cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1331
Views
0
Helpful
2
Replies

ASA CLI Packet Capture - What does the last number in the terminal output represent?

dfreemire
Level 1
Level 1

I have captured some syslog output from my ASA5585-SSP-40 running 9.1(5)19 code. The basic show command results in output that shows the source and destination IPs, each with .514 appended. This seems right because syslog is transmitted UDP/514. What I don't understand is the "udp 143" and "udp 166" at the end of these two lines. The rest of the capture has more, seemingly random, numbers at the end as well.

fw3-cloudsys-ash1/act# sh capture syslog-tst3
4294 packets captured
   1: 15:36:39.245852       802.1Q vlan#2050 P0 10.30.30.30.514 > 10.20.20.20.514:  udp 143
   2: 15:36:39.245852       802.1Q vlan#2050 P0 10.30.30.30.514 > 10.20.20.20.514:  udp 166

fw3-cloudsys-ash1/act# sh capture syslog-tst3 detail
4294 packets captured
   1: 15:36:39.245852 f4cf.e200.3d72 0000.0c07.ac64 0x8100 Length: 189
      802.1Q vlan#2050 P0 10.64.4.131.514 > 10.74.80.84.514:  [udp sum ok] udp 143 (ttl 255, id 28239) 
   2: 15:36:39.245852 f4cf.e200.3d72 0000.0c07.ac64 0x8100 Length: 212
      802.1Q vlan#2050 P0 10.64.4.131.514 > 10.74.80.84.514:  [udp sum ok] udp 166 (ttl 255, id 15063) 

I then exported the capture and looked at it with Wireshark. Those numbers, 143 & 166, do not appear anywhere in frames 1 and 2. The overall packet length of packet 1 is 189. The length of the UDP datagram is 151.

What is that output telling me? What is that last field in the ASA CLI terminal output?

Thank you

 

1 Accepted Solution

Accepted Solutions

Vibhor Amrodia
Cisco Employee
Cisco Employee