This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kanishkaw
Participant
‎2020-09-04 01:30 PM

Cloudgaurd R80.10 virtual gw (NSX-V 6.7) droping TCP 3 way handshake's 3rd ACK packet

This is a example test capture and IPs are test IPs.

Client: 10.68.65.230     Server:10.68.86.9:tcp443 is the communication I am looking at.

I want to understand why 3rd ACK [packet 8] doesnt have full chain captured in this "fw monitor" capture.

For example, if you look the first [SYN] you will see all (x0eth2,i1eth2, I7eth2,o1eth2,O8eth2,X0eth2) all packets in the capture.

Why I dont see that full chain for packet number 8?

Does that mean, (the 3rd packet [ACK] of tcp 3 way handshake),  is dropped by Cloudguard?

The actual issue is the server (10.68.86.9) never recieves the ACK and hence 3 way tcp handshake never completes from server perspective and hence conenction failing.

Why I am not seeing the full chain for the 8th packet in the attahced is a puzzle to me ??

 

 

Preview file
287 KB
Preview file
272 KB
Preview file
253 KB
0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2020-09-06 06:27 PM

That's likely and fw ctl zdebug drop should tell you why if it's not in the logs.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Trending Discussions
Multi Cloud Cluster GCP+Azure
Upcoming Events

    Sort by:
    CheckMates Events