topic The server is inside the in Network Security

ASA-Port Question

dcanady55 — Tue, 12 Mar 2019 04:32:14 GMT

Hello,

I've got internal devices connecting back to one particular server using a strange port. I rebooted the server and now there all connecting to a different port still using a strange protocol.

Is there a way to look on the firewall to see if the server is talking to an outside IP address using that same port? I apologize if I didn't frame the question very good.

Thanks

The server is inside the

Marvin Rhoads — Fri, 25 Jul 2014 02:45:29 GMT

The server is inside the firewall?

If so, connections initiated from the outside should only be allowed according to the access-list you have on the outside interface.

You can always capture traffic on an ASA firewall to see exactly what's being transmitted and received. From ASDM, use "Wizards > Packet capture wizard' and follow the prompts.

Hi,You can use 'show local

johnlloyd_13 — Fri, 25 Jul 2014 04:15:14 GMT

Hi,

You can use 'show local-host <server-ip> detail' command.

Hi, Sh conn | in

nkarthikeyan — Fri, 25 Jul 2014 10:03:58 GMT

Hi,

Sh conn | in <Server IP> to check if there are any current active connections running for that specific server.... Also this gives you the port information as well.....

If you want to capture the traffic for certain timelines then you may use capture.....

access-list capture extended permit ip host <server ip> any

FW# capture test access-list capture buffer 2048 interface <inside> trace detail

leave for certain period say 30 mins or something

then check

FW#show capture test

Example output:

ASA1# show capture test

15 packets captured

   1: 09:59:45.405389 192.168.1.10 > 192.168.2.10: icmp: echo reply
   2: 09:59:45.529315 192.168.1.10 > 192.168.2.10: icmp: echo reply
   3: 09:59:45.564179 192.168.1.10 > 192.168.2.10: icmp: echo reply
   4: 09:59:45.585266 192.168.1.10 > 192.168.2.10: icmp: echo reply
   5: 09:59:45.628354 192.168.1.10 > 192.168.2.10: icmp: echo reply
   6: 09:59:45.654140 192.168.1.10 > 192.168.2.10: icmp: echo reply
   7: 09:59:45.712304 192.168.1.10 > 192.168.2.10: icmp: echo reply
   8: 09:59:45.756293 192.168.1.10 > 192.168.2.10: icmp: echo reply
   9: 09:59:45.852418 192.168.1.10 > 192.168.2.10: icmp: echo reply
10: 09:59:46.297225 192.168.1.10 > 192.168.2.10: icmp: echo reply
11: 09:59:46.335218 192.168.1.10 > 192.168.2.10: icmp: echo reply
12: 09:59:46.357205 192.168.1.10 > 192.168.2.10: icmp: echo reply
13: 09:59:46.385203 192.168.1.10 > 192.168.2.10: icmp: echo reply
14: 09:59:46.419198 192.168.1.10 > 192.168.2.10: icmp: echo reply
15: 09:59:46.455970 192.168.1.10 > 192.168.2.10: icmp: echo reply
15 packets shown
ASA1#

Regards

Karthik

Thanks for the tips. I've

dcanady55 — Fri, 25 Jul 2014 12:13:01 GMT

Thanks for the tips.

I've ran this command and it's a big help.

Thanks,

Derek