WellingtonIS
asked on
Decphering ASA Logs
I'm having some issues with my ASA and my Websense. It seems when I try to use the websense to route out my web traffic pages are not resolving. I have it set in my browser with proxy settings. I ran the sniffer via the ASA and I'm getting logs - however I don't understand them.
577: 08:58:26.605391 websense proxy.53201 > 192.0.72.2.80: . ack 1734268301 win 311 <nop,nop,timestamp 198614750 2765785576>
578: 08:58:26.605742 websense proxy.53201 > 192.0.72.2.80: . ack 1734269669 win 332 <nop,nop,timestamp 198614751 2765785576>
579: 08:58:26.605849 websense proxy.53201 > 192.0.72.2.80: . ack 1734271037 win 354 <nop,nop,timestamp 198614751 2765785576>
580: 08:58:26.606429 websense proxy.53201 > 192.0.72.2.80: . ack 1734272405 win 375 <nop,nop,timestamp 198614751 2765785576>
581: 08:58:26.606536 websense proxy.53201 > 192.0.72.2.80: . ack 1734273773 win 396 <nop,nop,timestamp 198614751 2765785576>
582: 08:58:26.607009 websense proxy.53201 > 192.0.72.2.80: . ack 1734275141 win 418 <nop,nop,timestamp 198614752 2765785576>
583: 08:58:26.607115 websense proxy.53201 > 192.0.72.2.80: . ack 1734276509 win 439 <nop,nop,timestamp 198614752 2765785576>
584: 08:58:26.607710 websense proxy.53201 > 192.0.72.2.80: . ack 1734277877 win 461 <nop,nop,timestamp 198614753 2765785576>
585: 08:58:26.607817 websense proxy.53201 > 192.0.72.2.80: . ack 1734279245 win 482 <nop,nop,timestamp 198614753 2765785576>
586: 08:58:26.607970 websense proxy.53201 > 192.0.72.2.80: . ack 1734280613 win 501 <nop,nop,timestamp 198614753 2765785576>
587: 08:58:26.608107 websense proxy.57572 > 192.0.72.2.80: . ack 2885826982 win 501 <nop,nop,timestamp 198614753 2765804629>
588: 08:58:26.608214 websense proxy.57572 > 192.0.72.2.80: . ack 2885828350 win 491 <nop,nop,timestamp 198614753 2765804629>
589: 08:58:26.608336 websense proxy.57572 > 192.0.72.2.80: . ack 2885829718 win 480 <nop,nop,timestamp 198614753 2765804629>
590: 08:58:26.608443 websenseproxy.57572 > 192.0.72.2.80: . ack 2885831086 win 469 <nop,nop,timestamp 198614753 2765804629>
591: 08:58:26.608550 websense proxy.57572 > 192.0.72.2.80: . ack 2885832454 win 459 <nop,nop,timestamp 198614753 2765804629>
592: 08:58:26.608656 websense proxy.57572 > 192.0.72.2.80: . ack 2885833822 win 448 <nop,nop,timestamp 198614753 2765804629>
593: 08:58:26.609450 websense proxy.20174 > 192.0.72.2.80: . ack 2210725582 win 517 <nop,nop,timestamp 198614754 2765804645>
594: 08:58:26.609785 websense proxy.20174 > 192.0.72.2.80: . ack 2210726950 win 556 <nop,nop,timestamp 198614755 2765804645>
I've replaced the IP with the words websense proxy and I was surfing www.nypost.com and clicking on links and getting blank pages.
577: 08:58:26.605391 websense proxy.53201 > 192.0.72.2.80: . ack 1734268301 win 311 <nop,nop,timestamp 198614750 2765785576>
578: 08:58:26.605742 websense proxy.53201 > 192.0.72.2.80: . ack 1734269669 win 332 <nop,nop,timestamp 198614751 2765785576>
579: 08:58:26.605849 websense proxy.53201 > 192.0.72.2.80: . ack 1734271037 win 354 <nop,nop,timestamp 198614751 2765785576>
580: 08:58:26.606429 websense proxy.53201 > 192.0.72.2.80: . ack 1734272405 win 375 <nop,nop,timestamp 198614751 2765785576>
581: 08:58:26.606536 websense proxy.53201 > 192.0.72.2.80: . ack 1734273773 win 396 <nop,nop,timestamp 198614751 2765785576>
582: 08:58:26.607009 websense proxy.53201 > 192.0.72.2.80: . ack 1734275141 win 418 <nop,nop,timestamp 198614752 2765785576>
583: 08:58:26.607115 websense proxy.53201 > 192.0.72.2.80: . ack 1734276509 win 439 <nop,nop,timestamp 198614752 2765785576>
584: 08:58:26.607710 websense proxy.53201 > 192.0.72.2.80: . ack 1734277877 win 461 <nop,nop,timestamp 198614753 2765785576>
585: 08:58:26.607817 websense proxy.53201 > 192.0.72.2.80: . ack 1734279245 win 482 <nop,nop,timestamp 198614753 2765785576>
586: 08:58:26.607970 websense proxy.53201 > 192.0.72.2.80: . ack 1734280613 win 501 <nop,nop,timestamp 198614753 2765785576>
587: 08:58:26.608107 websense proxy.57572 > 192.0.72.2.80: . ack 2885826982 win 501 <nop,nop,timestamp 198614753 2765804629>
588: 08:58:26.608214 websense proxy.57572 > 192.0.72.2.80: . ack 2885828350 win 491 <nop,nop,timestamp 198614753 2765804629>
589: 08:58:26.608336 websense proxy.57572 > 192.0.72.2.80: . ack 2885829718 win 480 <nop,nop,timestamp 198614753 2765804629>
590: 08:58:26.608443 websenseproxy.57572 > 192.0.72.2.80: . ack 2885831086 win 469 <nop,nop,timestamp 198614753 2765804629>
591: 08:58:26.608550 websense proxy.57572 > 192.0.72.2.80: . ack 2885832454 win 459 <nop,nop,timestamp 198614753 2765804629>
592: 08:58:26.608656 websense proxy.57572 > 192.0.72.2.80: . ack 2885833822 win 448 <nop,nop,timestamp 198614753 2765804629>
593: 08:58:26.609450 websense proxy.20174 > 192.0.72.2.80: . ack 2210725582 win 517 <nop,nop,timestamp 198614754 2765804645>
594: 08:58:26.609785 websense proxy.20174 > 192.0.72.2.80: . ack 2210726950 win 556 <nop,nop,timestamp 198614755 2765804645>
I've replaced the IP with the words websense proxy and I was surfing www.nypost.com and clicking on links and getting blank pages.
Jan Bacher
It looks like you've mucked with the logs more than just the IP address.
ASKER
NO that's all that there is.
this is sniffer traffic, what do the asa logs say?
the other data is only one way, were you getting two way monitoring?
the other data is only one way, were you getting two way monitoring?
ASKER
I haven't check them yet - Let me check and get back to you. I'm just trying to figure out if my issue is ASA releated, or Websense Related. Something is stopping the internet pages from resolving. I know it's not the actual internet because I have a proxy server set up and everything resolves fine though that - it's the same internet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
contractor took care of this.