Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
5
Helpful
0
Replies

Netflow on ASA Code 9.9(2)74 and TCP flags

shabuboy
Level 1
Level 1

‎08-18-2022 09:23 AM

Hello

We are using Netography for NetFlow and we cannot find packets with the sync flag during queries, such as:

ip == 10.40.32.67 AND ip == 10.67.51.215 and tcpflags.ack == true 

Removing "tcpflags.ack == true" does shield results but all results have the "tcpflags.ack == false".

It seems since version 8.x, the TCP flags are not populated, according to this link:
https://community.cisco.com/t5/security-knowledge-base/netflow-on-asa/ta-p/3119176
It mentions "unlike the routing platforms we will not populate the ToS bits or the TCP flags". 
This is true as packets from routers are found with the sync flag during queries.

Any idea if there is a way to capture packets with the sync flag for NetFlow using ASAs?

 

0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card