https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711512#M193117 <P>Hi Friendzs,</P><P>&nbsp;</P><P>Query is regarding packet tracer command. <STRONG>packet-tracer</STRONG> <B class="cCN_CmdName">input</B><EM class="cCi_CmdItalic"> </EM>[<EM class="cArgument">src_int</EM>]<EM class="cCi_CmdItalic"> protocol src_addr src_port dest_addr dest_port </EM>[<B class="cCN_CmdName">detailed</B>]</P><P>Eg -&nbsp; <STRONG>packet-tracer</STRONG> <B class="cCN_CmdName">input</B><EM class="cCi_CmdItalic"> outside&nbsp;tcp</EM><EM class="cCi_CmdItalic">&nbsp;192.168.10.1&nbsp;0&nbsp;172.17.190.24&nbsp;443 </EM><B class="cCN_CmdName">detailed</B></P><P>As I am not aware about source port and knows destination port only (i.e 443) I have executed the above packet tracer command&nbsp; and getting output as DROP at implicit rule. this is leading to confusion from troubleshooting point of view..whether have applied correct ACL policy...understands un-proper source&nbsp;port could be&nbsp;one among reason for getting DROP(in implicit rule) in output.</P><P>Would like to know, as in my case...what should be the source port in case if network admin is not sure about it....however destination port is available. and what If both ports are unknown.</P><P>&nbsp;</P><P>Please help to understand this.</P><P>&nbsp;</P><P>Rgds</P><P>***</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 12 Mar 2019 06:22:38 GMT netbeginner 2019-03-12T06:22:38Z https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711512#M193117 <P>Hi Friendzs,</P><P>&nbsp;</P><P>Query is regarding packet tracer command. <STRONG>packet-tracer</STRONG> <B class="cCN_CmdName">input</B><EM class="cCi_CmdItalic"> </EM>[<EM class="cArgument">src_int</EM>]<EM class="cCi_CmdItalic"> protocol src_addr src_port dest_addr dest_port </EM>[<B class="cCN_CmdName">detailed</B>]</P><P>Eg -&nbsp; <STRONG>packet-tracer</STRONG> <B class="cCN_CmdName">input</B><EM class="cCi_CmdItalic"> outside&nbsp;tcp</EM><EM class="cCi_CmdItalic">&nbsp;192.168.10.1&nbsp;0&nbsp;172.17.190.24&nbsp;443 </EM><B class="cCN_CmdName">detailed</B></P><P>As I am not aware about source port and knows destination port only (i.e 443) I have executed the above packet tracer command&nbsp; and getting output as DROP at implicit rule. this is leading to confusion from troubleshooting point of view..whether have applied correct ACL policy...understands un-proper source&nbsp;port could be&nbsp;one among reason for getting DROP(in implicit rule) in output.</P><P>Would like to know, as in my case...what should be the source port in case if network admin is not sure about it....however destination port is available. and what If both ports are unknown.</P><P>&nbsp;</P><P>Please help to understand this.</P><P>&nbsp;</P><P>Rgds</P><P>***</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 12 Mar 2019 06:22:38 GMT https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711512#M193117 netbeginner 2019-03-12T06:22:38Z https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711513#M193118 <P>Source port = 0 is invalid so we would not expect that to pass the packet-tracer.</P><P>Since most Windows systems will use ephemeral port numbers beginning with 1025 for outbound communications to servers on well-known port numbers, I typically use 1025 as my source port.</P><P>If both ports are unknown then you don't have enough information to form a proper packet-tracer query for a TCP connection or UDP flow. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 03 Aug 2015 19:10:38 GMT https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711513#M193118 Marvin Rhoads 2015-08-03T19:10:38Z https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711514#M193120 <P>Thanks Marvin,</P><P>&nbsp;</P><P>But port 0 is showing there in ASA syntax...</P><P>Further, you mean to say if I use port 1025 as source port....output will show all through...(If ACL applied correctly).</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 03 Aug 2015 19:19:02 GMT https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711514#M193120 netbeginner 2015-08-03T19:19:02Z https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711515#M193122 <P>What ACL are you trying to test?</P> Mon, 03 Aug 2015 19:29:17 GMT https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711515#M193122 Marvin Rhoads 2015-08-03T19:29:17Z https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711516#M193124 <P>From Outside to Inside.</P><P>With destination port - 443, Source port is not known.</P><P><STRONG>packet-tracer</STRONG> input<EM> outside&nbsp;tcp</EM><EM>&nbsp;192.168.10.1&nbsp;0&nbsp;172.17.190.24&nbsp;443 </EM>detailed</P><P>&nbsp;</P><P>Regds</P><P>***</P> Tue, 04 Aug 2015 08:05:53 GMT https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711516#M193124 netbeginner 2015-08-04T08:05:53Z https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711517#M193128 <P>ACL = Access List. Please provide the access-list you are trying to verify, not the packet-tracer command.</P> Tue, 04 Aug 2015 13:04:23 GMT https://community.cisco.com/t5/network-security/packet-tracer-source-port/m-p/2711517#M193128 Marvin Rhoads 2015-08-04T13:04:23Z