This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One VLAN on two physical interfaces

Hi,

So I have two physical interfaces and want to have the native VLAN and VLAN 10 on both of them. The first interface is connected to an wireless AP and the second is connected to a switch. The goal here is that wireless devices on VLAN 10 should be able to talk to wired devices connected to the switch on VLAN 10. VLAN 10 is for IOT-devices.

To achieve this I created a bridge with the two physical interfaces as members. I then added VLAN 10 to that bridge. I also set up two DHCP-servers, one for each VLAN.

Devices connected to either the VLAN 10 SSID or a VLAN 10 port in the switch are assigned the correct IP-addresses. I've setup a firewall rule that allows any host in IOT-zone to access the WAN-zone.

The problem is that devices on VLAN 10 cant access the internet. Looking in the log, some packets are going thru but some are labelled "Could not associate packet to any connection." and are denied. Different packages with same source and destination IP are sometimes allowed and sometimes denied. The ones that are allowed have "in interface: bridge.10." The ones that are denied have "in interface: port2.".

Devices not on VLAN 10 work just fine.

I'm on version SFVH (SFOS 18.0.5 MR-5-Build586).

Big thanks for any advice.

This thread was automatically locked due to age.

Top Replies

LHerzog over 4 years ago in reply to FormerMember +1 suggested

XG has some difficulties with bridge traffic. What I can read here reminds me of a problem we currently have for months. The traffic is sent to the Bridge Interface instead of the VLAN interface which…

Parents

0 FormerMember over 4 years ago

Hi Delanius55, Thanks for reaching out to Sophos Community

This is a bit tricky but I'll try to explain it as simply as I can.

Referring to the packet capture you've attached, The packets which are showing denied (in red) are actually IN packets to the Interface Port2 which is just showing because the firewall is receiving the packet on that physical interface.

An actual packet that is going to the WAN is showing IN from port 'Bridge.10' which the packet tagged by the downstream device with VLAN 10 and It's the actual packet that is going out to WAN from that Virtual Bridged VLAN interface to the WAN.

-> It shows invalid because, for network 192.168.1.0/24, the Firewall is expecting tagged packets by ID 10. The ones which are showing as "Invalid" in log viewer, are the IN packet entries for the Physical Interface Port2 and not the Virtual Bridged VLAN10 interface. Hence "Couldn't associate packet to any connection".

Nothing to get confused about this just the way the firewall logs these packets.

For example here, I have a bridge of Port2,3,4 (Name: Port2_3_4) and a VLAN 10 on that Bridge.

Now I ping from IP 10.10.10.10 to 1.1.1.1 and here's the packet capture on CLI

-> Coming back to your issue, It seems that the packet that goes out to WAN, Shows a NAT rule that matches with ID 2 but are not NATed with your WAN port's IP address.

Can you just check the NAT rule and see if the SNAT is selected as MASQ or just kept original. If it's selected as Original, Change it to MASQ.

If this doesn't work then we can try something else depending upon your configuration

Hope this help :)
Cancel
Vote Up 0 Vote Down

Cancel
0 Delanius55 over 4 years ago in reply to FormerMember

I'd like very much to hear about those other things that might fix this.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 4 years ago in reply to Delanius55

Please check drop packets and tcpdump through the CLI to verify whether these packets are forwarded properly or is there any drop on the device.

Run a ping from the machine in that VLAN to any distinct public IP. ( like 1.1.1.1)

Take SSH of the device, Goto Option 4 > Console , Run the command --> tcpdump 'host x.x.x.x (put the IP you're pinging)

Open a new SSH session and run the command --> drop-packet-capture 'host x.x.x.x

Share the output
Cancel
Vote Up 0 Vote Down

Cancel
0 Delanius55 over 4 years ago in reply to FormerMember

So I pinged 1.1.1.1 and got a response. Output:

Then I opened a browser and entered google.com in the address bar. Site was unable to load. I got the IP from Sophos log viewer and using that I ran the same commands as with 1.1.1.1.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 4 years ago in reply to Delanius55

Can you try changing the MSS on the WAN port to 1400 or 1380?

Its available in Interfaec > Port > Advacned Settings > Override MSS
Cancel
Vote Up 0 Vote Down

Cancel
0 Delanius55 over 4 years ago in reply to FormerMember

I tried them both and one machine, on Wifi and Win10, can now surf the web. But on a android phone I can surf to google.com and do searches but I can't access any of the sites in the search results. I can't reach them by entering their address in the address bar either.
Cancel
Vote Up 0 Vote Down

Cancel
0 Delanius55 over 4 years ago in reply to Delanius55

Wait a minute, now the phone is working. Maybe something just needed some time to adjust. Let me do some tests and then I'll get back to you. But this seems promising.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 4 years ago in reply to Delanius55

Alright, Great! Let me know how the testing goes :)
Cancel
Vote Up 0 Vote Down

Cancel
0 Delanius55 over 4 years ago in reply to FormerMember

It seems to be unstable. So the two devices I use for testing both had internet there for a while. But a few minutes ago that stopped working. The device I'm writing to you on is on the default VLAN and has no issues.
Cancel
Vote Up 0 Vote Down

Cancel
0 Delanius55 over 4 years ago in reply to Delanius55

I was hoping for some more advice on this.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 4 years ago in reply to Delanius55

Hi, This is just to confirm, Only IoT devices have the issue or any device that connects in VLAN 10 has internet issues?

We need to narrow down the issue so keep the packet capture running and save it in a file.

Once the issue starts occurring, Check if the firewall is able to forward those packets out of the WAN interface or not and share the output here as well.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 FormerMember over 4 years ago in reply to Delanius55

Hi, This is just to confirm, Only IoT devices have the issue or any device that connects in VLAN 10 has internet issues?

We need to narrow down the issue so keep the packet capture running and save it in a file.

Once the issue starts occurring, Check if the firewall is able to forward those packets out of the WAN interface or not and share the output here as well.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 LHerzog over 4 years ago in reply to FormerMember

XG has some difficulties with bridge traffic. What I can read here reminds me of a problem we currently have for months.

The traffic is sent to the Bridge Interface instead of the VLAN interface which breakes your network communication.

If you have support, ask them about NC-74120. Contact me, if you need my support case #.

Here is a reply I received yesterday. The technical explanation is in the last chapter. Currently I only have this confirmation, no solutions. XG is dropping the packets because of IP Spoof on our side.

xxx.xxx.40.5 and xxx.xxx.40.61 are in the same broadcast domain and reachable via the same bridge. Here, what happened is that when xxx.xxx.40.5 (client-1) seen that it needs to send traffic to xxx.xxx.40.61 (client-2), it will use the mac address of that IP and not use mac of gateway (XG). It will have a packet like following

Source IP : xxx.xxx.40.5 (Client-1) -> behind Port 8

Source mac : Client-1 mac address

Destination IP : xxx.xxx.40.61 (Client-2) -> behind VLAN.1000 interface

Destination mac : Client-2 mac address

So, when a packet with the above detail submitted to XG, as its destination mac is not XG, XG will not submit this packet to Layer - 3 (so it will not submit this packet to VLAN as it is L3 interface) and it will bridge the traffic. Now the issue occurs as it is bridge traffic, its incoming interface will be Port8 and not be VLAN.1000. This packet will traverse the Netfilter stack with in-interface as Port8 and it will drop the traffic in spoofing because spoofing will find that the xxx.xxx.40.0 network is not part of Port8.

Currently, this is the behavior.
Cancel
Vote Up +1 Vote Down

Cancel
0 Delanius55 over 4 years ago in reply to FormerMember

Unknown said:
Only IoT devices have the issue or any device that connects in VLAN 10 has internet issues?

Seems to be any device on VLAN 10 but I have not tried them all. I'm testing with one laptop on wired connection and one android phone on wifi and they both have problems.

There are two VLANs (excluding the default VLAN) on that bridge and both have same issue. But the default VLAN is working just fine.

Also, on the android device, if I connect using a VPN then I can surf the web. Have not tried this on the laptop.

Unknown said:
We need to narrow down the issue so keep the packet capture running and save it in a file.

Does this mean using this: "drop-packet-capture 'host x.x.x.x "?

Unknown said:
Once the issue starts occurring, Check if the firewall is able to forward those packets out of the WAN interface or not and share the output here as well.

Please explain this some more.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 4 years ago in reply to Delanius55
Delanius55 said:
Does this mean using this: "drop-packet-capture 'host x.x.x.x "?

This would be about tcpdump and drop-packet-capture both. Make sure to take both of these captures on the destination IP address that you try to ping/access.

e.g. --> try to take both captures on 1.1.1.1 while pinging 1.1.1.1. you can also browse 1.1.1.1

Delanius55 said:
Please explain this some more.

Well this is about checking when the internet stops working and you ping any IP address, Take tcpdump on that IP address and it'll show the flow (IN from LAN interface and VLAN and OUT from WAN interface). We need to verify whether these packets are getting forwarded to the internet via WAN interface or they get dropped.

In addition to these steps, Also verify whether any traffic is getting detected into DoS protection (Intrusion Prevention > DoS Attacks) or not while the internet stops working for those devices.
Cancel
Vote Up 0 Vote Down

Cancel

0 Delanius55 over 4 years ago in reply to FormerMember

Before I got a chance to do that I noticed a new firmware was available, SFOS 18.5.1 MR-1-Build318, so I tried that instead. Now devices on the IOT VLAN have no issues reaching the web. However one problem remains;

Port 2 is connected to a switch and a laptop. Port 3 is connected to a wireless AP. These two ports are bridged. Wired devices on VLAN 10 cannot talk to wireless ones on VLAN 10.

I've attached tcp-dump and drop-packet-capture logs for two devices having issues:

20210720_Energymeter_drop_packet_capture.txt

Fullscreen 20210720_Energymeter_TCP_DUMP.txt Download

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2021.07.20 15:09:29 =~=~=~=~=~=~=~=~=~=~=~=
login as: admin
admin@172.16.17.1's password: 
[H[J
Sophos Firmware Version SFOS 18.5.1 MR-1-Build318 

Main Menu 

    1.  Network  Configuration
    2.  System   Configuration
    3.  Route    Configuration 
    4.  Device Console 
    5.  Device Management
    6.  VPN Management
    7.  Shutdown/Reboot Device
    0.  Exit 

    Select Menu Number [0-7]: 4
[H[JSophos Firmware Version SFOS 18.5.1 MR-1-Build318 

console> tcpdump 'host 192.168.1.199
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
15:10:39.264835 Port3, IN: ethertype IPv4, IP 192.168.1.199.49555 > 192.168.1.46.1883: Flags [S], seq 1560847121, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:10:39.264835 Port3, IN: IP 192.168.1.199.49555 > 192.168.1.46.1883: Flags [S], seq 1560847121, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:10:41.624451 Port3, IN: ethertype IPv4, IP 192.168.1.199.49555 > 192.168.1.46.1883: Flags [R.], seq 1560847122, ack 0, win 24584, length 0
15:10:41.624451 Port3, IN: IP 192.168.1.199.49555 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:10:46.625208 Port3, IN: ethertype IPv4, IP 192.168.1.199.52980 > 192.168.1.46.1883: Flags [S], seq 1576173338, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:10:46.625208 Port3, IN: IP 192.168.1.199.52980 > 192.168.1.46.1883: Flags [S], seq 1576173338, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:10:49.740457 Port3, IN: ethertype IPv4, IP 192.168.1.199.52980 > 192.168.1.46.1883: Flags [S], seq 1576173338, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:10:49.740457 Port3, IN: IP 192.168.1.199.52980 > 192.168.1.46.1883: Flags [S], seq 1576173338, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:10:51.759719 Port3, IN: ethertype IPv4, IP 192.168.1.199.52980 > 192.168.1.46.1883: Flags [R.], seq 1576173339, ack 0, win 24584, length 0
15:10:51.759719 Port3, IN: IP 192.168.1.199.52980 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:10:56.761056 Port3, IN: ethertype IPv4, IP 192.168.1.199.50208 > 192.168.1.46.1883: Flags [S], seq 1591499565, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:10:56.761056 Port3, IN: IP 192.168.1.199.50208 > 192.168.1.46.1883: Flags [S], seq 1591499565, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:10:59.811184 Port3, IN: ethertype IPv4, IP 192.168.1.199.50208 > 192.168.1.46.1883: Flags [S], seq 1591499565, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:10:59.811184 Port3, IN: IP 192.168.1.199.50208 > 192.168.1.46.1883: Flags [S], seq 1591499565, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:01.903819 Port3, IN: ethertype IPv4, IP 192.168.1.199.50208 > 192.168.1.46.1883: Flags [R.], seq 1591499566, ack 0, win 24584, length 0
15:11:01.903819 Port3, IN: IP 192.168.1.199.50208 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:11:06.904297 Port3, IN: ethertype IPv4, IP 192.168.1.199.51751 > 192.168.1.46.1883: Flags [S], seq 1606825802, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:06.904297 Port3, IN: IP 192.168.1.199.51751 > 192.168.1.46.1883: Flags [S], seq 1606825802, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:09.664526 Port3, IN: ethertype IPv4, IP 192.168.1.199.51751 > 192.168.1.46.1883: Flags [S], seq 1606825802, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:09.664526 Port3, IN: IP 192.168.1.199.51751 > 192.168.1.46.1883: Flags [S], seq 1606825802, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:12.040171 Port3, IN: ethertype IPv4, IP 192.168.1.199.51751 > 192.168.1.46.1883: Flags [R.], seq 1606825803, ack 0, win 24584, length 0
15:11:12.040171 Port3, IN: IP 192.168.1.199.51751 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:11:17.043805 Port3, IN: ethertype IPv4, IP 192.168.1.199.57786 > 192.168.1.46.1883: Flags [S], seq 1622152050, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:17.043805 Port3, IN: IP 192.168.1.199.57786 > 192.168.1.46.1883: Flags [S], seq 1622152050, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:20.088332 Port3, IN: ethertype IPv4, IP 192.168.1.199.57786 > 192.168.1.46.1883: Flags [S], seq 1622152050, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:20.088332 Port3, IN: IP 192.168.1.199.57786 > 192.168.1.46.1883: Flags [S], seq 1622152050, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:22.174206 Port3, IN: ethertype IPv4, IP 192.168.1.199.57786 > 192.168.1.46.1883: Flags [R.], seq 1622152051, ack 0, win 24584, length 0
15:11:22.174206 Port3, IN: IP 192.168.1.199.57786 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:11:25.057777 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 7781, length 40
15:11:25.057777 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 7781, length 40
15:11:27.174761 Port3, IN: ethertype IPv4, IP 192.168.1.199.51458 > 192.168.1.46.1883: Flags [S], seq 1637478308, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:27.174761 Port3, IN: IP 192.168.1.199.51458 > 192.168.1.46.1883: Flags [S], seq 1637478308, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:29.611587 Port2, IN: ethertype ARP, ARP, Request who-has 192.168.1.199 (2c:f4:32:4a:9f:16) tell 192.168.1.46, length 46
15:11:29.611587 Port2, IN: ARP, Request who-has 192.168.1.199 (2c:f4:32:4a:9f:16) tell 192.168.1.46, length 46
15:11:29.611750 Port3, OUT: ARP, Request who-has 192.168.1.199 (2c:f4:32:4a:9f:16) tell 192.168.1.46, length 46
15:11:29.615530 Port3, IN: ethertype ARP, ARP, Reply 192.168.1.199 is-at 2c:f4:32:4a:9f:16, length 42
15:11:29.615530 Port3, IN: ARP, Reply 192.168.1.199 is-at 2c:f4:32:4a:9f:16, length 42
15:11:29.615586 Port2, OUT: ARP, Reply 192.168.1.199 is-at 2c:f4:32:4a:9f:16, length 42
15:11:29.938423 Port3, IN: ethertype IPv4, IP 192.168.1.199.51458 > 192.168.1.46.1883: Flags [S], seq 1637478308, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:29.938423 Port3, IN: IP 192.168.1.199.51458 > 192.168.1.46.1883: Flags [S], seq 1637478308, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:32.314717 Port3, IN: ethertype IPv4, IP 192.168.1.199.51458 > 192.168.1.46.1883: Flags [R.], seq 1637478309, ack 0, win 24584, length 0
15:11:32.314717 Port3, IN: IP 192.168.1.199.51458 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:11:37.315679 Port3, IN: ethertype IPv4, IP 192.168.1.199.63928 > 192.168.1.46.1883: Flags [S], seq 1652804577, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:37.315679 Port3, IN: IP 192.168.1.199.63928 > 192.168.1.46.1883: Flags [S], seq 1652804577, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:40.388405 Port3, IN: ethertype IPv4, IP 192.168.1.199.63928 > 192.168.1.46.1883: Flags [S], seq 1652804577, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:40.388405 Port3, IN: IP 192.168.1.199.63928 > 192.168.1.46.1883: Flags [S], seq 1652804577, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:42.458856 Port3, IN: ethertype IPv4, IP 192.168.1.199.63928 > 192.168.1.46.1883: Flags [R.], seq 1652804578, ack 0, win 24584, length 0
15:11:42.458856 Port3, IN: IP 192.168.1.199.63928 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:11:43.032291 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 7852, length 40
15:11:43.032291 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 7852, length 40
15:11:43.111695 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 7853, length 40
15:11:43.111695 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 7853, length 40
15:11:43.609876 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 7854, length 40
15:11:43.609876 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 7854, length 40
15:11:47.462663 Port3, IN: ethertype IPv4, IP 192.168.1.199.61177 > 192.168.1.46.1883: Flags [S], seq 1668130856, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:47.462663 Port3, IN: IP 192.168.1.199.61177 > 192.168.1.46.1883: Flags [S], seq 1668130856, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:50.312872 Port3, IN: ethertype IPv4, IP 192.168.1.199.61177 > 192.168.1.46.1883: Flags [S], seq 1668130856, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:50.312872 Port3, IN: IP 192.168.1.199.61177 > 192.168.1.46.1883: Flags [S], seq 1668130856, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:52.593723 Port3, IN: ethertype IPv4, IP 192.168.1.199.61177 > 192.168.1.46.1883: Flags [R.], seq 1668130857, ack 0, win 24584, length 0
15:11:52.593723 Port3, IN: IP 192.168.1.199.61177 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:11:57.594646 Port3, IN: ethertype IPv4, IP 192.168.1.199.52706 > 192.168.1.46.1883: Flags [S], seq 1683457145, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:11:57.594646 Port3, IN: IP 192.168.1.199.52706 > 192.168.1.46.1883: Flags [S], seq 1683457145, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:00.363253 Port3, IN: ethertype IPv4, IP 192.168.1.199.52706 > 192.168.1.46.1883: Flags [S], seq 1683457145, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:00.363253 Port3, IN: IP 192.168.1.199.52706 > 192.168.1.46.1883: Flags [S], seq 1683457145, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:02.757619 Port3, IN: ethertype IPv4, IP 192.168.1.199.52706 > 192.168.1.46.1883: Flags [R.], seq 1683457146, ack 0, win 24584, length 0
15:12:02.757619 Port3, IN: IP 192.168.1.199.52706 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:12:07.738379 Port3, IN: ethertype IPv4, IP 192.168.1.199.55522 > 192.168.1.46.1883: Flags [S], seq 1698783445, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:07.738379 Port3, IN: IP 192.168.1.199.55522 > 192.168.1.46.1883: Flags [S], seq 1698783445, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:10.862290 Port3, IN: ethertype IPv4, IP 192.168.1.199.55522 > 192.168.1.46.1883: Flags [S], seq 1698783445, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:10.862290 Port3, IN: IP 192.168.1.199.55522 > 192.168.1.46.1883: Flags [S], seq 1698783445, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:12.883260 Port3, IN: ethertype IPv4, IP 192.168.1.199.55522 > 192.168.1.46.1883: Flags [R.], seq 1698783446, ack 0, win 24584, length 0
15:12:12.883260 Port3, IN: IP 192.168.1.199.55522 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:12:17.881991 Port3, IN: ethertype IPv4, IP 192.168.1.199.50676 > 192.168.1.46.1883: Flags [S], seq 1714109755, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:17.881991 Port3, IN: IP 192.168.1.199.50676 > 192.168.1.46.1883: Flags [S], seq 1714109755, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:20.737238 Port3, IN: ethertype IPv4, IP 192.168.1.199.50676 > 192.168.1.46.1883: Flags [S], seq 1714109755, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:20.737238 Port3, IN: IP 192.168.1.199.50676 > 192.168.1.46.1883: Flags [S], seq 1714109755, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:23.019630 Port3, IN: ethertype IPv4, IP 192.168.1.199.50676 > 192.168.1.46.1883: Flags [R.], seq 1714109756, ack 0, win 24584, length 0
15:12:23.019630 Port3, IN: IP 192.168.1.199.50676 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:12:28.020326 Port3, IN: ethertype IPv4, IP 192.168.1.199.61803 > 192.168.1.46.1883: Flags [S], seq 1729436075, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:28.020326 Port3, IN: IP 192.168.1.199.61803 > 192.168.1.46.1883: Flags [S], seq 1729436075, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:30.786765 Port3, IN: ethertype IPv4, IP 192.168.1.199.61803 > 192.168.1.46.1883: Flags [S], seq 1729436075, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:30.786765 Port3, IN: IP 192.168.1.199.61803 > 192.168.1.46.1883: Flags [S], seq 1729436075, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:33.157458 Port3, IN: ethertype IPv4, IP 192.168.1.199.61803 > 192.168.1.46.1883: Flags [R.], seq 1729436076, ack 0, win 24584, length 0
15:12:33.157458 Port3, IN: IP 192.168.1.199.61803 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:12:38.158076 Port3, IN: ethertype IPv4, IP 192.168.1.199.58782 > 192.168.1.46.1883: Flags [S], seq 1744762406, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:38.158076 Port3, IN: IP 192.168.1.199.58782 > 192.168.1.46.1883: Flags [S], seq 1744762406, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:41.236983 Port3, IN: ethertype IPv4, IP 192.168.1.199.58782 > 192.168.1.46.1883: Flags [S], seq 1744762406, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:41.236983 Port3, IN: IP 192.168.1.199.58782 > 192.168.1.46.1883: Flags [S], seq 1744762406, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:43.298363 Port3, IN: ethertype IPv4, IP 192.168.1.199.58782 > 192.168.1.46.1883: Flags [R.], seq 1744762407, ack 0, win 24584, length 0
15:12:43.298363 Port3, IN: IP 192.168.1.199.58782 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:12:48.299594 Port3, IN: ethertype IPv4, IP 192.168.1.199.57390 > 192.168.1.46.1883: Flags [S], seq 1760088747, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:48.299594 Port3, IN: IP 192.168.1.199.57390 > 192.168.1.46.1883: Flags [S], seq 1760088747, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:51.161692 Port3, IN: ethertype IPv4, IP 192.168.1.199.57390 > 192.168.1.46.1883: Flags [S], seq 1760088747, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:51.161692 Port3, IN: IP 192.168.1.199.57390 > 192.168.1.46.1883: Flags [S], seq 1760088747, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:53.439618 Port3, IN: ethertype IPv4, IP 192.168.1.199.57390 > 192.168.1.46.1883: Flags [R.], seq 1760088748, ack 0, win 24584, length 0
15:12:53.439618 Port3, IN: IP 192.168.1.199.57390 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:12:58.441269 Port3, IN: ethertype IPv4, IP 192.168.1.199.64771 > 192.168.1.46.1883: Flags [S], seq 1775415098, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:12:58.441269 Port3, IN: IP 192.168.1.199.64771 > 192.168.1.46.1883: Flags [S], seq 1775415098, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:01.210836 Port3, IN: ethertype IPv4, IP 192.168.1.199.64771 > 192.168.1.46.1883: Flags [S], seq 1775415098, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:01.210836 Port3, IN: IP 192.168.1.199.64771 > 192.168.1.46.1883: Flags [S], seq 1775415098, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:03.580545 Port3, IN: ethertype IPv4, IP 192.168.1.199.64771 > 192.168.1.46.1883: Flags [R.], seq 1775415099, ack 0, win 24584, length 0
15:13:03.580545 Port3, IN: IP 192.168.1.199.64771 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:13:08.580334 Port3, IN: ethertype IPv4, IP 192.168.1.199.60140 > 192.168.1.46.1883: Flags [S], seq 1790741460, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:08.580334 Port3, IN: IP 192.168.1.199.60140 > 192.168.1.46.1883: Flags [S], seq 1790741460, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:11.610967 Port3, IN: ethertype IPv4, IP 192.168.1.199.60140 > 192.168.1.46.1883: Flags [S], seq 1790741460, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:11.610967 Port3, IN: IP 192.168.1.199.60140 > 192.168.1.46.1883: Flags [S], seq 1790741460, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:13.721462 Port3, IN: ethertype IPv4, IP 192.168.1.199.60140 > 192.168.1.46.1883: Flags [R.], seq 1790741461, ack 0, win 24584, length 0
15:13:13.721462 Port3, IN: IP 192.168.1.199.60140 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:13:18.724564 Port3, IN: ethertype IPv4, IP 192.168.1.199.65389 > 192.168.1.46.1883: Flags [S], seq 1806067832, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:18.724564 Port3, IN: IP 192.168.1.199.65389 > 192.168.1.46.1883: Flags [S], seq 1806067832, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:21.586103 Port3, IN: ethertype IPv4, IP 192.168.1.199.65389 > 192.168.1.46.1883: Flags [S], seq 1806067832, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:21.586103 Port3, IN: IP 192.168.1.199.65389 > 192.168.1.46.1883: Flags [S], seq 1806067832, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:23.860224 Port3, IN: ethertype IPv4, IP 192.168.1.199.65389 > 192.168.1.46.1883: Flags [R.], seq 1806067833, ack 0, win 24584, length 0
15:13:23.860224 Port3, IN: IP 192.168.1.199.65389 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:13:28.861940 Port3, IN: ethertype IPv4, IP 192.168.1.199.55545 > 192.168.1.46.1883: Flags [S], seq 1821394214, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:28.861940 Port3, IN: IP 192.168.1.199.55545 > 192.168.1.46.1883: Flags [S], seq 1821394214, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:31.659906 Port3, IN: ethertype IPv4, IP 192.168.1.199.55545 > 192.168.1.46.1883: Flags [S], seq 1821394214, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:31.659906 Port3, IN: IP 192.168.1.199.55545 > 192.168.1.46.1883: Flags [S], seq 1821394214, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:33.997945 Port3, IN: ethertype IPv4, IP 192.168.1.199.55545 > 192.168.1.46.1883: Flags [R.], seq 1821394215, ack 0, win 24584, length 0
15:13:33.997945 Port3, IN: IP 192.168.1.199.55545 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:13:39.001091 Port3, IN: ethertype IPv4, IP 192.168.1.199.51067 > 192.168.1.46.1883: Flags [S], seq 1836720607, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:39.001091 Port3, IN: IP 192.168.1.199.51067 > 192.168.1.46.1883: Flags [S], seq 1836720607, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:42.110098 Port3, IN: ethertype IPv4, IP 192.168.1.199.51067 > 192.168.1.46.1883: Flags [S], seq 1836720607, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:42.110098 Port3, IN: IP 192.168.1.199.51067 > 192.168.1.46.1883: Flags [S], seq 1836720607, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:44.146808 Port3, IN: ethertype IPv4, IP 192.168.1.199.51067 > 192.168.1.46.1883: Flags [R.], seq 1836720608, ack 0, win 24584, length 0
15:13:44.146808 Port3, IN: IP 192.168.1.199.51067 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:13:49.142703 Port3, IN: ethertype IPv4, IP 192.168.1.199.56327 > 192.168.1.46.1883: Flags [S], seq 1852047010, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:49.142703 Port3, IN: IP 192.168.1.199.56327 > 192.168.1.46.1883: Flags [S], seq 1852047010, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:52.237217 Port3, IN: ethertype IPv4, IP 192.168.1.199.56327 > 192.168.1.46.1883: Flags [S], seq 1852047010, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:52.237217 Port3, IN: IP 192.168.1.199.56327 > 192.168.1.46.1883: Flags [S], seq 1852047010, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:54.284988 Port3, IN: ethertype IPv4, IP 192.168.1.199.56327 > 192.168.1.46.1883: Flags [R.], seq 1852047011, ack 0, win 24584, length 0
15:13:54.284988 Port3, IN: IP 192.168.1.199.56327 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:13:59.281784 Port3, IN: ethertype IPv4, IP 192.168.1.199.60239 > 192.168.1.46.1883: Flags [S], seq 1867373423, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:13:59.281784 Port3, IN: IP 192.168.1.199.60239 > 192.168.1.46.1883: Flags [S], seq 1867373423, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:02.309110 Port3, IN: ethertype IPv4, IP 192.168.1.199.60239 > 192.168.1.46.1883: Flags [S], seq 1867373423, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:02.309110 Port3, IN: IP 192.168.1.199.60239 > 192.168.1.46.1883: Flags [S], seq 1867373423, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:04.422535 Port3, IN: ethertype IPv4, IP 192.168.1.199.60239 > 192.168.1.46.1883: Flags [R.], seq 1867373424, ack 0, win 24584, length 0
15:14:04.422535 Port3, IN: IP 192.168.1.199.60239 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:14:09.423108 Port3, IN: ethertype IPv4, IP 192.168.1.199.50820 > 192.168.1.46.1883: Flags [S], seq 1882699846, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:09.423108 Port3, IN: IP 192.168.1.199.50820 > 192.168.1.46.1883: Flags [S], seq 1882699846, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:12.259672 Port3, IN: ethertype IPv4, IP 192.168.1.199.50820 > 192.168.1.46.1883: Flags [S], seq 1882699846, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:12.259672 Port3, IN: IP 192.168.1.199.50820 > 192.168.1.46.1883: Flags [S], seq 1882699846, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:14.560838 Port3, IN: ethertype IPv4, IP 192.168.1.199.50820 > 192.168.1.46.1883: Flags [R.], seq 1882699847, ack 0, win 24584, length 0
15:14:14.560838 Port3, IN: IP 192.168.1.199.50820 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:14:19.561915 Port3, IN: ethertype IPv4, IP 192.168.1.199.56125 > 192.168.1.46.1883: Flags [S], seq 1898026279, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:19.561915 Port3, IN: IP 192.168.1.199.56125 > 192.168.1.46.1883: Flags [S], seq 1898026279, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:22.334239 Port3, IN: ethertype IPv4, IP 192.168.1.199.56125 > 192.168.1.46.1883: Flags [S], seq 1898026279, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:22.334239 Port3, IN: IP 192.168.1.199.56125 > 192.168.1.46.1883: Flags [S], seq 1898026279, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:24.700372 Port3, IN: ethertype IPv4, IP 192.168.1.199.56125 > 192.168.1.46.1883: Flags [R.], seq 1898026280, ack 0, win 24584, length 0
15:14:24.700372 Port3, IN: IP 192.168.1.199.56125 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:14:24.887488 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8066, length 40
15:14:24.887488 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8066, length 40
15:14:29.616571 Port2, IN: ethertype ARP, ARP, Request who-has 192.168.1.199 (2c:f4:32:4a:9f:16) tell 192.168.1.46, length 46
15:14:29.616571 Port2, IN: ARP, Request who-has 192.168.1.199 (2c:f4:32:4a:9f:16) tell 192.168.1.46, length 46
15:14:29.616664 Port3, OUT: ARP, Request who-has 192.168.1.199 (2c:f4:32:4a:9f:16) tell 192.168.1.46, length 46
15:14:29.619731 Port3, IN: ethertype ARP, ARP, Reply 192.168.1.199 is-at 2c:f4:32:4a:9f:16, length 42
15:14:29.619731 Port3, IN: ARP, Reply 192.168.1.199 is-at 2c:f4:32:4a:9f:16, length 42
15:14:29.619752 Port2, OUT: ARP, Reply 192.168.1.199 is-at 2c:f4:32:4a:9f:16, length 42
15:14:29.701560 Port3, IN: ethertype IPv4, IP 192.168.1.199.57403 > 192.168.1.46.1883: Flags [S], seq 1913352722, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:29.701560 Port3, IN: IP 192.168.1.199.57403 > 192.168.1.46.1883: Flags [S], seq 1913352722, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:32.483153 Port3, IN: ethertype IPv4, IP 192.168.1.199.57403 > 192.168.1.46.1883: Flags [S], seq 1913352722, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:32.483153 Port3, IN: IP 192.168.1.199.57403 > 192.168.1.46.1883: Flags [S], seq 1913352722, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:34.844135 Port3, IN: ethertype IPv4, IP 192.168.1.199.57403 > 192.168.1.46.1883: Flags [R.], seq 1913352723, ack 0, win 24584, length 0
15:14:34.844135 Port3, IN: IP 192.168.1.199.57403 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:14:39.845248 Port3, IN: ethertype IPv4, IP 192.168.1.199.63655 > 192.168.1.46.1883: Flags [S], seq 1928679176, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:39.845248 Port3, IN: IP 192.168.1.199.63655 > 192.168.1.46.1883: Flags [S], seq 1928679176, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:42.540917 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8137, length 40
15:14:42.540917 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8137, length 40
15:14:42.620096 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8138, length 40
15:14:42.620096 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8138, length 40
15:14:42.933826 Port3, IN: ethertype IPv4, IP 192.168.1.199.63655 > 192.168.1.46.1883: Flags [S], seq 1928679176, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:42.933826 Port3, IN: IP 192.168.1.199.63655 > 192.168.1.46.1883: Flags [S], seq 1928679176, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:43.116579 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8139, length 40
15:14:43.116579 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8139, length 40
15:14:44.986689 Port3, IN: ethertype IPv4, IP 192.168.1.199.63655 > 192.168.1.46.1883: Flags [R.], seq 1928679177, ack 0, win 24584, length 0
15:14:44.986689 Port3, IN: IP 192.168.1.199.63655 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:14:49.995125 Port3, IN: ethertype IPv4, IP 192.168.1.199.54457 > 192.168.1.46.1883: Flags [S], seq 1944005640, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:49.995125 Port3, IN: IP 192.168.1.199.54457 > 192.168.1.46.1883: Flags [S], seq 1944005640, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:53.007678 Port3, IN: ethertype IPv4, IP 192.168.1.199.54457 > 192.168.1.46.1883: Flags [S], seq 1944005640, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:53.007678 Port3, IN: IP 192.168.1.199.54457 > 192.168.1.46.1883: Flags [S], seq 1944005640, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:14:55.129443 Port3, IN: ethertype IPv4, IP 192.168.1.199.54457 > 192.168.1.46.1883: Flags [R.], seq 1944005641, ack 0, win 24584, length 0
15:14:55.129443 Port3, IN: IP 192.168.1.199.54457 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:15:00.128702 Port3, IN: ethertype IPv4, IP 192.168.1.199.53764 > 192.168.1.46.1883: Flags [S], seq 1959332114, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:00.128702 Port3, IN: IP 192.168.1.199.53764 > 192.168.1.46.1883: Flags [S], seq 1959332114, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:02.958082 Port3, IN: ethertype IPv4, IP 192.168.1.199.53764 > 192.168.1.46.1883: Flags [S], seq 1959332114, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:02.958082 Port3, IN: IP 192.168.1.199.53764 > 192.168.1.46.1883: Flags [S], seq 1959332114, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:05.271979 Port3, IN: ethertype IPv4, IP 192.168.1.199.53764 > 192.168.1.46.1883: Flags [R.], seq 1959332115, ack 0, win 24584, length 0
15:15:05.271979 Port3, IN: IP 192.168.1.199.53764 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:15:10.270978 Port3, IN: ethertype IPv4, IP 192.168.1.199.64570 > 192.168.1.46.1883: Flags [S], seq 1974658599, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:10.270978 Port3, IN: IP 192.168.1.199.64570 > 192.168.1.46.1883: Flags [S], seq 1974658599, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:13.389645 Port3, IN: ethertype IPv4, IP 192.168.1.199.64570 > 192.168.1.46.1883: Flags [S], seq 1974658599, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:13.389645 Port3, IN: IP 192.168.1.199.64570 > 192.168.1.46.1883: Flags [S], seq 1974658599, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:15.413412 Port3, IN: ethertype IPv4, IP 192.168.1.199.64570 > 192.168.1.46.1883: Flags [R.], seq 1974658600, ack 0, win 24584, length 0
15:15:15.413412 Port3, IN: IP 192.168.1.199.64570 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:15:20.412297 Port3, IN: ethertype IPv4, IP 192.168.1.199.54763 > 192.168.1.46.1883: Flags [S], seq 1989985094, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:20.412297 Port3, IN: IP 192.168.1.199.54763 > 192.168.1.46.1883: Flags [S], seq 1989985094, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:23.181727 Port3, IN: ethertype IPv4, IP 192.168.1.199.54763 > 192.168.1.46.1883: Flags [S], seq 1989985094, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:23.181727 Port3, IN: IP 192.168.1.199.54763 > 192.168.1.46.1883: Flags [S], seq 1989985094, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:25.547138 Port3, IN: ethertype IPv4, IP 192.168.1.199.54763 > 192.168.1.46.1883: Flags [R.], seq 1989985095, ack 0, win 24584, length 0
15:15:25.547138 Port3, IN: IP 192.168.1.199.54763 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:15:30.548614 Port3, IN: ethertype IPv4, IP 192.168.1.199.59330 > 192.168.1.46.1883: Flags [S], seq 2005311600, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:30.548614 Port3, IN: IP 192.168.1.199.59330 > 192.168.1.46.1883: Flags [S], seq 2005311600, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:33.631945 Port3, IN: ethertype IPv4, IP 192.168.1.199.59330 > 192.168.1.46.1883: Flags [S], seq 2005311600, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:33.631945 Port3, IN: IP 192.168.1.199.59330 > 192.168.1.46.1883: Flags [S], seq 2005311600, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:35.691128 Port3, IN: ethertype IPv4, IP 192.168.1.199.59330 > 192.168.1.46.1883: Flags [R.], seq 2005311601, ack 0, win 24584, length 0
15:15:35.691128 Port3, IN: IP 192.168.1.199.59330 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:15:40.688176 Port3, IN: ethertype IPv4, IP 192.168.1.199.62130 > 192.168.1.46.1883: Flags [S], seq 2020638116, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:40.688176 Port3, IN: IP 192.168.1.199.62130 > 192.168.1.46.1883: Flags [S], seq 2020638116, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:43.531096 Port3, IN: ethertype IPv4, IP 192.168.1.199.62130 > 192.168.1.46.1883: Flags [S], seq 2020638116, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:43.531096 Port3, IN: IP 192.168.1.199.62130 > 192.168.1.46.1883: Flags [S], seq 2020638116, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:45.828159 Port3, IN: ethertype IPv4, IP 192.168.1.199.62130 > 192.168.1.46.1883: Flags [R.], seq 2020638117, ack 0, win 24584, length 0
15:15:45.828159 Port3, IN: IP 192.168.1.199.62130 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:15:50.829402 Port3, IN: ethertype IPv4, IP 192.168.1.199.56500 > 192.168.1.46.1883: Flags [S], seq 2035964642, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:50.829402 Port3, IN: IP 192.168.1.199.56500 > 192.168.1.46.1883: Flags [S], seq 2035964642, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:53.580816 Port3, IN: ethertype IPv4, IP 192.168.1.199.56500 > 192.168.1.46.1883: Flags [S], seq 2035964642, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:53.580816 Port3, IN: IP 192.168.1.199.56500 > 192.168.1.46.1883: Flags [S], seq 2035964642, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:15:55.964247 Port3, IN: ethertype IPv4, IP 192.168.1.199.56500 > 192.168.1.46.1883: Flags [R.], seq 2035964643, ack 0, win 24584, length 0
15:15:55.964247 Port3, IN: IP 192.168.1.199.56500 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:16:00.965455 Port3, IN: ethertype IPv4, IP 192.168.1.199.65058 > 192.168.1.46.1883: Flags [S], seq 2051291179, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:00.965455 Port3, IN: IP 192.168.1.199.65058 > 192.168.1.46.1883: Flags [S], seq 2051291179, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:04.056234 Port3, IN: ethertype IPv4, IP 192.168.1.199.65058 > 192.168.1.46.1883: Flags [S], seq 2051291179, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:04.056234 Port3, IN: IP 192.168.1.199.65058 > 192.168.1.46.1883: Flags [S], seq 2051291179, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:06.109408 Port3, IN: ethertype IPv4, IP 192.168.1.199.65058 > 192.168.1.46.1883: Flags [R.], seq 2051291180, ack 0, win 24584, length 0
15:16:06.109408 Port3, IN: IP 192.168.1.199.65058 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:16:11.110582 Port3, IN: ethertype IPv4, IP 192.168.1.199.64917 > 192.168.1.46.1883: Flags [S], seq 2066617726, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:11.110582 Port3, IN: IP 192.168.1.199.64917 > 192.168.1.46.1883: Flags [S], seq 2066617726, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:13.982300 Port3, IN: ethertype IPv4, IP 192.168.1.199.64917 > 192.168.1.46.1883: Flags [S], seq 2066617726, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:13.982300 Port3, IN: IP 192.168.1.199.64917 > 192.168.1.46.1883: Flags [S], seq 2066617726, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:16.252201 Port3, IN: ethertype IPv4, IP 192.168.1.199.64917 > 192.168.1.46.1883: Flags [R.], seq 2066617727, ack 0, win 24584, length 0
15:16:16.252201 Port3, IN: IP 192.168.1.199.64917 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:16:21.252191 Port3, IN: ethertype IPv4, IP 192.168.1.199.49916 > 192.168.1.46.1883: Flags [S], seq 2081944283, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:21.252191 Port3, IN: IP 192.168.1.199.49916 > 192.168.1.46.1883: Flags [S], seq 2081944283, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:24.005110 Port3, IN: ethertype IPv4, IP 192.168.1.199.49916 > 192.168.1.46.1883: Flags [S], seq 2081944283, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:24.005110 Port3, IN: IP 192.168.1.199.49916 > 192.168.1.46.1883: Flags [S], seq 2081944283, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:26.390312 Port3, IN: ethertype IPv4, IP 192.168.1.199.49916 > 192.168.1.46.1883: Flags [R.], seq 2081944284, ack 0, win 24584, length 0
15:16:26.390312 Port3, IN: IP 192.168.1.199.49916 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:16:31.416302 Port3, IN: ethertype IPv4, IP 192.168.1.199.52985 > 192.168.1.46.1883: Flags [S], seq 2097270851, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:31.416302 Port3, IN: IP 192.168.1.199.52985 > 192.168.1.46.1883: Flags [S], seq 2097270851, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:34.430418 Port3, IN: ethertype IPv4, IP 192.168.1.199.52985 > 192.168.1.46.1883: Flags [S], seq 2097270851, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:34.430418 Port3, IN: IP 192.168.1.199.52985 > 192.168.1.46.1883: Flags [S], seq 2097270851, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:36.530366 Port3, IN: ethertype IPv4, IP 192.168.1.199.52985 > 192.168.1.46.1883: Flags [R.], seq 2097270852, ack 0, win 24584, length 0
15:16:36.530366 Port3, IN: IP 192.168.1.199.52985 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:16:41.530970 Port3, IN: ethertype IPv4, IP 192.168.1.199.57880 > 192.168.1.46.1883: Flags [S], seq 2112597429, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:41.530970 Port3, IN: IP 192.168.1.199.57880 > 192.168.1.46.1883: Flags [S], seq 2112597429, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:44.428865 Port3, IN: ethertype IPv4, IP 192.168.1.199.57880 > 192.168.1.46.1883: Flags [S], seq 2112597429, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:44.428865 Port3, IN: IP 192.168.1.199.57880 > 192.168.1.46.1883: Flags [S], seq 2112597429, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:46.661012 Port3, IN: ethertype IPv4, IP 192.168.1.199.57880 > 192.168.1.46.1883: Flags [R.], seq 2112597430, ack 0, win 24584, length 0
15:16:46.661012 Port3, IN: IP 192.168.1.199.57880 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:16:51.686242 Port3, IN: ethertype IPv4, IP 192.168.1.199.58239 > 192.168.1.46.1883: Flags [S], seq 2127924017, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:51.686242 Port3, IN: IP 192.168.1.199.58239 > 192.168.1.46.1883: Flags [S], seq 2127924017, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:54.429642 Port3, IN: ethertype IPv4, IP 192.168.1.199.58239 > 192.168.1.46.1883: Flags [S], seq 2127924017, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:54.429642 Port3, IN: IP 192.168.1.199.58239 > 192.168.1.46.1883: Flags [S], seq 2127924017, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:16:56.801591 Port3, IN: ethertype IPv4, IP 192.168.1.199.58239 > 192.168.1.46.1883: Flags [R.], seq 2127924018, ack 0, win 24584, length 0
15:16:56.801591 Port3, IN: IP 192.168.1.199.58239 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:17:01.816089 Port3, IN: ethertype IPv4, IP 192.168.1.199.60647 > 192.168.1.46.1883: Flags [S], seq 2143250616, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:01.816089 Port3, IN: IP 192.168.1.199.60647 > 192.168.1.46.1883: Flags [S], seq 2143250616, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:04.866743 Port3, IN: ethertype IPv4, IP 192.168.1.199.60647 > 192.168.1.46.1883: Flags [S], seq 2143250616, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:04.866743 Port3, IN: IP 192.168.1.199.60647 > 192.168.1.46.1883: Flags [S], seq 2143250616, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:06.969451 Port3, IN: ethertype IPv4, IP 192.168.1.199.60647 > 192.168.1.46.1883: Flags [R.], seq 2143250617, ack 0, win 24584, length 0
15:17:06.969451 Port3, IN: IP 192.168.1.199.60647 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:17:11.948700 Port3, IN: ethertype IPv4, IP 192.168.1.199.59794 > 192.168.1.46.1883: Flags [S], seq 2158577225, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:11.948700 Port3, IN: IP 192.168.1.199.59794 > 192.168.1.46.1883: Flags [S], seq 2158577225, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:15.003551 Port3, IN: ethertype IPv4, IP 192.168.1.199.59794 > 192.168.1.46.1883: Flags [S], seq 2158577225, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:15.003551 Port3, IN: IP 192.168.1.199.59794 > 192.168.1.46.1883: Flags [S], seq 2158577225, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:17.081779 Port3, IN: ethertype IPv4, IP 192.168.1.199.59794 > 192.168.1.46.1883: Flags [R.], seq 2158577226, ack 0, win 24584, length 0
15:17:17.081779 Port3, IN: IP 192.168.1.199.59794 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:17:22.083024 Port3, IN: ethertype IPv4, IP 192.168.1.199.63541 > 192.168.1.46.1883: Flags [S], seq 2173903844, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:22.083024 Port3, IN: IP 192.168.1.199.63541 > 192.168.1.46.1883: Flags [S], seq 2173903844, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:24.937566 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8351, length 40
15:17:24.937566 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8351, length 40
15:17:25.147191 Port3, IN: ethertype IPv4, IP 192.168.1.199.63541 > 192.168.1.46.1883: Flags [S], seq 2173903844, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:25.147191 Port3, IN: IP 192.168.1.199.63541 > 192.168.1.46.1883: Flags [S], seq 2173903844, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:27.226677 Port3, IN: ethertype IPv4, IP 192.168.1.199.63541 > 192.168.1.46.1883: Flags [R.], seq 2173903845, ack 0, win 24584, length 0
15:17:27.226677 Port3, IN: IP 192.168.1.199.63541 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:17:29.616274 Port2, IN: ethertype ARP, ARP, Request who-has 192.168.1.199 (2c:f4:32:4a:9f:16) tell 192.168.1.46, length 46
15:17:29.616274 Port2, IN: ARP, Request who-has 192.168.1.199 (2c:f4:32:4a:9f:16) tell 192.168.1.46, length 46
15:17:29.616438 Port3, OUT: ARP, Request who-has 192.168.1.199 (2c:f4:32:4a:9f:16) tell 192.168.1.46, length 46
15:17:29.617709 Port3, IN: ethertype ARP, ARP, Reply 192.168.1.199 is-at 2c:f4:32:4a:9f:16, length 42
15:17:29.617709 Port3, IN: ARP, Reply 192.168.1.199 is-at 2c:f4:32:4a:9f:16, length 42
15:17:29.617761 Port2, OUT: ARP, Reply 192.168.1.199 is-at 2c:f4:32:4a:9f:16, length 42
15:17:32.227509 Port3, IN: ethertype IPv4, IP 192.168.1.199.62772 > 192.168.1.46.1883: Flags [S], seq 2189230473, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:32.227509 Port3, IN: IP 192.168.1.199.62772 > 192.168.1.46.1883: Flags [S], seq 2189230473, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:35.033082 Port3, IN: ethertype IPv4, IP 192.168.1.199.62772 > 192.168.1.46.1883: Flags [S], seq 2189230473, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:35.033082 Port3, IN: IP 192.168.1.199.62772 > 192.168.1.46.1883: Flags [S], seq 2189230473, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:37.368222 Port3, IN: ethertype IPv4, IP 192.168.1.199.62772 > 192.168.1.46.1883: Flags [R.], seq 2189230474, ack 0, win 24584, length 0
15:17:37.368222 Port3, IN: IP 192.168.1.199.62772 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:17:42.368914 Port3, IN: ethertype IPv4, IP 192.168.1.199.57668 > 192.168.1.46.1883: Flags [S], seq 2204557113, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:42.368914 Port3, IN: IP 192.168.1.199.57668 > 192.168.1.46.1883: Flags [S], seq 2204557113, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:42.501107 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8422, length 40
15:17:42.501107 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8422, length 40
15:17:42.627347 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8423, length 40
15:17:42.627347 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8423, length 40
15:17:43.123200 Port2, IN: ethertype IPv4, IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8424, length 40
15:17:43.123200 Port2, IN: IP 192.168.1.46 > 192.168.1.199: ICMP echo request, id 12, seq 8424, length 40
15:17:45.378221 Port3, IN: ethertype IPv4, IP 192.168.1.199.57668 > 192.168.1.46.1883: Flags [S], seq 2204557113, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:45.378221 Port3, IN: IP 192.168.1.199.57668 > 192.168.1.46.1883: Flags [S], seq 2204557113, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:47.515216 Port3, IN: ethertype IPv4, IP 192.168.1.199.57668 > 192.168.1.46.1883: Flags [R.], seq 2204557114, ack 0, win 24584, length 0
15:17:47.515216 Port3, IN: IP 192.168.1.199.57668 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:17:52.516386 Port3, IN: ethertype IPv4, IP 192.168.1.199.49783 > 192.168.1.46.1883: Flags [S], seq 2219883763, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:52.516386 Port3, IN: IP 192.168.1.199.49783 > 192.168.1.46.1883: Flags [S], seq 2219883763, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:55.302351 Port3, IN: ethertype IPv4, IP 192.168.1.199.49783 > 192.168.1.46.1883: Flags [S], seq 2219883763, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:55.302351 Port3, IN: IP 192.168.1.199.49783 > 192.168.1.46.1883: Flags [S], seq 2219883763, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:17:57.653552 Port3, IN: ethertype IPv4, IP 192.168.1.199.49783 > 192.168.1.46.1883: Flags [R.], seq 2219883764, ack 0, win 24584, length 0
15:17:57.653552 Port3, IN: IP 192.168.1.199.49783 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:18:02.655252 Port3, IN: ethertype IPv4, IP 192.168.1.199.64812 > 192.168.1.46.1883: Flags [S], seq 2235210424, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:02.655252 Port3, IN: IP 192.168.1.199.64812 > 192.168.1.46.1883: Flags [S], seq 2235210424, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:05.852904 Port3, IN: ethertype IPv4, IP 192.168.1.199.64812 > 192.168.1.46.1883: Flags [S], seq 2235210424, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:05.852904 Port3, IN: IP 192.168.1.199.64812 > 192.168.1.46.1883: Flags [S], seq 2235210424, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:07.793311 Port3, IN: ethertype IPv4, IP 192.168.1.199.64812 > 192.168.1.46.1883: Flags [R.], seq 2235210425, ack 0, win 24584, length 0
15:18:07.793311 Port3, IN: IP 192.168.1.199.64812 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:18:12.795864 Port3, IN: ethertype IPv4, IP 192.168.1.199.49205 > 192.168.1.46.1883: Flags [S], seq 2250537095, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:12.795864 Port3, IN: IP 192.168.1.199.49205 > 192.168.1.46.1883: Flags [S], seq 2250537095, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:15.814886 Port3, IN: ethertype IPv4, IP 192.168.1.199.49205 > 192.168.1.46.1883: Flags [S], seq 2250537095, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:15.814886 Port3, IN: IP 192.168.1.199.49205 > 192.168.1.46.1883: Flags [S], seq 2250537095, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:17.935921 Port3, IN: ethertype IPv4, IP 192.168.1.199.49205 > 192.168.1.46.1883: Flags [R.], seq 2250537096, ack 0, win 24584, length 0
15:18:17.935921 Port3, IN: IP 192.168.1.199.49205 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:18:22.936141 Port3, IN: ethertype IPv4, IP 192.168.1.199.53833 > 192.168.1.46.1883: Flags [S], seq 2265863776, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:22.936141 Port3, IN: IP 192.168.1.199.53833 > 192.168.1.46.1883: Flags [S], seq 2265863776, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:25.702734 Port3, IN: ethertype IPv4, IP 192.168.1.199.53833 > 192.168.1.46.1883: Flags [S], seq 2265863776, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:25.702734 Port3, IN: IP 192.168.1.199.53833 > 192.168.1.46.1883: Flags [S], seq 2265863776, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:28.070414 Port3, IN: ethertype IPv4, IP 192.168.1.199.53833 > 192.168.1.46.1883: Flags [R.], seq 2265863777, ack 0, win 24584, length 0
15:18:28.070414 Port3, IN: IP 192.168.1.199.53833 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0
15:18:33.072025 Port3, IN: ethertype IPv4, IP 192.168.1.199.63376 > 192.168.1.46.1883: Flags [S], seq 2281190468, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:33.072025 Port3, IN: IP 192.168.1.199.63376 > 192.168.1.46.1883: Flags [S], seq 2281190468, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:36.226648 Port3, IN: ethertype IPv4, IP 192.168.1.199.63376 > 192.168.1.46.1883: Flags [S], seq 2281190468, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:36.226648 Port3, IN: IP 192.168.1.199.63376 > 192.168.1.46.1883: Flags [S], seq 2281190468, win 2144, options [mss 536,nop,nop,sackOK], length 0
15:18:38.211276 Port3, IN: ethertype IPv4, IP 192.168.1.199.63376 > 192.168.1.46.1883: Flags [R.], seq 2281190469, ack 0, win 24584, length 0
15:18:38.211276 Port3, IN: IP 192.168.1.199.63376 > 192.168.1.46.1883: Flags [R.], seq 0, ack 1, win 24584, length 0

Fullscreen 20210720_HS_pad_drop_packet_capture.txt Download

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2021.07.20 15:22:42 =~=~=~=~=~=~=~=~=~=~=~=
login as: admin
admin@172.16.17.1's password: 
[H[J
Sophos Firmware Version SFOS 18.5.1 MR-1-Build318 

Main Menu 

    1.  Network  Configuration
    2.  System   Configuration
    3.  Route    Configuration 
    4.  Device Console 
    5.  Device Management
    6.  VPN Management
    7.  Shutdown/Reboot Device
    0.  Exit 

    Select Menu Number [0-7]: 4
[H[JSophos Firmware Version SFOS 18.5.1 MR-1-Build318 

console> drop-packet-capture 'host 192.168.1.47
2021-07-20 15:23:33 0101021 IP 192.168.1.47.35970 > 192.168.1.46.10200 : proto TCP: S 1857613500:1857613500(0) win 65535 checksum : 49018
0x0000:  4500 003c 1c4d 4000 4006 9ac1 c0a8 012f  E..<.M@.@....../
0x0010:  c0a8 012e 8c82 27d8 6eb8 eebc 0000 0000  ......'.n.......
0x0020:  a002 ffff bf7a 0000 0204 05b4 0402 080a  .....z..........
0x0030:  0017 f2f1 0000 0000 0103 0306            ............
Date=2021-07-20 Time=15:23:33 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=35970 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1246024384 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:23:34 0101021 IP 192.168.1.47.35970 > 192.168.1.46.10200 : proto TCP: S 1857613500:1857613500(0) win 65535 checksum : 48918
0x0000:  4500 003c 1c4e 4000 4006 9ac0 c0a8 012f  E..<.N@.@....../
0x0010:  c0a8 012e 8c82 27d8 6eb8 eebc 0000 0000  ......'.n.......
0x0020:  a002 ffff bf16 0000 0204 05b4 0402 080a  ................
0x0030:  0017 f355 0000 0000 0103 0306            ...U........
Date=2021-07-20 Time=15:23:34 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=35970 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1246024064 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:23:36 0101021 IP 192.168.1.47.35970 > 192.168.1.46.10200 : proto TCP: S 1857613500:1857613500(0) win 65535 checksum : 48718
0x0000:  4500 003c 1c4f 4000 4006 9abf c0a8 012f  E..<.O@.@....../
0x0010:  c0a8 012e 8c82 27d8 6eb8 eebc 0000 0000  ......'.n.......
0x0020:  a002 ffff be4e 0000 0204 05b4 0402 080a  .....N..........
0x0030:  0017 f41d 0000 0000 0103 0306            ............
Date=2021-07-20 Time=15:23:36 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=35970 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1246021184 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:23:40 0101021 IP 192.168.1.47.35970 > 192.168.1.46.10200 : proto TCP: S 1857613500:1857613500(0) win 65535 checksum : 48317
0x0000:  4500 003c 1c50 4000 4006 9abe c0a8 012f  E..<.P@.@....../
0x0010:  c0a8 012e 8c82 27d8 6eb8 eebc 0000 0000  ......'.n.......
0x0020:  a002 ffff bcbd 0000 0204 05b4 0402 080a  ................
0x0030:  0017 f5ae 0000 0000 0103 0306            ............
Date=2021-07-20 Time=15:23:40 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=35970 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1246021184 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:23:48 0101021 IP 192.168.1.47.35970 > 192.168.1.46.10200 : proto TCP: S 1857613500:1857613500(0) win 65535 checksum : 47515
0x0000:  4500 003c 1c51 4000 4006 9abd c0a8 012f  E..<.Q@.@....../
0x0010:  c0a8 012e 8c82 27d8 6eb8 eebc 0000 0000  ......'.n.......
0x0020:  a002 ffff b99b 0000 0204 05b4 0402 080a  ................
0x0030:  0017 f8d0 0000 0000 0103 0306            ............
Date=2021-07-20 Time=15:23:48 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=35970 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=2739274688 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:24:04 0101021 IP 192.168.1.47.35970 > 192.168.1.46.10200 : proto TCP: S 1857613500:1857613500(0) win 65535 checksum : 45911
0x0000:  4500 003c 1c52 4000 4006 9abc c0a8 012f  E..<.R@.@....../
0x0010:  c0a8 012e 8c82 27d8 6eb8 eebc 0000 0000  ......'.n.......
0x0020:  a002 ffff b357 0000 0204 05b4 0402 080a  .....W..........
0x0030:  0017 ff14 0000 0000 0103 0306            ............
Date=2021-07-20 Time=15:24:04 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=35970 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=2739275648 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:24:36 0101021 IP 192.168.1.47.35970 > 192.168.1.46.10200 : proto TCP: S 1857613500:1857613500(0) win 65535 checksum : 42699
0x0000:  4500 003c 1c53 4000 4006 9abb c0a8 012f  E..<.S@.@....../
0x0010:  c0a8 012e 8c82 27d8 6eb8 eebc 0000 0000  ......'.n.......
0x0020:  a002 ffff a6cb 0000 0204 05b4 0402 080a  ................
0x0030:  0018 0ba0 0000 0000 0103 0306            ............
Date=2021-07-20 Time=15:24:36 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=35970 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=2739280768 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:18 0101021 IP  192.168.1.46. > 192.168.1.47. :proto ICMP: echo request seq 8713
0x0000:  4500 003c 27ac 4000 8001 4f67 c0a8 012e  E..<'.@...Og....
0x0010:  c0a8 012f 0800 afc4 000c 2209 6262 6262  .../......".bbbb
0x0020:  6262 6262 6262 6262 6262 6262 6262 6262  bbbbbbbbbbbbbbbb
0x0030:  6262 6262 6262 6262 6262 6262            bbbbbbbbbbbb
Date=2021-07-20 Time=15:26:18 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev=Port3 inzone_id=1 outzone_id=1 source_mac=a0:2b:b8:2e:4a:bb dest_mac=64:db:43:73:a6:00 bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.46 dest_ip=192.168.1.47 l4_protocol=ICMP icmp_type=8 icmp_code=0 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1256687488 masterid=0 status=256 state=0, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:18 0101021 IP  192.168.1.46. > 192.168.1.47. :proto ICMP: echo request seq 8714
0x0000:  4500 003c 27ad 4000 8001 4f66 c0a8 012e  E..<'.@...Of....
0x0010:  c0a8 012f 0800 afc3 000c 220a 6262 6262  .../......".bbbb
0x0020:  6262 6262 6262 6262 6262 6262 6262 6262  bbbbbbbbbbbbbbbb
0x0030:  6262 6262 6262 6262 6262 6262            bbbbbbbbbbbb
Date=2021-07-20 Time=15:26:18 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev=Port3 inzone_id=1 outzone_id=1 source_mac=a0:2b:b8:2e:4a:bb dest_mac=64:db:43:73:a6:00 bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.46 dest_ip=192.168.1.47 l4_protocol=ICMP icmp_type=8 icmp_code=0 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1256687488 masterid=0 status=256 state=0, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:19 0101021 IP  192.168.1.46. > 192.168.1.47. :proto ICMP: echo request seq 8715
0x0000:  4500 003c 27ae 4000 8001 4f65 c0a8 012e  E..<'.@...Oe....
0x0010:  c0a8 012f 0800 afc2 000c 220b 6262 6262  .../......".bbbb
0x0020:  6262 6262 6262 6262 6262 6262 6262 6262  bbbbbbbbbbbbbbbb
0x0030:  6262 6262 6262 6262 6262 6262            bbbbbbbbbbbb
Date=2021-07-20 Time=15:26:19 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev=Port3 inzone_id=1 outzone_id=1 source_mac=a0:2b:b8:2e:4a:bb dest_mac=64:db:43:73:a6:00 bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.46 dest_ip=192.168.1.47 l4_protocol=ICMP icmp_type=8 icmp_code=0 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1256686208 masterid=0 status=256 state=0, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:21 010202130 IP 192.168.1.47.43476 > 45.77.105.72.443 : proto TCP: F 2576037813:2576037813(0) win 1595 checksum : 21639
0x0000:  4500 0034 c650 4000 4006 1c07 c0a8 012f  E..4.P@.@....../
0x0010:  2d4d 6948 a9d4 01bb 998b 37b5 a3b4 8ff0  -MiH......7.....
0x0020:  8011 063b 5487 0000 0101 080a 0018 34ce  ...;T.........4.
0x0030:  29ac b485                                )...
Date=2021-07-20 Time=15:26:21 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= vlan_id=10 bridge_name= l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=45.77.105.72 l4_protocol=TCP source_port=43476 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:22 010202130 IP 192.168.1.47.43476 > 45.77.105.72.443 : proto TCP: F 2576037813:2576037813(0) win 1595 checksum : 21579
0x0000:  4500 0034 c651 4000 4006 1c06 c0a8 012f  E..4.Q@.@....../
0x0010:  2d4d 6948 a9d4 01bb 998b 37b5 a3b4 8ff0  -MiH......7.....
0x0020:  8011 063b 544b 0000 0101 080a 0018 350a  ...;TK........5.
0x0030:  29ac b485                                )...
Date=2021-07-20 Time=15:26:22 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= vlan_id=10 bridge_name= l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=45.77.105.72 l4_protocol=TCP source_port=43476 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:23 010202130 IP 192.168.1.47.43476 > 45.77.105.72.443 : proto TCP: F 2576037813:2576037813(0) win 1595 checksum : 21519
0x0000:  4500 0034 c652 4000 4006 1c05 c0a8 012f  E..4.R@.@....../
0x0010:  2d4d 6948 a9d4 01bb 998b 37b5 a3b4 8ff0  -MiH......7.....
0x0020:  8011 063b 540f 0000 0101 080a 0018 3546  ...;T.........5F
0x0030:  29ac b485                                )...
Date=2021-07-20 Time=15:26:23 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= vlan_id=10 bridge_name= l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=45.77.105.72 l4_protocol=TCP source_port=43476 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:24 010202130 IP 192.168.1.47.43476 > 45.77.105.72.443 : proto TCP: F 2576037813:2576037813(0) win 1595 checksum : 21399
0x0000:  4500 0034 c653 4000 4006 1c04 c0a8 012f  E..4.S@.@....../
0x0010:  2d4d 6948 a9d4 01bb 998b 37b5 a3b4 8ff0  -MiH......7.....
0x0020:  8011 063b 5397 0000 0101 080a 0018 35be  ...;S.........5.
0x0030:  29ac b485                                )...
Date=2021-07-20 Time=15:26:24 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= vlan_id=10 bridge_name= l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=45.77.105.72 l4_protocol=TCP source_port=43476 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:24 0101021 IP 192.168.1.47.53496 > 192.168.1.46.10200 : proto TCP: S 781442085:781442085(0) win 65535 checksum : 35536
0x0000:  4500 003c e9c4 4000 4006 cd49 c0a8 012f  E..<..@.@..I.../
0x0010:  c0a8 012e d0f8 27d8 2e93 dc25 0000 0000  ......'....%....
0x0020:  a002 ffff 8ad0 0000 0204 05b4 0402 080a  ................
0x0030:  0018 35e1 0000 0000 0103 0306            ..5.........
Date=2021-07-20 Time=15:26:24 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=53496 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1246024704 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:24 0101021 IP  192.168.1.46. > 192.168.1.47. :proto ICMP: echo request seq 8769
0x0000:  4500 003c 27af 4000 8001 4f64 c0a8 012e  E..<'.@...Od....
0x0010:  c0a8 012f 0800 af8c 000c 2241 6262 6262  .../......"Abbbb
0x0020:  6262 6262 6262 6262 6262 6262 6262 6262  bbbbbbbbbbbbbbbb
0x0030:  6262 6262 6262 6262 6262 6262            bbbbbbbbbbbb
Date=2021-07-20 Time=15:26:24 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev=Port3 inzone_id=1 outzone_id=1 source_mac=a0:2b:b8:2e:4a:bb dest_mac=64:db:43:73:a6:00 bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.46 dest_ip=192.168.1.47 l4_protocol=ICMP icmp_type=8 icmp_code=0 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1252603520 masterid=0 status=256 state=0, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:25 0101021 IP 192.168.1.47.53496 > 192.168.1.46.10200 : proto TCP: S 781442085:781442085(0) win 65535 checksum : 35436
0x0000:  4500 003c e9c5 4000 4006 cd48 c0a8 012f  E..<..@.@..H.../
0x0010:  c0a8 012e d0f8 27d8 2e93 dc25 0000 0000  ......'....%....
0x0020:  a002 ffff 8a6c 0000 0204 05b4 0402 080a  .....l..........
0x0030:  0018 3645 0000 0000 0103 0306            ..6E........
Date=2021-07-20 Time=15:26:25 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=53496 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1246025984 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:26 010202130 IP 192.168.1.47.43476 > 45.77.105.72.443 : proto TCP: F 2576037813:2576037813(0) win 1595 checksum : 21159
0x0000:  4500 0034 c654 4000 4006 1c03 c0a8 012f  E..4.T@.@....../
0x0010:  2d4d 6948 a9d4 01bb 998b 37b5 a3b4 8ff0  -MiH......7.....
0x0020:  8011 063b 52a7 0000 0101 080a 0018 36ae  ...;R.........6.
0x0030:  29ac b485                                )...
Date=2021-07-20 Time=15:26:26 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= vlan_id=10 bridge_name= l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=45.77.105.72 l4_protocol=TCP source_port=43476 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:27 0101021 IP 192.168.1.47.53496 > 192.168.1.46.10200 : proto TCP: S 781442085:781442085(0) win 65535 checksum : 35236
0x0000:  4500 003c e9c6 4000 4006 cd47 c0a8 012f  E..<..@.@..G.../
0x0010:  c0a8 012e d0f8 27d8 2e93 dc25 0000 0000  ......'....%....
0x0020:  a002 ffff 89a4 0000 0204 05b4 0402 080a  ................
0x0030:  0018 370d 0000 0000 0103 0306            ..7.........
Date=2021-07-20 Time=15:26:27 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=53496 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1246024064 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:31 010202130 IP 192.168.1.47.43476 > 45.77.105.72.443 : proto TCP: F 2576037813:2576037813(0) win 1595 checksum : 20678
0x0000:  4500 0034 c655 4000 4006 1c02 c0a8 012f  E..4.U@.@....../
0x0010:  2d4d 6948 a9d4 01bb 998b 37b5 a3b4 8ff0  -MiH......7.....
0x0020:  8011 063b 50c6 0000 0101 080a 0018 388f  ...;P.........8.
0x0030:  29ac b485                                )...
Date=2021-07-20 Time=15:26:31 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= vlan_id=10 bridge_name= l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=45.77.105.72 l4_protocol=TCP source_port=43476 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:31 0101021 IP 192.168.1.47.53496 > 192.168.1.46.10200 : proto TCP: S 781442085:781442085(0) win 65535 checksum : 34835
0x0000:  4500 003c e9c7 4000 4006 cd46 c0a8 012f  E..<..@.@..F.../
0x0010:  c0a8 012e d0f8 27d8 2e93 dc25 0000 0000  ......'....%....
0x0020:  a002 ffff 8813 0000 0204 05b4 0402 080a  ................
0x0030:  0018 389e 0000 0000 0103 0306            ..8.........
Date=2021-07-20 Time=15:26:31 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=53496 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1236722624 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:39 0101021 IP 192.168.1.47.53496 > 192.168.1.46.10200 : proto TCP: S 781442085:781442085(0) win 65535 checksum : 34033
0x0000:  4500 003c e9c8 4000 4006 cd45 c0a8 012f  E..<..@.@..E.../
0x0010:  c0a8 012e d0f8 27d8 2e93 dc25 0000 0000  ......'....%....
0x0020:  a002 ffff 84f1 0000 0204 05b4 0402 080a  ................
0x0030:  0018 3bc0 0000 0000 0103 0306            ..;.........
Date=2021-07-20 Time=15:26:39 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=53496 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1236721984 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:41 010202130 IP 192.168.1.47.43476 > 45.77.105.72.443 : proto TCP: F 2576037813:2576037813(0) win 1595 checksum : 19717
0x0000:  4500 0034 c656 4000 4006 1c01 c0a8 012f  E..4.V@.@....../
0x0010:  2d4d 6948 a9d4 01bb 998b 37b5 a3b4 8ff0  -MiH......7.....
0x0020:  8011 063b 4d05 0000 0101 080a 0018 3c50  ...;M.........<P
0x0030:  29ac b485                                )...
Date=2021-07-20 Time=15:26:41 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= vlan_id=10 bridge_name= l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=45.77.105.72 l4_protocol=TCP source_port=43476 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:26:55 0101021 IP 192.168.1.47.53496 > 192.168.1.46.10200 : proto TCP: S 781442085:781442085(0) win 65535 checksum : 32429
0x0000:  4500 003c e9c9 4000 4006 cd44 c0a8 012f  E..<..@.@..D.../
0x0010:  c0a8 012e d0f8 27d8 2e93 dc25 0000 0000  ......'....%....
0x0020:  a002 ffff 7ead 0000 0204 05b4 0402 080a  ....~...........
0x0030:  0018 4204 0000 0000 0103 0306            ..B.........
Date=2021-07-20 Time=15:26:55 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=53496 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1238734144 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:27:00 010202130 IP 192.168.1.47.43476 > 45.77.105.72.443 : proto TCP: F 2576037813:2576037813(0) win 1595 checksum : 17793
0x0000:  4500 0034 c657 4000 4006 1c00 c0a8 012f  E..4.W@.@....../
0x0010:  2d4d 6948 a9d4 01bb 998b 37b5 a3b4 8ff0  -MiH......7.....
0x0020:  8011 063b 4581 0000 0101 080a 0018 43d4  ...;E.........C.
0x0030:  29ac b485                                )...
Date=2021-07-20 Time=15:27:00 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= vlan_id=10 bridge_name= l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=45.77.105.72 l4_protocol=TCP source_port=43476 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:27:27 0101021 IP 192.168.1.47.53496 > 192.168.1.46.10200 : proto TCP: S 781442085:781442085(0) win 65535 checksum : 29217
0x0000:  4500 003c e9ca 4000 4006 cd43 c0a8 012f  E..<..@.@..C.../
0x0010:  c0a8 012e d0f8 27d8 2e93 dc25 0000 0000  ......'....%....
0x0020:  a002 ffff 7221 0000 0204 05b4 0402 080a  ....r!..........
0x0030:  0018 4e90 0000 0000 0103 0306            ..N.........
Date=2021-07-20 Time=15:27:27 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=53496 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1238729024 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:27:33 0101021 IP 192.168.1.47.33456 > 192.168.1.46.10200 : proto TCP: S 3941608653:3941608653(0) win 65535 checksum : 45374
0x0000:  4500 003c 7c7b 4000 4006 3a93 c0a8 012f  E..<|{@.@.:..../
0x0010:  c0a8 012e 82b0 27d8 eaf0 2ccd 0000 0000  ......'...,.....
0x0020:  a002 ffff b13e 0000 0204 05b4 0402 080a  .....>..........
0x0030:  0018 50b6 0000 0000 0103 0306            ..P.........
Date=2021-07-20 Time=15:27:33 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=33456 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1238730624 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:27:34 0101021 IP 192.168.1.47.33456 > 192.168.1.46.10200 : proto TCP: S 3941608653:3941608653(0) win 65535 checksum : 45274
0x0000:  4500 003c 7c7c 4000 4006 3a92 c0a8 012f  E..<||@.@.:..../
0x0010:  c0a8 012e 82b0 27d8 eaf0 2ccd 0000 0000  ......'...,.....
0x0020:  a002 ffff b0da 0000 0204 05b4 0402 080a  ................
0x0030:  0018 511a 0000 0000 0103 0306            ..Q.........
Date=2021-07-20 Time=15:27:34 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=33456 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1238730624 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:27:36 0101021 IP 192.168.1.47.33456 > 192.168.1.46.10200 : proto TCP: S 3941608653:3941608653(0) win 65535 checksum : 45074
0x0000:  4500 003c 7c7d 4000 4006 3a91 c0a8 012f  E..<|}@.@.:..../
0x0010:  c0a8 012e 82b0 27d8 eaf0 2ccd 0000 0000  ......'...,.....
0x0020:  a002 ffff b012 0000 0204 05b4 0402 080a  ................
0x0030:  0018 51e2 0000 0000 0103 0306            ..Q.........
Date=2021-07-20 Time=15:27:36 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=33456 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1238728704 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:27:38 010202130 IP 192.168.1.47.43476 > 45.77.105.72.443 : proto TCP: F 2576037813:2576037813(0) win 1595 checksum : 13941
0x0000:  4500 0034 c658 4000 4006 1bff c0a8 012f  E..4.X@.@....../
0x0010:  2d4d 6948 a9d4 01bb 998b 37b5 a3b4 8ff0  -MiH......7.....
0x0020:  8011 063b 3675 0000 0101 080a 0018 52e0  ...;6u........R.
0x0030:  29ac b485                                )...
Date=2021-07-20 Time=15:27:38 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= vlan_id=10 bridge_name= l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=45.77.105.72 l4_protocol=TCP source_port=43476 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:27:40 0101021 IP 192.168.1.47.33456 > 192.168.1.46.10200 : proto TCP: S 3941608653:3941608653(0) win 65535 checksum : 44673
0x0000:  4500 003c 7c7e 4000 4006 3a90 c0a8 012f  E..<|~@.@.:..../
0x0010:  c0a8 012e 82b0 27d8 eaf0 2ccd 0000 0000  ......'...,.....
0x0020:  a002 ffff ae81 0000 0204 05b4 0402 080a  ................
0x0030:  0018 5373 0000 0000 0103 0306            ..Ss........
Date=2021-07-20 Time=15:27:40 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=33456 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1238730944 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:27:48 0101021 IP 192.168.1.47.33456 > 192.168.1.46.10200 : proto TCP: S 3941608653:3941608653(0) win 65535 checksum : 43872
0x0000:  4500 003c 7c7f 4000 4006 3a8f c0a8 012f  E..<|.@.@.:..../
0x0010:  c0a8 012e 82b0 27d8 eaf0 2ccd 0000 0000  ......'...,.....
0x0020:  a002 ffff ab60 0000 0204 05b4 0402 080a  .....`..........
0x0030:  0018 5694 0000 0000 0103 0306            ..V.........
Date=2021-07-20 Time=15:27:48 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=33456 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1238733504 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:28:04 0101021 IP 192.168.1.47.33456 > 192.168.1.46.10200 : proto TCP: S 3941608653:3941608653(0) win 65535 checksum : 42268
0x0000:  4500 003c 7c80 4000 4006 3a8e c0a8 012f  E..<|.@.@.:..../
0x0010:  c0a8 012e 82b0 27d8 eaf0 2ccd 0000 0000  ......'...,.....
0x0020:  a002 ffff a51c 0000 0204 05b4 0402 080a  ................
0x0030:  0018 5cd8 0000 0000 0103 0306            ..\.........
Date=2021-07-20 Time=15:28:04 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=33456 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1270636544 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

2021-07-20 15:28:36 0101021 IP 192.168.1.47.33456 > 192.168.1.46.10200 : proto TCP: S 3941608653:3941608653(0) win 65535 checksum : 39060
0x0000:  4500 003c 7c81 4000 4006 3a8d c0a8 012f  E..<|.@.@.:..../
0x0010:  c0a8 012e 82b0 27d8 eaf0 2ccd 0000 0000  ......'...,.....
0x0020:  a002 ffff 9894 0000 0204 05b4 0402 080a  ................
0x0030:  0018 6960 0000 0000 0103 0306            ..i`........
Date=2021-07-20 Time=15:28:36 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev=Port2 inzone_id=1 outzone_id=1 source_mac=64:db:43:73:a6:00 dest_mac=a0:2b:b8:2e:4a:bb bridge_name=Bridge l3_protocol=IPv4 source_ip=192.168.1.47 dest_ip=192.168.1.46 l4_protocol=TCP source_port=33456 dest_port=10200 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=1270640384 masterid=0 status=256 state=1, flag0=588412616704 flags1=35184372088832 pbdid_dir0=0 pbrid_dir1=0

20210720_HS_pad_TCP_DUMP.txt

0 LuCar Toni over 4 years ago in reply to Delanius55

Looks like you do not have any firewall rule applying to this traffic.
Cancel
Vote Up 0 Vote Down

Cancel
0 Delanius55 over 4 years ago in reply to LuCar Toni

I have this rule set up (see below) and I think that should work. I have a similar one for LAN-zone and that works.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 4 years ago in reply to Delanius55

If you are 100% sure, the traffic should apply to the rule, try to save all objects within this rule again and see, if they get saved or fail to save.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to Delanius55

Hi,

please have a read of this thread and see if it applies to your situation?

NAT on internal rules

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Delanius55 over 4 years ago in reply to Delanius55

So I made some progress on this. Let's recap:

On firewall port 3 is a wireless AP. On port 2 is a VLAN-capable switch. Port 2 and 3 are bridged. On that bridge are the default VLAN and VLAN 10. On the VLAN switch, port 5 is VLAN 10. Other port are default VLAN.

Problem 1: devices on VLAN 10 had trouble connection to internet. It seemed to work sporadically.

Fix: installed new firmware SFOS 18.5.1 MR-1-Build318.

That led me to problem 2: wired devices on VLAN 10 can not talk to wireless devices on VLAN 10. In log viewer, traffic from same device would have different "In interface" depending on if traffic was to internet or internal. Internal traffic had port 2 or 3 as "In interface". Traffic to web had "Bridge.10". To me, that is strange. I had a firewall rule set up to allow devices in IOT zone and with specific IP-range to talk to each other. That did not work.

Fix: I changed that firewall rule so that "Zone" was "Any" instead of "IOT" and then it worked. So it seems that if "In interface" was port 2 or 3 that traffic was not in IOT-zone. Even thou it was from same device.

Problem 3: Wired devices on VLAN 10 can not talk to chromecast on wireless VLAN 10. If I make that wired device wireless it can talk to chromecast. To make chromecast work between different networks mDNS is needed (I think) and Sophos XG does not have this. So this is a problem because as "problem 2" seems to indicate, not all traffic that should be on VLAN10 is there.

Fix: well I suppose to fix this I need a proper fix for problem 2. All traffic by devices on VLAN 10 must be considered by the firewall to actually be on VLAN 10. Since this problem seems similar to problem 1 I am afraid that it's a problem that cannot be fixed by simply changing settings. Instead some firmware tinkering is perhaps needed.

A simple way around this is to not use a bridge and instead just use another VLAN switch. But using bridge SHOULD work so this is frustrating and adding a switch SHOULD not be needed.

Any thoughts?
Cancel
Vote Up 0 Vote Down

Cancel
0 Kyle Sexson over 3 years ago in reply to Delanius55

I'm seeing this issue as well. Trying to set up a guest network with only access to the web.

Most traffic shows up on the br0.100 vlan, but then random packets show up on the physical interface port1 from the same IP.

I've been fighting it as an issue with my APs, but after plugging into a switch with a port hard set to that VLAN, I get the same issue. I can ping out fine, but any actual traffic has trouble. It seems to come and go randomly.
Cancel
Vote Up 0 Vote Down

Cancel