11-25-2014 01:57 PM - edited 03-11-2019 10:07 PM
I ran the following asp-drop packet capture on my ASA 5520 Firewall:
capture asp type asp-drop acl-drop headers-only circular-buffer
I then performed the following show command. I replaced the real IP addresses with different ones so as not to reveal my internal IP addressing scheme:
show capture asp | i 172.18.2
I then got the following returns. I replaced the real IP addresses with different ones so as not to reveal my internal IP addressing scheme:
4: 21:40:47.504459 172.18.5.5.52152 > 172.18.2.65.161: udp 79
9: 21:40:58.174459 172.18.5.5.52152 > 172.18.2.65.161: udp 79
14: 21:41:08.314879 172.18.5.17.52152 > 172.18.2.65.161: udp 79
Why does the destination IP address that ends with .161 (assuming that it is a destination port) also show :udp 79 (also assuming that it is a destination port?
What is the port that it is communicating to? Is it 161 or udp 79?
Solved! Go to Solution.
11-25-2014 04:56 PM
Hi,
The destination ip is 172.18.2.65 and the destination port is 161, the udp 79 is the udp payload lenght. Please check out this link.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/s2.html#wp1391007
Regards,
Aref
11-25-2014 04:56 PM
Hi,
The destination ip is 172.18.2.65 and the destination port is 161, the udp 79 is the udp payload lenght. Please check out this link.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/s2.html#wp1391007
Regards,
Aref
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: