cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


245
Views
10
Helpful
4
Replies
Beginner

Firewall capture

Hi All,

 

Just want to know, whats the following firewall capture means ? 

 

 

win2300 <mss 1460,nop,wscale0,nop,nop,sackok)

 

Regards,

Vishal

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Firewall capture

Vishal,

 

These are general networking terms and fundamentals, not just specific to ASA.
https://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml#tcp-parameters-1

 

Regards,

Dinesh Moudgil

 

P.S. Please rate helpful posts.

View solution in original post

4 REPLIES 4
Cisco Employee

Re: Firewall capture

Hi Vishal,


This represents a SYN packet. In a normal 3 way handshake, you would see the following messages:

 

134: 21:28:12.577637 173.39.68.116.56946 > 10.106.71.184.4443: S 1267690439:1267690439(0) win 65535 <mss 1380,nop,wscale 6,nop,nop,timestamp 1215630636 0,sackOK,eol>
135: 21:28:12.577805 10.106.71.184.4443 > 173.39.68.116.56946: S 1135917460:1135917460(0) ack 1267690440 win 32768 <mss 1380,nop,nop,timestamp 4398415 1215630636>
138: 21:28:12.580322 173.39.68.116.56946 > 10.106.71.184.4443: . ack 1135917461 win 65535 <nop,nop,timestamp 1215630638 4398415>

 

Regards,

Dinesh Moudgil

 

P.S. Please rate helpful posts.

 

Beginner

Re: Firewall capture

Hi Dinesh, 

 

Thank you for the reply. 

 

Could you please confirm, what does mss, nop,wscale sackok means ?

 

Regards,

Vishal

 

Cisco Employee

Re: Firewall capture

Vishal,

 

These are general networking terms and fundamentals, not just specific to ASA.
https://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml#tcp-parameters-1

 

Regards,

Dinesh Moudgil

 

P.S. Please rate helpful posts.

View solution in original post

Highlighted
Beginner

Re: Firewall capture

Thanks Dinesh. 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here