Packet tracer - SOURCE PORT

netbeginner · ‎08-03-2015

Hi Friendzs,

Query is regarding packet tracer command. packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed]

Eg - packet-tracer input outside tcp 192.168.10.1 0 172.17.190.24 443 detailed

As I am not aware about source port and knows destination port only (i.e 443) I have executed the above packet tracer command and getting output as DROP at implicit rule. this is leading to confusion from troubleshooting point of view..whether have applied correct ACL policy...understands un-proper source port could be one among reason for getting DROP(in implicit rule) in output.

Would like to know, as in my case...what should be the source port in case if network admin is not sure about it....however destination port is available. and what If both ports are unknown.

Please help to understand this.

Rgds

***

Marvin Rhoads · ‎08-03-2015

Source port = 0 is invalid so we would not expect that to pass the packet-tracer.

Since most Windows systems will use ephemeral port numbers beginning with 1025 for outbound communications to servers on well-known port numbers, I typically use 1025 as my source port.

If both ports are unknown then you don't have enough information to form a proper packet-tracer query for a TCP connection or UDP flow. :)

netbeginner · ‎08-03-2015

Thanks Marvin,

But port 0 is showing there in ASA syntax...

Further, you mean to say if I use port 1025 as source port....output will show all through...(If ACL applied correctly).

Marvin Rhoads · ‎08-03-2015

What ACL are you trying to test?

netbeginner · ‎08-04-2015

From Outside to Inside.

With destination port - 443, Source port is not known.

packet-tracer input outside tcp 192.168.10.1 0 172.17.190.24 443 detailed

Regds

***

Marvin Rhoads · ‎08-04-2015

ACL = Access List. Please provide the access-list you are trying to verify, not the packet-tracer command.