Solved

Decphering ASA Logs

Posted on 2014-07-24
6
52 Views
Last Modified: 2015-10-20
I'm having some issues with my ASA and my Websense.  It seems when I try to use the websense to route out my web traffic pages are not resolving.  I have it set in my browser with proxy settings.  I ran the sniffer via the ASA and I'm getting logs - however I don't understand them.

 577: 08:58:26.605391 websense proxy.53201 > 192.0.72.2.80: . ack 1734268301 win 311 <nop,nop,timestamp 198614750 2765785576>
 578: 08:58:26.605742 websense proxy.53201 > 192.0.72.2.80: . ack 1734269669 win 332 <nop,nop,timestamp 198614751 2765785576>
 579: 08:58:26.605849 websense proxy.53201 > 192.0.72.2.80: . ack 1734271037 win 354 <nop,nop,timestamp 198614751 2765785576>
 580: 08:58:26.606429 websense proxy.53201 > 192.0.72.2.80: . ack 1734272405 win 375 <nop,nop,timestamp 198614751 2765785576>
 581: 08:58:26.606536 websense proxy.53201 > 192.0.72.2.80: . ack 1734273773 win 396 <nop,nop,timestamp 198614751 2765785576>
 582: 08:58:26.607009 websense proxy.53201 > 192.0.72.2.80: . ack 1734275141 win 418 <nop,nop,timestamp 198614752 2765785576>
 583: 08:58:26.607115 websense proxy.53201 > 192.0.72.2.80: . ack 1734276509 win 439 <nop,nop,timestamp 198614752 2765785576>
 584: 08:58:26.607710 websense proxy.53201 > 192.0.72.2.80: . ack 1734277877 win 461 <nop,nop,timestamp 198614753 2765785576>
 585: 08:58:26.607817 websense proxy.53201 > 192.0.72.2.80: . ack 1734279245 win 482 <nop,nop,timestamp 198614753 2765785576>
 586: 08:58:26.607970 websense proxy.53201 > 192.0.72.2.80: . ack 1734280613 win 501 <nop,nop,timestamp 198614753 2765785576>
 587: 08:58:26.608107 websense proxy.57572 > 192.0.72.2.80: . ack 2885826982 win 501 <nop,nop,timestamp 198614753 2765804629>
 588: 08:58:26.608214 websense proxy.57572 > 192.0.72.2.80: . ack 2885828350 win 491 <nop,nop,timestamp 198614753 2765804629>
 589: 08:58:26.608336 websense proxy.57572 > 192.0.72.2.80: . ack 2885829718 win 480 <nop,nop,timestamp 198614753 2765804629>
 590: 08:58:26.608443 websenseproxy.57572 > 192.0.72.2.80: . ack 2885831086 win 469 <nop,nop,timestamp 198614753 2765804629>
 591: 08:58:26.608550 websense proxy.57572 > 192.0.72.2.80: . ack 2885832454 win 459 <nop,nop,timestamp 198614753 2765804629>
 592: 08:58:26.608656 websense proxy.57572 > 192.0.72.2.80: . ack 2885833822 win 448 <nop,nop,timestamp 198614753 2765804629>
 593: 08:58:26.609450 websense proxy.20174 > 192.0.72.2.80: . ack 2210725582 win 517 <nop,nop,timestamp 198614754 2765804645>
 594: 08:58:26.609785 websense proxy.20174 > 192.0.72.2.80: . ack 2210726950 win 556 <nop,nop,timestamp 198614755 2765804645>

I've replaced the IP with the words websense proxy and I was surfing www.nypost.com and clicking on links and getting blank pages.
0
Comment
Question by:WellingtonIS
  • 4
  • 2
6 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40216945
It looks like you've mucked with the logs more than just the IP address.
0
 

Author Comment

by:WellingtonIS
ID: 40217071
NO that's all that there is.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40217171
this is sniffer traffic, what do the asa logs say?

the other data is only one way, were you getting two way monitoring?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:WellingtonIS
ID: 40224300
I haven't check them yet - Let me check and get back to you.  I'm just trying to figure out if my issue is ASA releated, or Websense Related.  Something is stopping the internet pages from resolving.  I know it's not the actual internet because I have a proxy server set up and everything resolves fine though that - it's the same internet.
0
 

Accepted Solution

by:
WellingtonIS earned 0 total points
ID: 41042165
pleasea close this I got the contractor to take care of this.
0
 

Author Closing Comment

by:WellingtonIS
ID: 41066144
contractor took care of this.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now