Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 1941 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Excessive amount of dropped packets.

EnriqueOlive Pérez

Hello, we're facing some slow connection problems, so we've been checking logs and configurations and we found that XG is dropping an enormous amount of packets. From Lan to Wan, and even Lan to Lan, for example this same host trying to access an internal web server. Connections eventually work, but very slow.
I'm trying to attach an image describing the scenario, I personally think we have some mess with our networks, maybe caused by switches, but I can't figure this out.
Fell free to ask any more information.
Regards.
         




This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    These packet drop could be the TCP RST or TCP FIN packets that all the firewalls drop to prevent TCP RST/FIN attack. I'd suggest you run a packet capture and drop packet capture from CLI and review it in Wireshark. 

    Also, check interface level packet drops with "ifconfig" and any interface level errors with "ethtool."

    ethtool -S "portname"

    Thanks,

  • 0 in reply to FormerMember

    Hello Harsh, thanks for your reply, I've followed the instructions and got the following results.
    drop-packet-capture 'dst port 443' 

    Sophos Firmware Version SFOS 18.0.5 MR-5-Build586

Main Menu

    1.  Network  Configuration
    2.  System   Configuration
    3.  Route    Configuration
    4.  Device Console
    5.  Device Management
    6.  VPN Management
    7.  Shutdown/Reboot Device
    0.  Exit

    Select Menu Number [0-7]: 4
Sophos Firmware Version SFOS 18.0.5 MR-5-Build586

console> drop-packet-capture 'dst port 443'
2021-06-29 17:57:00 010202130 IP 192.168.28.20.57618 > 200.40.231.53.443 : proto TCP:  154502240:154502241(1) ack 2214047294 win 63823 checksum : 34767
0x0000:  4500 0029 1570 4000 8006 5944 c0a8 1c14  E..).p@...YD....
0x0010:  c828 e735 e112 01bb 0935 8460 83f7 ae3e  .(.5.....5.`...>
0x0020:  5010 f94f 87cf 0000 00                   P..O.....
Date=2021-06-29 Time=17:57:00 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert durati                                                                                   on=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.20 dest_ip=200.40.231.53 l4_prot                                                                                   ocol=TCP source_port=57618 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 ho                                                                                   tspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 n                                                                                   at_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:06 010202130 IP 10.196.50.106.48916 > 172.217.172.110.443 : proto TCP:  753592667:753592795(128) ack 4268148739 win 397 checksum : 42663
0x0000:  4500 00b4 1997 4000 4006 8a37 0ac4 326a  E.....@.@..7..2j
0x0010:  acd9 ac6e bf14 01bb 2cea e95b fe66 c803  ...n....,..[.f..
0x0020:  8010 018d a6a7 0000 0101 080a 024b 3940  .............K9@
0x0030:  d82b d3be 1703 0301 8700 0000 0000 0000  .+..............
0x0040:  03a6 c34e 9241 d151 edf1 c620 85d8 697c  ...N.A.Q......i|
0x0050:  e610 7f86 b129 aeef 7768 41fb 695f 8432  .....)..whA.i_.2
0x0060:  8d48 a62a 4969 dfd6 1342 2714 869c 9e5f  .H.*Ii...B'...._
0x0070:  be76 29b4 9112 6337 d2b9 b700 6917 7e17  .v)...c7....i.~.
0x0080:  2c00 d39d 50c0 f6ae e1f4 9ce5 d0f2 c6ae  ,...P...........
0x0090:  230e 0593 72e5 6a22 80c5 9d72 91e3 a157  #...r.j"...r...W
0x00a0:  3ffc 0ac1 1be3 e413 8501 c08f 5bf9 8168  ?...........[..h
0x00b0:  a128 0a28                                .(.(
Date=2021-06-29 Time=17:57:06 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert durati                                                                                   on=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.196.50.106 dest_ip=172.217.172.110 l4_pr                                                                                   otocol=TCP source_port=48916 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0                                                                                    hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0                                                                                    nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:21 010202130 IP 10.196.50.106.46998 > 172.217.172.42.443 : proto TCP: R 276760725:276760725(0) win 364 checksum : 2433
0x0000:  4500 0034 1738 4000 4006 8d5a 0ac4 326a  E..4.8@.@..Z..2j
0x0010:  acd9 ac2a b796 01bb 107f 0895 b3e1 7417  ...*..........t.
0x0020:  8014 016c 0981 0000 0101 080a 024b 3ea4  ...l.........K>.
0x0030:  6ec7 2b85                                n.+.
Date=2021-06-29 Time=17:57:21 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.196.50.106 dest_ip=172.217.172.42 l4_protocol=TCP source_port=46998 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:21 010202130 IP 10.196.50.106.37704 > 172.217.172.99.443 : proto TCP: R 3244138597:3244138597(0) win 386 checksum : 58252
0x0000:  4500 0034 0128 4000 4006 a331 0ac4 326a  E..4.(@.@..1..2j
0x0010:  acd9 ac63 9348 01bb c15d a065 f303 53fd  ...c.H...].e..S.
0x0020:  8014 0182 e38c 0000 0101 080a 024b 3ea4  .............K>.
0x0030:  10f2 6b96                                ..k.
Date=2021-06-29 Time=17:57:21 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.196.50.106 dest_ip=172.217.172.99 l4_protocol=TCP source_port=37704 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:32 010202130 IP 192.168.28.10.61035 > 139.45.197.253.443 : proto TCP:  2456398211:2456398212(1) ack 1742298878 win 64461 checksum : 37692
0x0000:  4500 0029 955d 4000 8006 3794 c0a8 1c0a  E..).]@...7.....
0x0010:  8b2d c5fd ee6b 01bb 9269 a983 67d9 5efe  .-...k...i..g.^.
0x0020:  5010 fbcd 933c 0000 00                   P....<...
Date=2021-06-29 Time=17:57:32 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.10 dest_ip=139.45.197.253 l4_protocol=TCP source_port=61035 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:44 010202130 IP 192.168.28.10.61035 > 139.45.197.253.443 : proto TCP: F 2456398212:2456398212(0) win 64461 checksum : 37691
0x0000:  4500 0028 9560 4000 8006 3792 c0a8 1c0a  E..(.`@...7.....
0x0010:  8b2d c5fd ee6b 01bb 9269 a984 67d9 5efe  .-...k...i..g.^.
0x0020:  5011 fbcd 933b 0000                      P....;..
Date=2021-06-29 Time=17:57:44 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.10 dest_ip=139.45.197.253 l4_protocol=TCP source_port=61035 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:44 010202130 IP 192.168.28.10.61035 > 139.45.197.253.443 : proto TCP: R 2456398213:2456398213(0) checksum : 36613
0x0000:  4500 0028 9561 4000 8006 3791 c0a8 1c0a  E..(.a@...7.....
0x0010:  8b2d c5fd ee6b 01bb 9269 a985 67d9 5efe  .-...k...i..g.^.
0x0020:  5014 0000 8f05 0000                      P.......
Date=2021-06-29 Time=17:57:44 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.10 dest_ip=139.45.197.253 l4_protocol=TCP source_port=61035 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:45 010202130 IP 192.168.28.20.57618 > 200.40.231.53.443 : proto TCP:  154502240:154502241(1) ack 2214047294 win 63823 checksum : 34767
0x0000:  4500 0029 1571 4000 8006 5943 c0a8 1c14  E..).q@...YC....
0x0010:  c828 e735 e112 01bb 0935 8460 83f7 ae3e  .(.5.....5.`...>
0x0020:  5010 f94f 87cf 0000 00                   P..O.....
Date=2021-06-29 Time=17:57:45 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.20 dest_ip=200.40.231.53 l4_protocol=TCP source_port=57618 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:58:30 010202130 IP 192.168.28.20.57618 > 200.40.231.53.443 : proto TCP:  154502240:154502241(1) ack 2214047294 win 63823 checksum : 34767
0x0000:  4500 0029 1572 4000 8006 5942 c0a8 1c14  E..).r@...YB....
0x0010:  c828 e735 e112 01bb 0935 8460 83f7 ae3e  .(.5.....5.`...>
0x0020:  5010 f94f 87cf 0000 00                   P..O.....
Date=2021-06-29 Time=17:58:30 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.20 dest_ip=200.40.231.53 l4_protocol=TCP source_port=57618 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0


    Then the .pcap file but I'm not entirely sure I captured dropped packets in it. (I don't know how to attach it here). I'm reading it with wireshark but I clearly lack knowledge to understand what I'm seeing.

Reply
  • 0 in reply to FormerMember

    Hello Harsh, thanks for your reply, I've followed the instructions and got the following results.
    drop-packet-capture 'dst port 443' 

    Sophos Firmware Version SFOS 18.0.5 MR-5-Build586

Main Menu

    1.  Network  Configuration
    2.  System   Configuration
    3.  Route    Configuration
    4.  Device Console
    5.  Device Management
    6.  VPN Management
    7.  Shutdown/Reboot Device
    0.  Exit

    Select Menu Number [0-7]: 4
Sophos Firmware Version SFOS 18.0.5 MR-5-Build586

console> drop-packet-capture 'dst port 443'
2021-06-29 17:57:00 010202130 IP 192.168.28.20.57618 > 200.40.231.53.443 : proto TCP:  154502240:154502241(1) ack 2214047294 win 63823 checksum : 34767
0x0000:  4500 0029 1570 4000 8006 5944 c0a8 1c14  E..).p@...YD....
0x0010:  c828 e735 e112 01bb 0935 8460 83f7 ae3e  .(.5.....5.`...>
0x0020:  5010 f94f 87cf 0000 00                   P..O.....
Date=2021-06-29 Time=17:57:00 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert durati                                                                                   on=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.20 dest_ip=200.40.231.53 l4_prot                                                                                   ocol=TCP source_port=57618 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 ho                                                                                   tspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 n                                                                                   at_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:06 010202130 IP 10.196.50.106.48916 > 172.217.172.110.443 : proto TCP:  753592667:753592795(128) ack 4268148739 win 397 checksum : 42663
0x0000:  4500 00b4 1997 4000 4006 8a37 0ac4 326a  E.....@.@..7..2j
0x0010:  acd9 ac6e bf14 01bb 2cea e95b fe66 c803  ...n....,..[.f..
0x0020:  8010 018d a6a7 0000 0101 080a 024b 3940  .............K9@
0x0030:  d82b d3be 1703 0301 8700 0000 0000 0000  .+..............
0x0040:  03a6 c34e 9241 d151 edf1 c620 85d8 697c  ...N.A.Q......i|
0x0050:  e610 7f86 b129 aeef 7768 41fb 695f 8432  .....)..whA.i_.2
0x0060:  8d48 a62a 4969 dfd6 1342 2714 869c 9e5f  .H.*Ii...B'...._
0x0070:  be76 29b4 9112 6337 d2b9 b700 6917 7e17  .v)...c7....i.~.
0x0080:  2c00 d39d 50c0 f6ae e1f4 9ce5 d0f2 c6ae  ,...P...........
0x0090:  230e 0593 72e5 6a22 80c5 9d72 91e3 a157  #...r.j"...r...W
0x00a0:  3ffc 0ac1 1be3 e413 8501 c08f 5bf9 8168  ?...........[..h
0x00b0:  a128 0a28                                .(.(
Date=2021-06-29 Time=17:57:06 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert durati                                                                                   on=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.196.50.106 dest_ip=172.217.172.110 l4_pr                                                                                   otocol=TCP source_port=48916 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0                                                                                    hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0                                                                                    nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:21 010202130 IP 10.196.50.106.46998 > 172.217.172.42.443 : proto TCP: R 276760725:276760725(0) win 364 checksum : 2433
0x0000:  4500 0034 1738 4000 4006 8d5a 0ac4 326a  E..4.8@.@..Z..2j
0x0010:  acd9 ac2a b796 01bb 107f 0895 b3e1 7417  ...*..........t.
0x0020:  8014 016c 0981 0000 0101 080a 024b 3ea4  ...l.........K>.
0x0030:  6ec7 2b85                                n.+.
Date=2021-06-29 Time=17:57:21 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.196.50.106 dest_ip=172.217.172.42 l4_protocol=TCP source_port=46998 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:21 010202130 IP 10.196.50.106.37704 > 172.217.172.99.443 : proto TCP: R 3244138597:3244138597(0) win 386 checksum : 58252
0x0000:  4500 0034 0128 4000 4006 a331 0ac4 326a  E..4.(@.@..1..2j
0x0010:  acd9 ac63 9348 01bb c15d a065 f303 53fd  ...c.H...].e..S.
0x0020:  8014 0182 e38c 0000 0101 080a 024b 3ea4  .............K>.
0x0030:  10f2 6b96                                ..k.
Date=2021-06-29 Time=17:57:21 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.196.50.106 dest_ip=172.217.172.99 l4_protocol=TCP source_port=37704 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:32 010202130 IP 192.168.28.10.61035 > 139.45.197.253.443 : proto TCP:  2456398211:2456398212(1) ack 1742298878 win 64461 checksum : 37692
0x0000:  4500 0029 955d 4000 8006 3794 c0a8 1c0a  E..).]@...7.....
0x0010:  8b2d c5fd ee6b 01bb 9269 a983 67d9 5efe  .-...k...i..g.^.
0x0020:  5010 fbcd 933c 0000 00                   P....<...
Date=2021-06-29 Time=17:57:32 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.10 dest_ip=139.45.197.253 l4_protocol=TCP source_port=61035 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:44 010202130 IP 192.168.28.10.61035 > 139.45.197.253.443 : proto TCP: F 2456398212:2456398212(0) win 64461 checksum : 37691
0x0000:  4500 0028 9560 4000 8006 3792 c0a8 1c0a  E..(.`@...7.....
0x0010:  8b2d c5fd ee6b 01bb 9269 a984 67d9 5efe  .-...k...i..g.^.
0x0020:  5011 fbcd 933b 0000                      P....;..
Date=2021-06-29 Time=17:57:44 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.10 dest_ip=139.45.197.253 l4_protocol=TCP source_port=61035 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:44 010202130 IP 192.168.28.10.61035 > 139.45.197.253.443 : proto TCP: R 2456398213:2456398213(0) checksum : 36613
0x0000:  4500 0028 9561 4000 8006 3791 c0a8 1c0a  E..(.a@...7.....
0x0010:  8b2d c5fd ee6b 01bb 9269 a985 67d9 5efe  .-...k...i..g.^.
0x0020:  5014 0000 8f05 0000                      P.......
Date=2021-06-29 Time=17:57:44 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.10 dest_ip=139.45.197.253 l4_protocol=TCP source_port=61035 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:57:45 010202130 IP 192.168.28.20.57618 > 200.40.231.53.443 : proto TCP:  154502240:154502241(1) ack 2214047294 win 63823 checksum : 34767
0x0000:  4500 0029 1571 4000 8006 5943 c0a8 1c14  E..).q@...YC....
0x0010:  c828 e735 e112 01bb 0935 8460 83f7 ae3e  .(.5.....5.`...>
0x0020:  5010 f94f 87cf 0000 00                   P..O.....
Date=2021-06-29 Time=17:57:45 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.20 dest_ip=200.40.231.53 l4_protocol=TCP source_port=57618 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0

2021-06-29 17:58:30 010202130 IP 192.168.28.20.57618 > 200.40.231.53.443 : proto TCP:  154502240:154502241(1) ack 2214047294 win 63823 checksum : 34767
0x0000:  4500 0029 1572 4000 8006 5942 c0a8 1c14  E..).r@...YB....
0x0010:  c828 e735 e112 01bb 0935 8460 83f7 ae3e  .(.5.....5.`...>
0x0020:  5010 f94f 87cf 0000 00                   P..O.....
Date=2021-06-29 Time=17:58:30 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=192.168.28.20 dest_ip=200.40.231.53 l4_protocol=TCP source_port=57618 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0


    Then the .pcap file but I'm not entirely sure I captured dropped packets in it. (I don't know how to attach it here). I'm reading it with wireshark but I clearly lack knowledge to understand what I'm seeing.

Children
  • 0 in reply to EnriqueOlive Pérez

    ifconfig 

    XG86_AM01_SFOS 18.0.5 MR-5-Build586# ifconfig
GuestAP   Link encap:Ethernet  HWaddr F2:66:D6:F4:D7:6D
          inet addr:10.255.0.1  Bcast:10.255.0.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Port1     Link encap:Ethernet  HWaddr 7C:5A:1C:D5:31:DC
          inet addr:10.196.50.1  Bcast:10.196.50.255  Mask:255.255.255.0
          inet6 addr: fe80::7e5a:1cff:fed5:31dc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21800858 errors:0 dropped:0 overruns:0 frame:0
          TX packets:50433779 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:9395858174 (8.7 GiB)  TX bytes:62101408394 (57.8 GiB)

Port2     Link encap:Ethernet  HWaddr 7C:5A:1C:D5:31:DD
          inet6 addr: -------------------/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:92691334 errors:0 dropped:46376 overruns:0 frame:0
          TX packets:44937040 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:109918452924 (102.3 GiB)  TX bytes:16644004511 (15.5 GiB)

Port2_ppp Link encap:Point-to-Point Protocol
          inet addr:----------------  P-t-P:-------------  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1442  Metric:1
          RX packets:2607178 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1177438 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:3315105217 (3.0 GiB)  TX bytes:172796706 (164.7 MiB)

Port3     Link encap:Ethernet  HWaddr 7C:5A:1C:D5:31:DE
          inet addr:192.168.28.1  Bcast:192.168.28.255  Mask:255.255.255.0
          inet6 addr: fe80::7e5a:1cff:fed5:31de/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20145559 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38031294 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6490400718 (6.0 GiB)  TX bytes:45751672372 (42.6 GiB)

Port4     Link encap:Ethernet  HWaddr 7C:5A:1C:D5:31:DF
          inet addr:192.168.20.1  Bcast:192.168.20.255  Mask:255.255.255.0
          inet6 addr: fe80::7e5a:1cff:fed5:31df/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:714599 errors:0 dropped:0 overruns:0 frame:0
          TX packets:806657 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:181035771 (172.6 MiB)  TX bytes:631578358 (602.3 MiB)

ifb0      Link encap:Ethernet  HWaddr FA:D0:92:6B:44:E5
          inet6 addr: fe80::f8d0:92ff:fe6b:44e5/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ipsec0    Link encap:Ethernet  HWaddr D2:26:BF:4B:BD:40
          inet addr:169.254.234.5  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::d026:bfff:fe4b:bd40/64 Scope:Link
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:16260  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:65868320 errors:0 dropped:0 overruns:0 frame:0
          TX packets:65868320 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:20586869645 (19.1 GiB)  TX bytes:20586869645 (19.1 GiB)


    ethtool -S "portname"

    XG86_AM01_SFOS 18.0.5 MR-5-Build586# ethtool -S "Port4"
NIC statistics:
     tx_packets: 806666
     rx_packets: 714608
     tx_errors: 0
     rx_errors: 0
     rx_missed: 0
     align_errors: 0
     tx_single_collisions: 0
     tx_multi_collisions: 0
     unicast: 705281
     broadcast: 9207
     multicast: 120
     tx_aborted: 0
     tx_underrun: 0
XG86_AM01_SFOS 18.0.5 MR-5-Build586# ethtool -S "Port3"
NIC statistics:
     tx_packets: 38032116
     rx_packets: 20146131
     tx_errors: 0
     rx_errors: 0
     rx_missed: 0
     align_errors: 0
     tx_single_collisions: 0
     tx_multi_collisions: 0
     unicast: 20005643
     broadcast: 136105
     multicast: 4383
     tx_aborted: 0
     tx_underrun: 0
XG86_AM01_SFOS 18.0.5 MR-5-Build586# ethtool -S "Port1"
NIC statistics:
     tx_packets: 50434478
     rx_packets: 21801537
     tx_errors: 0
     rx_errors: 0
     rx_missed: 0
     align_errors: 0
     tx_single_collisions: 0
     tx_multi_collisions: 0
     unicast: 21531034
     broadcast: 268219
     multicast: 2284
     tx_aborted: 0
     tx_underrun: 0
XG86_AM01_SFOS 18.0.5 MR-5-Build586# ethtool -S "Port2"
NIC statistics:
     tx_packets: 44938668
     rx_packets: 92693314
     tx_errors: 0
     rx_errors: 0
     rx_missed: 0
     align_errors: 0
     tx_single_collisions: 0
     tx_multi_collisions: 0
     unicast: 92639974
     broadcast: 14
     multicast: 53326
     tx_aborted: 0
     tx_underrun: 0
XG86_AM01_SFOS 18.0.5 MR-5-Build586# ethtool -S "Port2_ppp"
no stats available

  • FormerMember
    0 FormerMember in reply to EnriqueOlive Pérez

    Hi ,

    Thank you for the update. There’s no alarming interface level. Could you please share the pcap by sending a personal message? 

    Thanks,