Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5460
Views
5
Helpful
1
Replies

ASP-DROP Packet Capture

Go to solution
Mike Keenan
Level 1
Level 1

‎11-25-2014 01:57 PM - edited ‎03-11-2019 10:07 PM

I ran the following asp-drop packet capture on my ASA 5520 Firewall:

capture asp type asp-drop acl-drop headers-only circular-buffer

I then performed the following show command. I replaced the real IP addresses with different ones so as not to reveal my internal IP addressing scheme:

show capture asp | i 172.18.2

I then got the following returns. I replaced the real IP addresses with different ones so as not to reveal my internal IP addressing scheme:

4: 21:40:47.504459 172.18.5.5.52152 > 172.18.2.65.161:  udp 79 
9: 21:40:58.174459 172.18.5.5.52152 > 172.18.2.65.161:  udp 79 
14: 21:41:08.314879 172.18.5.17.52152 > 172.18.2.65.161:  udp 79 

Why does the destination IP address that ends with .161 (assuming that it is a destination port) also show :udp 79 (also assuming that it is a destination port?

What is the port that it is communicating to? Is it 161 or udp 79?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎11-25-2014 04:56 PM

Hi,

The destination ip is 172.18.2.65 and the destination port is 161, the udp 79 is the udp payload lenght. Please check out this link.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/s2.html#wp1391007

Regards,

Aref

View solution in original post

1 Reply 1

Go to solution
Aref Alsouqi
VIP
VIP

‎11-25-2014 04:56 PM

Hi,

The destination ip is 172.18.2.65 and the destination port is 161, the udp 79 is the udp payload lenght. Please check out this link.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/s2.html#wp1391007

Regards,

Aref

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card