Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
313
Views
0
Helpful
0
Replies
dolgachev.pn
Beginner
Beginner
‎07-12-2012 05:01 AM
‎07-12-2012 05:01 AM

ASA makes huge packets?

Hello, colleagues!

There's a bad thing happened.

I've got tcpdump of the same traffic simultaneously in two places:

Dump 1. capture on the ASA on the outside interface

Dump 2. tcpdump from span-session on the switch, connected to the outside asa

I interested in smtp server traffic, that  is behind ASA mail interface.

Both dumps were opened in wireshark. I found in both dumps the same tcp-session sending the usual large e-mail message.

And I see the following picture, which I did not fit in my head:

In the first dump (ASA capture):

The server sent data packets in size of 1420 bytes (tcp segment is 1368 bytes), then received a packeta with an ACK to the data.

and so is repeated several times.

But in the second dump (tcpdump / SPAN):

I found 15 packets pack instead of 16 packets in the first dump! One packet (in dump 2) had a size of 2788 bytes (tcp segment is 2736 bytes, which is 2 times greater than 1368)!!!!!

While sequence numbers of these packages are the same!

IP header checksum, tcp checksum - different, but wireshark shows that they are correct!

That's it:

Someone had collected from two packs - one, and made it intellectually, counting the checksum.

A packet size greater than MTU of ASA intrface, and MTU of switch (MTU 1500).

Who made this and why is it so large?

Labels:
0 Helpful
0 REPLIES 0
Latest Contents
**New Episode** Cisco Champion Radio: S8|E16 Cisco Smart Bui...
Created by aalesna on 04-19-2021 07:21 PM
0
0
0
0
New Cisco Champion Radio release on Cisco Smart Building SolutionsListen: https://smarturl.it/CCRS8E16Follow us: https://twitter.com/CiscoChampion Now more than ever, sustainable and flexible building designs are at the forefront of every develo... view more
Configuring MACsec Switch to Host with ISE
Created by Timothy Glen on 04-19-2021 12:43 PM
0
5
0
5
DRAFT -- THIS DOCUMENT IS STILL IN DRAFT FORM Summary MACsec is IEEE standard 802.1AE. It was developed by the IEEE to compliment the 802.1X-2004 standard. MACsec was developed to allow authorized systems to connect and then encrypt data that is transmitt... view more
SD-WAN Overview & Advanced Deployment Lab | Part.1
Created by Mohamed Alhenawy on 04-16-2021 12:13 AM
0
15
0
15
Today I'm going to talk about SD-wan including SD-WAN advanced lab ,, first thing let's take a small brief about the SD_WAN.  What is SD-WAN?   SD-WAN is Software define wide area network and SD-WAN is key part of the technology o... view more
Cisco Meraki IoT specialist will introduce you to new and in...
Created by sullskog on 04-15-2021 01:09 AM
0
0
0
0
Leopold Fisher, Cisco Meraki IoT specialist, will introduce you to new and innovative additions to the Meraki portfolio coming in April 2021.         Meraki Vision Session MV smart camera range is getting big... view more
Dynamic Routing Protocols with IPv6: Configuration, Verifica...
Created by ciscomoderator on 04-13-2021 02:39 PM
0
5
0
5
Ask questions from Wednesday, April 14 to Tuesday, April 27, 2021. To participate in this event, please use the  button to ask your questions Dynamic Routing Protocols & IPv6 Have any questions on dynamic routing protocols with IPv6? In this eve... view more
Content for Community-Ad