Solved

I don't understand this log entry. CAn someone explain step by step?

Posted on 2008-10-03
1
865 Views
Last Modified: 2012-08-14
I pulled this log from my firewall. I'd really like to know what it means. I also took the diagram from robtek.com
*** denotes changes made for security reasons

 FRI OCT 03 16:57:05 2008 time="2008-10-03 16:04:31"

proto=6- tcp packet -  Source:=209.85.171.127 -

Destination:=xxx.xxx.xxx.xxx***(your WAN ip) - [RST packet with out of range

ACK number detected Src 80 Dst 1275 from WAN n/w]


it (source) appears to be some back end google server.... idk
netdiag.bmp
0
Comment
Question by:crazystoo
1 Comment
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22648554


Your firewall does stateful inspection which in this case means that the firewall inspects the flows (TCP in this case) to ensure expected communications
between endpoints of the flow (in this case an internal system and a google system on the outside) send and receive what is expected.

One thing the firewall inspects is the acknowledgment numbers in the TCP segment, the sender receives acknowledgments from the receiver to verify receipt of data sent. Your firewall has detected that a TCP reset was sent with an seuence number out of the range of expected values for the particular flow. Looks like someone on the inside of your network was surfing on google and the google server sent a reset to your internal system to terminate the flow, typically this is because something was wrong with the flow and the server wanted to start over more or less. Your firewall noticed that the acknowledgment number was not the expected value, perhaps thats why the google serveer wanted to reset, the two systems were not in sync.

harbor235 ;}  
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Palo Alto Networks: Packet Trace Simulator? 2 75
Use of vpn-filter value  in S2S VPN 2 49
Monitor Bandwidth throughput in Fortigate 100D 1 35
Etherchannel balancing 10 34
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question