Solved

ICMP traffic in firewall logs

Posted on 2014-01-23
8
507 Views
Last Modified: 2014-02-04
Hi,
I am reviewing firewall logs and I am trying to understand this line.


Jan 18 10:08:39 logapps %ASA-6-303021: Teardown ICMP connection for faddr 141.000.100.2/0 gaddr 141.000.63.159/0 laddr 141.000.63.159/0


What does the faddr / gaddr and laddr mean?  Since it is a ping, one is the initator of the ping, the current address and the final address.... is that correct?

Thanks!
0
Comment
Question by:NYGiantsFan
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 7

Accepted Solution

by:
SvenIA earned 250 total points
ID: 39803594
foreign address (one not in control by this ASA/router)

global address (after NAT)

local address (pre NAT)

So you are correct.....
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39803629
Scott says This
0
 
LVL 7

Expert Comment

by:SvenIA
ID: 39803642
@Miftaul

Isn't that exactly the same as what i posted?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:NYGiantsFan
ID: 39803753
The foreign address originated with our network?  Or is this nated.

What is the different between the global address and the local address?  They are appearing as the same.   Thanks.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39803785
@SvenIA, yes thats it. I am on mobile, screen doesn't refresh. I didn't notice your comment earlier.
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
ID: 39803921
global address and the local address could be same when you are pinging from within ASA.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 39808967
Sounds like that faddr might be a VPN address which is why it shows internal, do you run a VPN on that range?
0
 

Author Closing Comment

by:NYGiantsFan
ID: 39832933
Thanks!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question