Solved

I don't understand this log entry. CAn someone explain step by step?

Posted on 2008-10-03
1
870 Views
Last Modified: 2012-08-14
I pulled this log from my firewall. I'd really like to know what it means. I also took the diagram from robtek.com
*** denotes changes made for security reasons

 FRI OCT 03 16:57:05 2008 time="2008-10-03 16:04:31"

proto=6- tcp packet -  Source:=209.85.171.127 -

Destination:=xxx.xxx.xxx.xxx***(your WAN ip) - [RST packet with out of range

ACK number detected Src 80 Dst 1275 from WAN n/w]


it (source) appears to be some back end google server.... idk
netdiag.bmp
0
Comment
Question by:crazystoo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22648554


Your firewall does stateful inspection which in this case means that the firewall inspects the flows (TCP in this case) to ensure expected communications
between endpoints of the flow (in this case an internal system and a google system on the outside) send and receive what is expected.

One thing the firewall inspects is the acknowledgment numbers in the TCP segment, the sender receives acknowledgments from the receiver to verify receipt of data sent. Your firewall has detected that a TCP reset was sent with an seuence number out of the range of expected values for the particular flow. Looks like someone on the inside of your network was surfing on google and the google server sent a reset to your internal system to terminate the flow, typically this is because something was wrong with the flow and the server wanted to start over more or less. Your firewall noticed that the acknowledgment number was not the expected value, perhaps thats why the google serveer wanted to reset, the two systems were not in sync.

harbor235 ;}  
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question