cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
21974
Views
24
Helpful
13
Replies

What does the "RRRRR" ping result mean?

adil.nasser3
Level 1
Level 1

Hi,

 

What does the "RRRRR" ping result mean in the below output?

fw-a/pri/act# ping tcp dmz 1.1.1.1 8002 source 2.2.2.2 1024
Type escape sequence to abort.
Sending 5 TCP SYN requests to 172.30.98.153 port 8002
from 172.30.99.153 starting port 1024, timeout is 2 seconds:
RRRRR

 

Thank you,

 

Adil


 

13 Replies 13

Marvin Rhoads
Hall of Fame
Hall of Fame

I couldn't find any specific reference to the "R" code.

If I were to hazard an educated guess, I would look at a possible Routing issue.

You could also capture the traffic and look at the actual icmp code in the trace file.

I finally found out what "RRRRR" means.  It means the destination host sent back a reset.

 

Adil

nice! haven't seen 'R' yet on an ASA.
 

It happens once a year on Talk Like a Pirate Day. :-p

lol laugh


yes there's now a 'like' in CSC.

Hi adil, 

If RRRR means Reset.can yo help me in identifying TTTT means, is it timeout?

 

CC-F1#ping tcp 10.236.20.50 8081 s 10.252.137.100 2222
Type escape sequence to abort.
Sending 5 TCP SYN requests to 10.236.20.50 port 8081
from 10.252.137.100 starting port 2222, timeout is 2 seconds:
TTTTT
Success rate is 0 percent (0/5)

 

Regards,

Shankar Ganesh A

Regards,
Shankar Ganesh
Network Security Analyst

Hi Marvin,

what is the source when I don't put any source in ping tcp command?

Its strange that a ping tcp is successful when I don't put any source, but fails when I put firewall's outside interface's IP.

I captured and found that in both cases its using same IP.  ...

I am confused

The source interface is by default the one that the routing table selects as the best path to the destination.

Om a firewall you cannot source a ping from, say the outside interface, to a host on the inside.

I have put a capture and can see that in both cases, source is OUTSIDE interface's IP.

But the ping is successful when I don't put any source. Its timed out when I put source as OUTSIDE interface's IP

Something seems contrary to waht I'd expect. 

Here is the output showing my firewall pining a public address.

Source from inside = fail

Source from outside = pass

Source without specifying interface = pass (uses the outside per the routing table)

asa-5512# ping inside 8.8.8.8 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
asa-5512# ping outside 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/14/20 ms
asa-5512# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/14/20 ms
asa-5512#

Ohh. i think you misunderstood me.

I am talking about tcp ping.

ASA# ping tcp 1.2.2.2 443

Type escape sequence to abort.

No source specified. Pinging from identity interface.

Sending 5 TCP SYN requests to 1.2.2.2 port 443

from 11.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28

************************

ASA# ping tcp 1.2.2.2 80 source 11.1.1.1 45454
 !!!!!!!  FAIL

Hello ROHIT SHARMA,

Just want to denote that in the second case you use DST PORT = 80 (HTTP)..

1) ASA# ping tcp 1.2.2.2 443

2) ASA# ping tcp 1.2.2.2 80 source 11.1.1.1 45454

bogdan.zuyev
Level 1
Level 1

From what I can tell RRRRR means that the remote port you are trying to ping is closed.

ASA5512# ping tcp 10.200.100.18 443
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to 10.200.100.18 port 443
from 10.10.10.1, timeout is 2 seconds:
RRRRR
Success rate is 0 percent (0/5)
ASA5512#
ASA5512#
ASA5512#
ASA5512# ping tcp 10.200.100.18 3389
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to 10.200.100.18 port 3389
from 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA5512#

Hope this helps

Cheers

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: