topic syn timeout while reaching a server in Network Security

syn timeout while reaching a server

mahesh18 — Tue, 12 Mar 2019 04:09:13 GMT

Hi Everyone,

I am trying to connect to a server.

Logs are below from ASA

May 01 2014 17:59:54: %ASA-6-302014: Teardown TCP connection 142620724 for X:172.31.23.107/60309 to Y:172.31.10.131/443 duration 0:00:30 bytes 0 SYN Timeout

May 01 2014 17:59:24: %ASA-6-302013: Built inbound TCP connection 142620724 for X:172.31.23.107/60309 (172.31.23.107/60309) to Y 172.31.10.131/443 (172.31.10.131/443)

I did packet capture on ASA

1: 17:59:24.010390 172.31.23.107.60309 > 172.31.10.131.443: S 2877280643:2877280643(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>

2: 17:59:27.006240 172.31.23.107.60309 > 172.31.10.131.443: S 2877280643:2877280643(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>

3: 17:59:33.008544 172.31.23.107.60309 > 172.31.10.131.443: S 2877280643:2877280643(0) win 8192 <mss 1460,nop,nop,sackOK>

Need to confirm that as per above logs ASA has send 3 syn packets to servers and it did not receive any syn,ack from the server right?

Also nop,wscale 2,nop,nop,sackOK> means that ASA does not receive any syn from server right?

Regards

Mahesh

Yes, that's right. 3 syn

Marvin Rhoads — Fri, 02 May 2014 15:50:47 GMT

Yes, that's right. 3 syn packets without an ack is the default for Windows to stop retrying.

The first one is sent, then 3 seconds later the second then 6 seconds later the third.

I find it's generally easier to export the packet captures into Wireshark to visualize the flows. If you run the capture using the ASDM wizard and setup your path to Wireshark in ASDM, you can just click to export and launch.

Thanks MArvin seems i will

mahesh18 — Fri, 02 May 2014 16:37:58 GMT

Thanks MArvin seems i will learn lot from your experience.

Regards

Mahesh