FW: Connection Table，Flagsの変遷について

Daisuke Nagai · ‎2014-04-24

ASA/FWSMにおいて，TCP の Connection Tableとその Flags がそれぞれのパケットでどのように変遷していくかご覧いただけるサンプルとなります．

ネットワーク図
200.0.0.2 ------- ASA ------- 100.0.0.2
Outside(Clinet) Inside(Server)

Inside(Clinet)               Outside(Server)
Number Flags                 Number Flags         FW Flags
01     syn         ------>                        saA
                     <------   02     ack,syn         A
03     ack         ------>                           U
04     ack         ------>                           U
                     <------   05     ack              UO
06     ack,psh     ------>                           UO
07     ack,psh     ------>                           UO
                     <------   08     ack              UIO
                     <------   09     ack              UIO
                     <------   10     ack,psh,fin      UFIO
11     ack         ------>                           UFRIO
12     ack,psh,fin ------>                           UfFRIO
                     <------   13     ack             (UfFrRIO)

コンソールログと，1パケット毎の show connの出力結果

##### 01 syn from Inside and built a connection
Feb 24 2014 05:43:50: %ASA-7-609001: Built local-host inside:200.0.0.2
Feb 24 2014 05:43:50: %ASA-7-609001: Built local-host outside:100.0.0.2
Feb 24 2014 05:43:50: %ASA-6-302013: Built outbound TCP connection 13 for outside:100.0.0.2/80 (100.0.0.2/80) to inside:200.0.0.2/41487 (200.0.0.2/41487)
sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:02, bytes 0, flags saA

##### 02 ACK, SYN from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:02, bytes 0, flags A

##### 03 ACK from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:01, bytes 0, flags U

##### 04 ACK from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:02, bytes 0, flags U

##### 05 ACK from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:02, bytes 0, flags U

##### 06 ACK, PSH from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:01, bytes 1, flags UO

##### 07 ACK, PSH from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:02, bytes 3, flags UO

##### 08 ACK from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:01, bytes 3, flags UO

##### 09 ACK from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:01, bytes 125, flags UIO

##### 10 ACK, PSH, FIN from Outside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:01, bytes 125, flags UFIO

##### 11 ACK from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:02, bytes 125, flags UFRIO

##### 12 ACK, PSH, FIN from Inside
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 100.0.0.2:80 inside 200.0.0.2:41487, idle 0:00:01, bytes 125, flags UfFRIO

##### 13 Last ACK from Outside
ciscoasa(config)# Feb 24 2014 05:45:28: %ASA-6-302014: Teardown TCP connection 13 for outside:100.0.0.2/80 to inside:200.0.0.2/41487 duration 0:01:37 bytes 125 TCP FINs
Feb 24 2014 05:45:28: %ASA-7-609002: Teardown local-host inside:200.0.0.2 duration 0:01:37
Feb 24 2014 05:45:28: %ASA-7-609002: Teardown local-host outside:100.0.0.2 duration 0:01:37

ciscoasa(config)# sh conn
0 in use, 1 most used
ciscoasa(config)#