Re: pix traffic logs

mahesh18 · ‎05-12-2018

logs show

106001: Inbound TCP connection denied from 10.41.101.75/51100 to 192.168.144.110/990 flags SYN on interface outside

traffic flow 1

106001: Inbound TCP connection denied from 10.41.101.37/59697 to 10.71.38.79/8080 flags SYN on interface outside
106001: Inbound TCP connection denied from 10.41.101.37/59697 to 10.71.38.79/8080 flags SYN on interface outside

as this is pix i cannot do packet tracer.

rules are correct all config is good. it was working fine but now pix shows above logs.

i did the pcap on pix for traffic flow 1

3 packets captured
23:58:04.516315 10.41.101.37.56823 > 10.71.38.79.8080: S 684040867:684040867(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
23:58:07.537707 10.41.101.37.56823 > 10.71.38.79.8080: S 684040867:684040867(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
23:58:13.543749 10.41.101.37.56823 > 10.71.38.79.8080: S 684040867:684040867(0) win 65535 <mss 1460,nop,nop,sackOK>

logs for traffic flow 2

106001: Inbound TCP connection denied from 10.41.101.75/51100 to 192.168.144.110/990 flags SYN on interface outside
106001: Inbound TCP connection denied from 10.41.101.75/51100 to 192.168.144.110/990 flags SYN on interface outside
106001: Inbound TCP connection denied from 10.41.101.75/51100 to 192.168.144.110/990 flags SYN on interface outside

PCAP for traffic flow 2

00:06:13.877716 10.41.101.75.57980 > 192.168.144.110.990: SWE 3244835501:3244835501(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:06:16.886627 10.41.101.75.57980 > 192.168.144.110.990: SWE 3244835501:3244835501(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:06:22.882385 10.41.101.75.57980 > 192.168.144.110.990: S 3244835501:3244835501(0) win 8192 <mss 1460,nop,nop,sackOK>
00:07:14.135857 10.41.101.75.58111 > 192.168.144.110.990: SWE 819880839:819880839(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:07:17.144920 10.41.101.75.58111 > 192.168.144.110.990: SWE 819880839:819880839(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:07:23.148506 10.41.101.75.58111 > 192.168.144.110.990: S 819880839:819880839(0) win 8192 <mss 1460,nop,nop,sackOK>
00:08:13.460852 10.41.101.75.58229 > 192.168.144.110.990: SWE 3131287969:3131287969(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:08:16.461798 10.41.101.75.58229 > 192.168.144.110.990: SWE 3131287969:3131287969(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:08:22.471304 10.41.101.75.58229 > 192.168.144.110.990: S 3131287969:3131287969(0) win 8192 <mss 1460,nop,nop,sackOK>
00:09:13.437996 10.41.101.75.58366 > 192.168.144.110.990: SWE 3556210679:3556210679(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:09:16.444236 10.41.101.75.58366 > 192.168.144.110.990: SWE 3556210679:3556210679(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:09:22.457740 10.41.101.75.58366 > 192.168.144.110.990: S 3556210679:3556210679(0) win 8192 <mss 1460,nop,nop,sackOK>
00:09:44.275849 10.41.101.75.58417 > 192.168.144.110.990: SWE 2356660986:2356660986(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:09:47.281510 10.41.101.75.58417 > 192.168.144.110.990: SWE 2356660986:2356660986(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:09:53.282547 10.41.101.75.58417 > 192.168.144.110.990: S 2356660986:2356660986(0) win 8192 <mss 1460,nop,nop,sackOK>
00:10:13.786519 10.41.101.75.58474 > 192.168.144.110.990: SWE 1758027682:1758027682(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:10:16.795796 10.41.101.75.58474 > 192.168.144.110.990: SWE 1758027682:1758027682(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:10:22.798664 10.41.101.75.58474 > 192.168.144.110.990: S 1758027682:1758027682(0) win 8192 <mss 1460,nop,nop,sackOK>
00:11:14.077556 10.41.101.75.58633 > 192.168.144.110.990: SWE 3279675547:3279675547(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
<--- More ---> 00:11:17.083247 10.41.101.75.58633 > 192.168.144.110.990: SWE 3279675547:3279675547(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:11:23.093897 10.41.101.75.58633 > 192.168.144.110.990: S 3279675547:3279675547(0) win 8192 <mss 1460,nop,nop,sackOK>
00:12:13.367656 10.41.101.75.58747 > 192.168.144.110.990: SWE 4075450614:4075450614(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:12:16.363994 10.41.101.75.58747 > 192.168.144.110.990: SWE 4075450614:4075450614(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:12:22.371715 10.41.101.75.58747 > 192.168.144.110.990: S 4075450614:4075450614(0) win 8192 <mss 1460,nop,nop,sackOK>
00:13:13.436363 10.41.101.75.58803 > 192.168.144.110.990: SWE 2582163149:2582163149(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:13:16.446098 10.41.101.75.58803 > 192.168.144.110.990: SWE 2582163149:2582163149(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:13:22.457526 10.41.101.75.58803 > 192.168.144.110.990: S 2582163149:2582163149(0) win 8192 <mss 1460,nop,nop,sackOK>
00:14:13.572175 10.41.101.75.58958 > 192.168.144.110.990: SWE 2192567898:2192567898(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:14:16.565598 10.41.101.75.58958 > 192.168.144.110.990: SWE 2192567898:2192567898(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:14:22.575547 10.41.101.75.58958 > 192.168.144.110.990: S 2192567898:2192567898(0) win 8192 <mss 1460,nop,nop,sackOK>
00:14:44.267320 10.41.101.75.59044 > 192.168.144.110.990: SWE 2427906410:2427906410(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:14:47.258684 10.41.101.75.59044 > 192.168.144.110.990: SWE 2427906410:2427906410(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:14:53.265016 10.41.101.75.59044 > 192.168.144.110.990: S 2427906410:2427906410(0) win 8192 <mss 1460,nop,nop,sackOK>
00:15:13.905119 10.41.101.75.59144 > 192.168.144.110.990: SWE 2875267033:2875267033(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:15:16.911528 10.41.101.75.59144 > 192.168.144.110.990: SWE 2875267033:2875267033(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:15:22.916349 10.41.101.75.59144 > 192.168.144.110.990: S 2875267033:2875267033(0) win 8192 <mss 1460,nop,nop,sackOK>
00:16:14.226825 10.41.101.75.59377 > 192.168.144.110.990: SWE 99661123:99661123(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:16:17.224201 10.41.101.75.59377 > 192.168.144.110.990: SWE 99661123:99661123(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:16:23.217868 10.41.101.75.59377 > 192.168.144.110.990: S 99661123:99661123(0) win 8192 <mss 1460,nop,nop,sackOK>
<--- More ---> 00:17:13.419381 10.41.101.75.59562 > 192.168.144.110.990: SWE 2632239555:2632239555(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:17:16.417245 10.41.101.75.59562 > 192.168.144.110.990: SWE 2632239555:2632239555(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:17:22.421990 10.41.101.75.59562 > 192.168.144.110.990: S 2632239555:2632239555(0) win 8192 <mss 1460,nop,nop,sackOK>
00:18:13.662975 10.41.101.75.59730 > 192.168.144.110.990: SWE 3988823506:3988823506(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:18:16.657604 10.41.101.75.59730 > 192.168.144.110.990: SWE 3988823506:3988823506(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:18:22.658626 10.41.101.75.59730 > 192.168.144.110.990: S 3988823506:3988823506(0) win 8192 <mss 1460,nop,nop,sackOK>
00:19:13.891006 10.41.101.75.59931 > 192.168.144.110.990: SWE 1050413029:1050413029(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:19:16.898085 10.41.101.75.59931 > 192.168.144.110.990: SWE 1050413029:1050413029(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:19:22.907637 10.41.101.75.59931 > 192.168.144.110.990: S 1050413029:1050413029(0) win 8192 <mss 1460,nop,nop,sackOK>
00:19:44.270509 10.41.101.75.60028 > 192.168.144.110.990: SWE 2458416948:2458416948(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:19:47.275803 10.41.101.75.60028 > 192.168.144.110.990: SWE 2458416948:2458416948(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
00:19:53.285980 10.41.101.75.60028 > 192.168.144.110.990: S 2458416948:2458416948(0) win 8192 <mss 1460,nop,nop,sackOK>

Florin Barhala · ‎05-14-2018

Before diving into the logs, what's the issue?