Solved

ICMP traffic in firewall logs

Posted on 2014-01-23
8
503 Views
Last Modified: 2014-02-04
Hi,
I am reviewing firewall logs and I am trying to understand this line.


Jan 18 10:08:39 logapps %ASA-6-303021: Teardown ICMP connection for faddr 141.000.100.2/0 gaddr 141.000.63.159/0 laddr 141.000.63.159/0


What does the faddr / gaddr and laddr mean?  Since it is a ping, one is the initator of the ping, the current address and the final address.... is that correct?

Thanks!
0
Comment
Question by:NYGiantsFan
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 7

Accepted Solution

by:
SvenIA earned 250 total points
ID: 39803594
foreign address (one not in control by this ASA/router)

global address (after NAT)

local address (pre NAT)

So you are correct.....
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39803629
Scott says This
0
 
LVL 7

Expert Comment

by:SvenIA
ID: 39803642
@Miftaul

Isn't that exactly the same as what i posted?
0
 

Author Comment

by:NYGiantsFan
ID: 39803753
The foreign address originated with our network?  Or is this nated.

What is the different between the global address and the local address?  They are appearing as the same.   Thanks.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 11

Expert Comment

by:Miftaul
ID: 39803785
@SvenIA, yes thats it. I am on mobile, screen doesn't refresh. I didn't notice your comment earlier.
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
ID: 39803921
global address and the local address could be same when you are pinging from within ASA.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 39808967
Sounds like that faddr might be a VPN address which is why it shows internal, do you run a VPN on that range?
0
 

Author Closing Comment

by:NYGiantsFan
ID: 39832933
Thanks!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now