I don't understand this log entry. CAn someone explain step by step?

I pulled this log from my firewall. I'd really like to know what it means. I also took the diagram from robtek.com
*** denotes changes made for security reasons

 FRI OCT 03 16:57:05 2008 time="2008-10-03 16:04:31"

proto=6- tcp packet -  Source:=209.85.171.127 -

Destination:=xxx.xxx.xxx.xxx***(your WAN ip) - [RST packet with out of range

ACK number detected Src 80 Dst 1275 from WAN n/w]


it (source) appears to be some back end google server.... idk
netdiag.bmp
crazystooAsked:
Who is Participating?
 
harbor235Commented:


Your firewall does stateful inspection which in this case means that the firewall inspects the flows (TCP in this case) to ensure expected communications
between endpoints of the flow (in this case an internal system and a google system on the outside) send and receive what is expected.

One thing the firewall inspects is the acknowledgment numbers in the TCP segment, the sender receives acknowledgments from the receiver to verify receipt of data sent. Your firewall has detected that a TCP reset was sent with an seuence number out of the range of expected values for the particular flow. Looks like someone on the inside of your network was surfing on google and the google server sent a reset to your internal system to terminate the flow, typically this is because something was wrong with the flow and the server wanted to start over more or less. Your firewall noticed that the acknowledgment number was not the expected value, perhaps thats why the google serveer wanted to reset, the two systems were not in sync.

harbor235 ;}  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.