Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1612
Views
0
Helpful
1
Replies

If ICMP does not have a port abstraction, then what is 0 and 15343

Go to solution
deepansiddarthank
Level 1
Level 1

‎12-28-2015 01:39 AM - edited ‎03-12-2019 12:04 AM

This is the sample. I found faddr:x:x:x:x/15343 to laddr:d:d:d:d/0

Built ICMP connection for faddr 192.168.208.63/15343 gaddr 192.168.150.70/0 laddr 192.168.150.70/0

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎12-28-2015 06:20 AM

Hi,

First of all, we need to understand this Log message then you would be able to understand the actual meaning of these values :

302020

%ASA-6-302020: Built {in | out}bound ICMP connection for faddr { faddr | icmp_seq_num } [( idfw_user)] gaddr { gaddr | icmp_type } laddr laddr [( idfw_user)]

Explanation An ICMP session was established in the fast-path when stateful ICMP was enabled using the inspect icmp command.

Recommended Action None required.

Now, this icmp_seq_num is the number which is used to track which icmp reply is associated to which icmp request. This work with the combination of identifier. It is a part of all the ICMP header data portion(header data part is the combination of identifier and sequence number).

Therefore this 15343 is the icmp_seq_num. Second field is the icmp message type. As the ASA could inspect ICMP packets as well and create a session for the same, ASA keeps track of the ICMP request and reply with this message.

This ICMP sequence number could even seen through linux machines as well if try to ping :

$ ping -c 5 www.example.com
PING www.example.com (93.184.216.119): 56 data bytes
64 bytes from 93.184.216.119: icmp_seq=0 ttl=56 time=11.632 ms
64 bytes from 93.184.216.119: icmp_seq=1 ttl=56 time=11.726 ms
64 bytes from 93.184.216.119: icmp_seq=2 ttl=56 time=10.683 ms
64 bytes from 93.184.216.119: icmp_seq=3 ttl=56 time=9.674 ms
64 bytes from 93.184.216.119: icmp_seq=4 ttl=56 time=11.127 ms

Hope it answers your query.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎12-28-2015 06:20 AM

Hi,

First of all, we need to understand this Log message then you would be able to understand the actual meaning of these values :

302020

%ASA-6-302020: Built {in | out}bound ICMP connection for faddr { faddr | icmp_seq_num } [( idfw_user)] gaddr { gaddr | icmp_type } laddr laddr [( idfw_user)]

Explanation An ICMP session was established in the fast-path when stateful ICMP was enabled using the inspect icmp command.

Recommended Action None required.

Now, this icmp_seq_num is the number which is used to track which icmp reply is associated to which icmp request. This work with the combination of identifier. It is a part of all the ICMP header data portion(header data part is the combination of identifier and sequence number).

Therefore this 15343 is the icmp_seq_num. Second field is the icmp message type. As the ASA could inspect ICMP packets as well and create a session for the same, ASA keeps track of the ICMP request and reply with this message.

This ICMP sequence number could even seen through linux machines as well if try to ping :

$ ping -c 5 www.example.com
PING www.example.com (93.184.216.119): 56 data bytes
64 bytes from 93.184.216.119: icmp_seq=0 ttl=56 time=11.632 ms
64 bytes from 93.184.216.119: icmp_seq=1 ttl=56 time=11.726 ms
64 bytes from 93.184.216.119: icmp_seq=2 ttl=56 time=10.683 ms
64 bytes from 93.184.216.119: icmp_seq=3 ttl=56 time=9.674 ms
64 bytes from 93.184.216.119: icmp_seq=4 ttl=56 time=11.127 ms

Hope it answers your query.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card