 192.168.113.100.55930 > 192.168.16.7.53: . ack 1516588584 win 0
280: 16:37:37.727364 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
281: 16:37:38.477529 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
282: 16:37:39.227527 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
283: 16:37:39.458716 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 181
284: 16:37:39.458853 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
285: 16:37:39.499577 802.1Q vlan#1 P0 192.168.113.100.68 > 255.255.255.255.67: udp 300
286: 16:37:39.548280 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
287: 16:37:39.972529 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
288: 16:37:40.040555 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
289: 16:37:40.722618 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
290: 16:37:40.790608 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
291: 16:37:41.332029 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55936: . ack 764822756 win 65297
292: 16:37:41.472631 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
293: 16:37:41.540667 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
294: 16:37:41.864167 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.100.55934: . ack 181110485 win 64773
295: 16:37:42.355694 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
296: 16:37:43.105829 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
297: 16:37:43.855821 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
298: 16:37:58.170080 802.1Q vlan#1 P0 192.168.113.100.49155 > 192.168.16.7.135: . ack 1966960952 win 0
299: 16:37:58.172064 802.1Q vlan#1 P0 192.168.113.100.49156 > 192.168.16.7.1025: . ack 1273630770 win 0
300: 16:38:01.673198 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
301: 16:38:01.673549 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 181
302: 16:38:01.673655 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
303: 16:38:01.739082 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
304: 16:38:07.355511 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
305: 16:38:08.105554 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
306: 16:38:08.855592 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
307: 16:38:09.680613 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
308: 16:38:10.430748 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
309: 16:38:11.180776 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
310: 16:38:12.134957 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.100.55944: . ack 2246367695 win 65237
311: 16:38:12.209217 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55945: . ack 2494919019 win 64264
312: 16:38:12.561845 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
313: 16:38:12.966197 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55948: . ack 2086593126 win 65535
314: 16:38:13.311949 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
315: 16:38:13.761389 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55950: . ack 2045545802 win 65535
316: 16:38:14.061977 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
317: 16:38:14.223499 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55953: . ack 1713858377 win 64292
318: 16:38:14.736351 802.1Q vlan#1 P0 192.168.113.2.1460 > 192.168.16.24.2222: . ack 1683177201 win 0
319: 16:38:14.932019 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
320: 16:38:15.682093 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
321: 16:38:16.432137 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
322: 16:38:22.554490 802.1Q vlan#2 P0 84.233.195.62.80 > x.x.x.42.41099: . ack 4144961094 win 4824
323: 16:38:22.590560 802.1Q vlan#2 P0 84.233.195.62.80 > x.x.x.42.41099: R 2988301725:2988301725(0) win 0
324: 16:38:28.171164 802.1Q vlan#1 P0 192.168.113.100.55946 > 192.168.16.6.135: . ack 1977991697 win 0
325: 16:38:28.696192 802.1Q vlan#1 P0 192.168.113.103.56188 > 192.168.16.24.2222: . ack 2408117423 win 0
326: 16:38:31.672877 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
327: 16:38:32.107965 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 201
328: 16:38:35.048642 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
329: 16:38:36.682948 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55960: . ack 4217273847 win 65535
330: 16:38:37.418145 802.1Q vlan#1 P0 192.168.113.100.55959 > 192.168.16.8.1168: . ack 2927102471 win 0
331: 16:38:39.650906 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55965: . ack 3654544597 win 64245
332: 16:38:58.170798 802.1Q vlan#1 P0 192.168.113.100.55947 > 192.168.16.6.1026: . ack 2221560240 win 0
333: 16:39:39.647915 802.1Q vlan#2 P0 46.214.148.199.6237 > x.x.x.42.445: S 4290339150:4290339150(0) win 65535
334: 16:39:42.649868 802.1Q vlan#2 P0 46.214.148.199.6237 > x.x.x.42.445: S 4290339150:4290339150(0) win 65535
335: 16:40:05.249987 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
336: 16:40:06.000000 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
337: 16:40:06.749976 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
338: 16:40:07.344052 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
339: 16:40:08.801716 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
340: 16:40:09.252031 802.1Q vlan#2 P0 192.168.16.6.139 > 192.168.113.2.1483: P 3217152810:3217152814(4) ack 4243483819 win 65463
341: 16:40:09.566087 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
342: 16:40:10.330564 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
343: 16:40:11.073436 802.1Q vlan#2 P0 189.4.30.188.4049 > x.x.x.47.445: S 583807781:583807781(0) win 65535
344: 16:40:14.013030 802.1Q vlan#2 P0 189.4.30.188.4049 > x.x.x.47.445: S 583807781:583807781(0) win 65535
345: 16:40:21.073253 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1465: . ack 1572968133 win 64691
346: 16:40:53.498631 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56193: . ack 2614204448 win 65535
347: 16:40:54.113168 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56195: . ack 3619711523 win 65535
348: 16:42:05.264024 802.1Q vlan#1 P0 192.168.113.21.138 > 192.168.113.255.138: udp 201
349: 16:42:05.990610 802.1Q vlan#1 P0 802.3 encap packet
350: 16:42:06.582886 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
351: 16:42:07.831057 802.1Q vlan#1 P0 802.3 encap packet
352: 16:42:08.623075 802.1Q vlan#1 P0 802.3 encap packet
353: 16:42:09.624509 802.1Q vlan#1 P0 802.3 encap packet
354: 16:42:10.593231 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
355: 16:42:11.703485 802.1Q vlan#1 P0 802.3 encap packet
356: 16:42:12.813693 802.1Q vlan#1 P0 802.3 encap packet
357: 16:42:13.923383 802.1Q vlan#1 P0 802.3 encap packet
358: 16:42:14.963329 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
359: 16:42:15.995477 802.1Q vlan#1 P0 802.3 encap packet
360: 16:42:17.103647 802.1Q vlan#1 P0 802.3 encap packet
361: 16:42:18.103495 802.1Q vlan#1 P0 802.3 encap packet
362: 16:42:19.203511 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
363: 16:42:20.203572 802.1Q vlan#1 P0 802.3 encap packet
364: 16:42:21.203755 802.1Q vlan#1 P0 802.3 encap packet
365: 16:43:34.032896 802.1Q vlan#2 P0 210.4.15.147.1983 > x.x.x.42.445: S 4060018625:4060018625(0) win 65535
366: 16:43:36.924375 802.1Q vlan#2 P0 210.4.15.147.1983 > x.x.x.42.445: S 4060018625:4060018625(0) win 65535
367: 16:43:51.279053 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
368: 16:43:52.028944 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
369: 16:43:52.778905 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
370: 16:43:53.583481 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
371: 16:43:54.325849 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
372: 16:43:55.075771 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
373: 16:44:43.299133 802.1Q vlan#2 P0 84.46.240.12.4739 > x.x.x.42.445: S 2644276309:2644276309(0) win 65535
374: 16:44:46.355358 802.1Q vlan#2 P0 84.46.240.12.4739 > x.x.x.42.445: S 2644276309:2644276309(0) win 65535
375: 16:45:13.762640 802.1Q vlan#2 P0 14.136.113.23.58068 > x.x.x.42.23: S 628177666:628177666(0) win 5840
376: 16:45:13.764746 802.1Q vlan#2 P0 14.136.113.23.35631 > x.x.x.47.23: S 633610575:633610575(0) win 5840
377: 16:45:13.764914 802.1Q vlan#2 P0 14.136.113.23.36646 >x.x.x.x: S 627103517:627103517(0) win 5840
378: 16:46:47.038068 802.1Q vlan#1 P0 192.168.113.103.56196 > 192.168.16.6.135: . ack 1047348019 win 0
379: 16:47:35.921812 802.1Q vlan#2 P0 50.22.199.212.80 >x.x.x.x.48383: S 1930513355:1930513355(0) ack 1004916503 win 16384
380: 16:47:36.554201 802.1Q vlan#2 P0 66.231.182.111.80 > x.x.x.x.1024: S 2203310160:2203310160(0) ack 2592535424 win 5840
381: 16:48:57.603774 802.1Q vlan#2 P0 142.4.58.113.1859 >x.x.x.x.445: S 3585080814:3585080814(0) win 65535
382: 16:49:00.493123 802.1Q vlan#2 P0 142.4.58.113.1859 > x.x.x.x.445: S 3585080814:3585080814(0) win 65535
383: 16:49:23.626462 802.1Q vlan#1 P0 192.168.113.2.1536 > x.x.x.x.53: . ack 136785297 win 0
384: 16:49:26.492848 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1537: . ack 2966267924 win 65535
385: 16:49:45.827883 802.1Q vlan#2 P0 62.75.244.214.80 > x.x.x.x.40215: S 2919672066:2919672066(0) ack 760938497 win 5840
386: 16:49:56.653225 802.1Q vlan#2 P0 220.132.215.144.4822 > x.x.x.x.23: S 2534918729:2534918729(0) win 5808
387: 16:49:56.655086 802.1Q vlan#2 P0 220.132.215.144.3935 > x.x.x.x.23: S 2538528904:2538528904(0) win 5808
388: 16:49:56.665477 802.1Q vlan#2 P0 220.132.215.144.3892 >x.x.x.x.23: S 2530221481:2530221481(0) win 5808
389: 16:50:05.196980 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
390: 16:50:05.946926 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
391: 16:50:06.696954 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
392: 16:50:33.087489 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
393: 16:50:34.330854 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 201
394: 16:51:48.139961 802.1Q vlan#2 P0 41.84.159.34.3753 > x.x.x.x.445: S 1632777117:1632777117(0) win 65535
395: 16:51:51.117700 802.1Q vlan#2 P0 41.84.159.34.3753 >x.x.x.x.445: S 1632777117:1632777117(0) win 65535
396: 16:52:16.155723 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 30
397: 16:52:16.173620 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
398: 16:52:19.312148 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
399: 16:52:25.864243 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
400: 16:52:33.102457 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
401: 16:52:38.334028 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
402: 16:53:02.396128 802.1Q vlan#2 P0 118.157.40.230.17343 >x.x.x.x.45093: udp 20
403: 16:53:13.157355 802.1Q vlan#1 P0 192.168.113.2.1554 > 192.168.16.24.2222: . ack 460543479 win 0
404: 16:53:31.871552 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
405: 16:55:40.103220 802.1Q vlan#2 P0 79.13.79.231.2042 > x.x.x.x.445: S 3623912103:3623912103(0) win 65535
406: 16:55:42.940411 802.1Q vlan#2 P0 79.13.79.231.2042 > x.x.x.40.445: S 3623912103:3623912103(0) win 65535
407: 16:56:01.209049 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
408: 16:56:01.814548 802.1Q vlan#1 P0 192.168.113.2.1561 > 192.168.16.6.1026: . ack 3029302484 win 0
409: 16:56:01.958995 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
410: 16:56:02.709008 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
411: 16:56:03.515110 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
412: 16:56:04.255891 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
413: 16:56:05.005874 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
414: 16:56:35.329649 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.2.1573: . ack 2011530329 win 65280
415: 16:57:18.817050 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56207: . ack 3180698784 win 65535
416: 16:57:18.887191 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56208: . ack 2540987118 win 65535
417: 16:58:00.045529 802.1Q vlan#2 P0 192.168.16.6.135 > 192.168.113.2.1570: . ack 1936024672 win 65263
418: 16:58:03.923337 802.1Q vlan#1 P0 192.168.113.2.1571 > 192.168.16.6.1026: . ack 4000727925 win 0
419: 16:58:24.150276 802.1Q vlan#1 P0 192.168.113.2.1584 > 192.168.16.24.2222: . ack 1251414172 win 0
420: 16:58:39.814090 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.2.1231: R 3143068825:3143068825(0) win 0
421: 16:58:48.666560 802.1Q vlan#1 P0 192.168.113.103.56210 > 192.168.16.6.389: . ack 1501688799 win 0
422: 17:00:05.206547 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
423: 17:00:05.956508 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
424: 17:00:06.706506 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
425: 17:00:28.431206 802.1Q vlan#2 P0 71.244.82.240.4041 >x.x.x.x.445: S 362528713:362528713(0) win 65535
426: 17:00:31.485356 802.1Q vlan#2 P0 71.244.82.240.4041 > x.x.x.x.445: S 362528713:362528713(0) win 65535
427: 17:02:34.845735 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
428: 17:02:50.268998 802.1Q vlan#2 P0 128.68.207.98.1642 > x.x.x.x.445: S 3558079521:3558079521(0) win 65535
429: 17:02:51.441536 802.1Q vlan#2 P0 95.37.124.146.2470 > x.x.x.x.445: S 3847235035:3847235035(0) win 65535
430: 17:02:53.252779 802.1Q vlan#2 P0 128.68.207.98.1642 > x.x.x.x.445: S 3558079521:3558079521(0) win 65535
431: 17:02:54.298949 802.1Q vlan#2 P0 95.37.124.146.2470 > x.x.x.x.445: S 3847235035:3847235035(0) win 65535
432: 17:03:24.651104 802.1Q vlan#1 P0 192.168.113.2.1604 > 192.168.16.24.2222: . ack 927286160 win 0
433: 17:05:23.439979 802.1Q vlan#2 P0 221.132.33.39.3471 > x.x.x.x.445: S 2983629597:2983629597(0) win 65535
434: 17:05:25.237002 802.1Q vlan#2 P0 204.111.67.69.4533 > x.x.x.x.445: S 1412418025:1412418025(0) win 65535
435: 17:05:26.407663 802.1Q vlan#2 P0 221.132.33.39.3471 > x.x.x.x.445: S 2983629597:2983629597(0) win 65535
436: 17:05:28.156669 802.1Q vlan#2 P0 204.111.67.69.4533 >x.x.x.x.445: S 1412418025:1412418025(0) win 65535
437: 17:05:41.544069 802.1Q vlan#2 P0 106.3.103.188.40760 > x.x.x.x.445: S 1656511640:1656511640(0) win 65535
438: 17:05:44.548021 802.1Q vlan#2 P0 106.3.103.188.40760 > x.x.x.x.445: S 1656511640:1656511640(0) win 65535
439: 17:06:11.262620 802.1Q vlan#2 P0 95.51.201.5.2510 > x.x.x.x.445: S 3351917967:3351917967(0) win 65535
440: 17:06:14.298766 802.1Q vlan#2 P0 95.51.201.5.2510 > x.x.x.x.445: S 3351917967:3351917967(0) win 65535
441: 17:07:16.002975 802.1Q vlan#2 P0 37.59.0.72.22 > x.x.x.x.80: S 1208637086:1208637086(0) ack 1 win 14600
442: 17:07:33.093028 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
443: 17:08:11.139015 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
444: 17:08:11.888961 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
445: 17:08:12.638959 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
446: 17:08:13.446571 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
447: 17:08:14.185842 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
448: 17:08:14.935788 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
449: 17:10:05.434685 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
450: 17:10:06.184698 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
451: 17:10:06.934628 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
452: 17:13:48.562791 802.1Q vlan#2 P0 45.131.126.147.53949 >x.x.x.x.14768: . win 16384
453: 17:14:33.697626 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
454: 17:17:41.242846 802.1Q vlan#2 P0 174.138.175.180.5139 > x.x.x.x.5060: udp 417
455: 17:17:41.260789 802.1Q vlan#2 P0 174.138.175.180.5139 > x.x.x.x.5060: udp 418
456: 17:17:41.293014 802.1Q vlan#2 P0 174.138.175.180.5139 > x.x.x.x.5060: udp 418
457: 17:18:26.144813 802.1Q vlan#1 P0 192.168.113.2.1665 > 192.168.16.24.2222: . ack 3674161483 win 0
458: 17:18:47.300216 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1651: . ack 963481079 win 65535
459: 17:19:40.849702 802.1Q vlan#2 P0 93.63.181.21.62986 > x.x.x.x.445: S 274304149:274304149(0) win 65535
460: 17:19:43.733055 802.1Q vlan#2 P0 93.63.181.21.62986 > x.x.x.x.445: S 274304149:274304149(0) win 65535
461: 17:20:01.536120 802.1Q vlan#2 P0 31.47.40.58.2982 > x.x.x.x.445: S 2578199672:2578199672(0) win 16384
462: 17:20:04.582275 802.1Q vlan#2 P0 31.47.40.58.2982 > x.x.x.x.445: S 2578199672:2578199672(0) win 16384
463: 17:20:04.943875 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
464: 17:20:05.693888 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
465: 17:20:06.443900 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
466: 17:20:16.571320 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
467: 17:20:17.318800 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
468: 17:20:18.068798 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
469: 17:20:18.875885 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
470: 17:20:19.615645 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
471: 17:20:20.365627 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
472: 17:20:21.752738 802.1Q vlan#2 P0 192.168.16.6.139 > 192.168.113.2.1678: P 640741668:640741672(4) ack 2410017920 win 65463
473: 17:21:27.330320 802.1Q vlan#2 P0 109.3.51.11.80 >x.x.x.x.40328: R 0:0(0) ack 987376948 win 0
474: 17:22:33.083537 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
475: 17:23:13.037092 802.1Q vlan#1 P0 192.168.113.2.1686 > 192.168.16.24.2222: . ack 2164880831 win 0
476: 17:23:23.507862 802.1Q vlan#2 P0 192.168.16.24.2222 > 192.168.113.2.1687: . ack 3400485149 win 64451
477: 17:24:03.007293 802.1Q vlan#2 P0 114.34.110.185.35787 > x.x.x.x.23: S 475586745:475586745(0) win 5808
478: 17:24:03.013381 802.1Q vlan#2 P0 114.34.110.185.56372 > x.x.x.x.23: S 471207272:471207272(0) win 5808
479: 17:24:03.015410 802.1Q vlan#2 P0 114.34.110.185.37824 > x.x.x.x.23: S 470577274:470577274(0) win 5808
480: 17:25:10.359997 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 30
481: 17:25:10.379939 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x..56490: udp 20
482: 17:25:13.498478 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
483: 17:25:19.907927 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
484: 17:25:32.359631 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
485: 17:25:56.363415 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
486: 17:26:25.632077 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
487: 17:26:36.299468 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
488: 17:29:27.531863 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1703: . ack 3505140564 win 65535
489: 17:29:28.061977 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1704: . ack 1723398161 win 65535
490: 17:30:04.984583 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
491: 17:30:05.734565 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
492: 17:30:06.484594 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
493: 17:31:08.448676 802.1Q vlan#1 P0 192.168.113.2.1705 > 192.168.16.6.135: . ack 329930795 win 0
494: 17:32:26.498753 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
495: 17:32:27.248720 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
496: 17:32:27.998681 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
497: 17:32:28.805210 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
498: 17:32:29.545565 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
499: 17:32:30.295669 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
500: 17:33:15.029081 802.1Q vlan#2 P0 37.59.0.72.22 > x.x.x.x.80: S 1846440469:1846440469(0) ack 1 win 14600
501: 17:34:32.666683 802.1Q vlan#2 P0 186.210.159.134.1497 >x.x.x.x.445: S 731294763:731294763(0) win 65535
502: 17:34:35.327314 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1738: . ack 4248243050 win 65516
503: 17:34:35.604262 802.1Q vlan#2 P0 186.210.159.134.1497 > x.x.x.x.445: S 731294763:731294763(0) win 65535
504: 17:34:36.750998 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1748: . ack 1292574253 win 65535
505: 17:34:37.026670 802.1Q vlan#1 P0 192.168.113.2.1741 > 192.168.16.6.389: . ack 3709459071 win 0
506: 17:34:53.094096 802.1Q vlan#2 P0 81.191.253.254.1679 > x.x.x.x.23: S 1795047884:1795047884(0) win 5840
507: 17:34:53.094126 802.1Q vlan#2 P0 81.191.253.254.1160 > x.x.x.x.23: S 1792069562:1792069562(0) win 5840
508: 17:34:53.102182 802.1Q vlan#2 P0 81.191.253.254.4513 > x.x.x.x.23: S 1799422964:1799422964(0) win 5840
509: 17:36:39.992441 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1739: . ack 577382098 win 64563
510: 17:36:43.723198 802.1Q vlan#2 P0 173.199.71.146.22 > x.x.x.x.80: R 0:0(0) ack 1 win 0
511: 17:37:33.073894 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
512: 17:38:24.955700 802.1Q vlan#1 P0 192.168.113.2.1761 > 192.168.16.24.2222: . ack 1222119482 win 0
513: 17:38:34.073040 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
514: 17:38:35.042249 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
515: 17:40:04.993661 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
516: 17:40:05.743674 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
517: 17:40:06.493718 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
518: 17:44:36.412759 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
519: 17:44:37.162757 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
520: 17:44:37.912886 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
521: 17:44:38.717217 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
522: 17:44:39.459616 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
523: 17:44:40.209766 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
524: 17:44:41.660412 802.1Q vlan#2 P0 46.108.60.22.80 > x.x.x.x.23736: S 1810069934:1810069934(0) ack 1517738109 win 8192
525: 17:46:36.157737 802.1Q vlan#1 P0 192.168.113.2.1789 > 192.168.16.6.135: . ack 89468705 win 0
526: 17:46:36.157782 802.1Q vlan#1 P0 192.168.113.2.1790 > 192.168.16.6.1026: . ack 3579387297 win 0
527: 17:47:40.965648 802.1Q vlan#2 P0 78.139.165.57.4297 > x.x.x.x.445: S 2908035217:2908035217(0) win 65535
528: 17:47:43.945385 802.1Q vlan#2 P0 78.139.165.57.4297 > x.x.x.x.445: S 2908035217:2908035217(0) win 65535
529: 17:49:57.610640 802.1Q vlan#2 P0 31.31.89.9.22 > x.x.x.x.80: S 1417858380:1417858380(0) ack 1 win 14600
530: 17:50:05.143699 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
531: 17:50:05.893630 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
532: 17:50:06.643658 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
533: 17:50:35.205967 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
534: 17:52:12.181204 802.1Q vlan#2 P0 91.227.122.90.80 > x.x.x.x.35714: S 3170841931:3170841931(0) ack 4036991100 win 5840
535: 17:52:33.064190 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
536: 17:53:09.887390 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1822: . ack 2934231246 win 65171
537: 17:53:12.554857 802.1Q vlan#1 P0 192.168.113.2.1826 > 192.168.16.24.2222: . ack 972433877 win 0
538: 17:56:46.342297 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
539: 17:56:47.092326 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
540: 17:56:47.842272 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
541: 17:56:48.648236 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
542: 17:56:49.389170 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
543: 17:56:50.139168 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
544: 17:57:13.840181 802.1Q vlan#2 P0 50.22.199.212.80 > x.x.x.x.56495: S 99028886:99028886(0) ack 4216075886 win 16384
545: 17:57:39.906081 802.1Q vlan#2 P0 114.26.202.181.4346 > x.x.x.x.445: S 1063524641:1063524641(0) win 65535
546: 17:57:43.000442 802.1Q vlan#2 P0 114.26.202.181.4346 > x.x.x.x.445: S 1063524641:1063524641(0) win 65535
547: 17:58:13.018858 802.1Q vlan#1 P0 192.168.113.2.1864 > 192.168.16.24.2222: . ack 4207183994 win 0
548: 17:59:39.260194 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1872: . ack 1374926765 win 65535
549: 18:00:04.949566 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
550: 18:00:05.699579 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
551: 18:00:06.449576 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
552: 18:00:44.472158 802.1Q vlan#2 P0 212.70.128.163.2239 >x.x.x.x.445: S 490660798:490660798(0) win 65535
553: 18:00:47.456076 802.1Q vlan#2 P0 212.70.128.163.2239 > x.x.x.x.445: S 490660798:490660798(0) win 65535
554: 18:01:18.987894 802.1Q vlan#2 P0 114.43.54.76.3486 > x.x.x.x.445: S 4082553752:4082553752(0) win 65535
555: 18:01:21.981745 802.1Q vlan#2 P0 114.43.54.76.3486 > x.x.x.x.445: S 4082553752:4082553752(0) win 65535
556: 18:02:33.932477 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
557: 18:03:01.819980 802.1Q vlan#2 P0 46.108.60.22.80 > x.x.x.x.30843: S 1487269552:1487269552(0) ack 569782833 win 8192
558: 18:04:43.108270 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.2.1902: . ack 2909854688 win 65130
559: 18:05:26.707894 802.1Q vlan#2 P0 61.160.247.40.6000 > x.x.x.47.3389: S 476708864:476708864(0) win 16384
560: 18:05:26.715813 802.1Q vlan#2 P0 61.160.247.40.6000 > x.x.x.42.3389: S 983564288:983564288(0) win 16384
561: 18:05:26.731941 802.1Q vlan#2 P0 61.160.247.40.6000 > x.x.x.40.3389: S 1910964224:1910964224(0) win 16384
562: 18:06:12.440528 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1899: . ack 3842669121 win 64563
563: 18:07:27.736488 802.1Q vlan#2 P2 81.196.79.244.40632 > x.x.x.42.445: S 1550760725:1550760725(0) win 65535
564: 18:07:30.656155 802.1Q vlan#2 P2 81.196.79.244.40632 > x.x.x.42.445: S 1550760725:1550760725(0) win 65535
565: 18:07:33.054654 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
566: 18:08:13.949017 802.1Q vlan#1 P0 192.168.113.2.1915 > 192.168.16.24.2222: . ack 1717558933 win 0
567: 18:08:56.271973 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
568: 18:08:57.021956 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
569: 18:08:57.771902 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
570: 18:08:58.593307 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
571: 18:08:59.334394 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
572: 18:09:00.0843 -
How do I locate RAW files to export from a managed library?
I have a decade's worth of managed Aperture libraries. The majority of the Masters are jpeg files but at least 30% of the originals are raw files. I am wanting to change to a referenced library structure which is accessible from other applications. Can anyone tell me how I can tell, from within Aperture, which projects are raw based and how to retrieve these raw image files? I expect there is a simple answer which will prompt a "duh" and a forehead slap but it is eluding me at the moment. I know that if I open the library package and rummage around I can locate raw files but the context is lost and often utterly confusing in the arcane folder structure Aperture uses.
You can create smart albums or searches in Aperture to find all images with RAW original files.
Use the command: File > New > Smart album
Then add a rule from the "Add Rule" drop down menu to the Smart Settings HUD:
"File Type is RAW"
and click the checkmark next to the rule.
This will show you all images that are RAW.
Just to be sure, you know, that you need to be careful not to move or modify referenced images in any way by accessing them from other applications, right? -
Inspect http issue - unable to browse secure site.
Hi,
Current version of the asa firewall is 7.1(2) in which when the inspect http is enabled, while opening secure site like axis bank account or any money market site either blank page display or page can not display error message appear. When i disable this command i am able to access all the secure sites properly. It looks like a bug but in the release not i am not finding any bug related to this issue. Please help me resolve this issue.
Amit M.Thanks for the reply. When i disable http inspection and when i try to open login page for some of the site then this page cannot be display appear. Also i try MSS might get exceeded and found in the show asp drop tcp mss is not showing. But still i create a class for mass exceed and apply it in globle configuration but it does not work. Latter i have to disable the http inspection and it started working. Now the question is while clicking on login butten it will go from http to https page during this shifting of http to https why does it affect the connection when enable http inspection.
Following is the show asp drop output.
Please check
PIXFIREWALL# sho asp drop
Frame drop:
Invalid IP header 10
No route to host 13
Reverse-path verify failed 398846
Flow is denied by configured rule 107075
Flow denied due to resource limitation 35
Invalid SPI 2
First TCP packet not SYN 62706
TCP failed 3 way handshake 1211
TCP RST/FIN out of order 39
TCP packet SEQ past window 1
TCP invalid ACK 1
TCP packet buffer full 209
TCP RST/SYN in window 14
TCP DUP and has been ACKed 10411
TCP packet failed PAWS test 10
IPSEC tunnel is down 137
IP option drop 551
Expired flow 26
ICMP Inspect seq num not matched 1057
ICMP Error Inspect different embedded conn 60
DNS Inspect id not matched 4674
IPS Module requested drop 8
FP L2 rule drop 22988
Interface is down 8
Flow drop:
Flow terminated by IPS 16
NAT failed 13066
Tunnel being brought up or torn down 514
Need to start IKE negotiation 2136
Inspection failure 60 -
Connectivity Issues Cisco ASA 5515 in Transparent Mode
Hi,
we´re having problems with one transparent mode setup at one customer site. The ASA is equiped with a CX Module, but we´re not using it, so far in the service policy rules it was enabled and matched all traffic, but in "monitor only" mode. There is a global acl that allows any-any-IP.
Firewall-Info:
- ASA Version 9.1(2)
- Interfaces gi0/0 + gi0/2 without any interface errors
The ASA 5515x is configured as a "bump in the wire". In general our setup is working but with beginning of the installation of the firewall the customer faces following connection issues, without the firewall no problems:
- Connections to SAP-Servers behind the MPLS begin to drop, affected all users
- Incoming monitoring sessions (ping/snmp) from central management are facing ping timeouts, connection timeouts
- http downloads are stopping, Customer: it will stop responding and the download will fail.
In general the customer describes it this way: "We do not have the best connection here so once we connected the firewall all the problems are magnified"
I recognized, that we unconfigured the default inspection during initial setup and reconfigured this entry for the cx module. So the the default inspection with all the settings are not present any more... How important are these settings? One phenomen is, that I´ve seen a large numbers of concurrent connections that increased over time. And we already had that situation, that the firewall reached the max-conn count.
Should I try to reconfigure the default inspection, as it ships from factory? And whats the best way to check for problems? What can be the reason for the dropping connections?
I attached a network plan and the firewall config, hopefully, that somebody has an idea. Of course I can provide additional information...
Best Regards
SebastianHi Vibhor,
thanks for your reply. Does this also affect the traffic, even the setting is set to "Monitor Only" ?
Is it recommend to configure the default-inspection rule as a default setting?
Further Question: I´ve read sth. about, that service policy rules must be "reloaded" to take effect, after they have been changed. Is that right and how do I reload them?
Here is an output from sh asp drop, do I have to care about certain values? This values result from two connected users doing some downloads over a 2Mbit connection.
ciscoasa# show asp drop
Frame drop:
Invalid encapsulation (invalid-encap) 10
First TCP packet not SYN (tcp-not-syn) 114
TCP failed 3 way handshake (tcp-3whs-failed) 3
TCP RST/FIN out of order (tcp-rstfin-ooo) 18
Dst MAC L2 Lookup Failed (dst-l2_lookup-fail) 33
L2 Src/Dst same LAN port (l2_same-lan-port) 260
FP L2 rule drop (l2_acl) 2958
Interface is down (interface-down) 9420
No management IP address configured for TFW (tfw-no-mgmt-ip-config) 117
Dropped pending packets in a closed socket (np-socket-closed) 66
Thanks
Sebastian -
What is the equivalent implementation of isr ios cli "ip tcp synwait-time 10" on asa cli
I would like to see an implementation of an ISR IOS cli:
ip tcp synwait-time 10
on an ASA cli. thank you much in advance.Hi Oscar,
this is supported but you need a class-map type management:
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/mpf_service_policy.html#wp1167296
TCP and UDP connection limits and timeouts, and TCP sequence number randomization: supported for management traffic...
access-list CONTROL_ACL extended permit tcp host 1.1.1.2 interface outside eq https log
access-list CONTROL_ACL extended permit tcp host 1.1.1.2 interface outside eq ssh log
class-map type management CONTROL
match access-list CONTROL_ACL
policy-map global_policy
class CONTROL
set connection conn-max 1
service-policy global_policy global
In my tests, it worked for SSH but not for HTTPS:
ciscoasa(config)# sh conn all
2 in use, 2 most used
TCP outside 1.1.1.2:38670 NP Identity Ifc 1.1.1.10:22, idle 0:00:38, bytes 20, flags UfrOB
TCP outside 1.1.1.2:26470 NP Identity Ifc 1.1.1.10:443, idle 0:00:02, bytes 0, flags UB
After other sessions:
%ASA-7-710005: TCP request discarded from 1.1.1.2/25085 to outside:1.1.1.10/22
%ASA-3-201011: Connection limit exceeded 1/1 for input packet from 1.1.1.2/25085 to 1.1.1.10/22 on interface outside
ciscoasa(config)# sh conn all
4 in use, 5 most used
TCP outside 1.1.1.2:41726 NP Identity Ifc 1.1.1.10:443, idle 0:00:43, bytes 0, flags UB
TCP outside 1.1.1.2:26087 NP Identity Ifc 1.1.1.10:443, idle 0:00:45, bytes 0, flags UB
TCP outside 1.1.1.2:33312 NP Identity Ifc 1.1.1.10:443, idle 0:00:47, bytes 0, flags UB
TCP outside 1.1.1.2:26470 NP Identity Ifc 1.1.1.10:443, idle 0:00:04, bytes 0, flags UB
Somehow, 0 hitcount on HTTPS ACL...
ciscoasa(config)# sh access-list
access-list CONTROL_ACL line 1 extended permit tcp host 1.1.1.2 interface outside eq https log informational interval 300 (hitcnt=0) 0x59b7aa4c
access-list CONTROL_ACL line 2 extended permit tcp host 1.1.1.2 interface outside eq ssh log informational interval 300 (hitcnt=8) 0x31fe983c
ciscoasa(config)# sh asp drop
Frame drop:
Flow is denied by configured rule (acl-drop) 2
First TCP packet not SYN (tcp-not-syn) 49
Connection limit reached (conn-limit) 2
FP L2 rule drop (l2_acl) 48
Flow drop:
SSL bad record detected (ssl-bad-record-detect) 3
ciscoasa(config)# sh service-policy
Global policy:
Service-policy: global_policy
Class-map: CONTROL
Set connection policy: conn-max 1
current conns 1, drop 2
you can also control each feature timeouts seperately via:
telnet/ssh timeout 1
http server idle-timeout/session-timeout 1
Note: I tried this in GNS (asa 8.4.2) and using telnet from a router (not using a real browser for HTTPS) so the results might not be reflect a production environnement...
Patrick -
Production moves to another server with existing streams replication
Hi All,
We have oracle bi directional streams replication setup between 2 server(us and uk). Everything is working as expected.
But,We are going to move UK server from (ex: cam19 to cam29).
Will it impact on replication setup.
we will restore new server via cold backup.Also we will stopped all the process on both the sides ,before cold backup.
Can you please suggest? What should we do before doing that.
How we can avoid any problem while moving server.
so it will not impact on replication.
Thanks in advance!!!!
Many Thanks
nickThanks a lotz Anurag..
I have one small question not on same topic, Its regarding table add in existing replication setup.
What happened ,When we add a new table to existing replication setup if any reason table is not replicating between two database then we have to remove the rules for that particular table and setup again. Some time what happened we got error "queue has errors" i dont know the ORA number.
in that case what cases when apply process ABORETED and when we try to start the process it gives same error and ABORTED again.
then we have remove the whole replication Manually and setup again. It's very horriable....
Could you please help that before drop the rules for particular table then wht should we do ? Do we need to unscheduled the propagation process and then drop the rules becuase i read on metalink that negative rules drops while propagation process using the same rule set.
Please Suggest!!!!!!!!!!
Many Thanks
Maybe you are looking for
-
Hey. After i started my iMac yesterday, i can't open Safari. i get this fail rapport: What can i do? Process: Safari [784] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 7.0.
-
Docking container in a subscreeen
hy gurus, got an issue on the putting a docking container in a subscreen. the subscreen doesn't display. I've created a dynpro 202 as subscreen , i've created a custom container( GO_CONTAINER_OBJECT) in the dynpro 202. in the main dynpro (200) i ha
-
Z97M GAMING no hdmi signal with DVI converter
My monitor has VGA/DVI only (Samsung SyncMaster 213T), I have a HDMI to DVI converter in the DVI port, this works with the HDMI out from my laptop. Am putting together a Z97M/4790K rig. I get no signal at the monitor from the Z97M's HDMI out, if I co
-
I am having the data as like below(sample data) Col1 Col2 A AA A BB A CC B BA B BB C CA D DA D DB E EA E EB I want to show the seq number as a third column as like below. (seq number is with respect to Col1) Col1 Col2 num A AA 1 A BB
-
SCOM 2012 SP1 - Scheduled Report not showing any chart
We have created 2 Scheduled Reports based on the Performance and Performance Details reports. The Scheduled Reports run every day and create a PDF file in the file share. The Reports however don't contain any charts. Selecting other output formats gi