We have vendor at site who uses SSL VLN he is having disconnection issues.
Traffic flows via Mcafee firewall
+0000",fac=f_kernel,area=a_nil_area,type=t_attack,pri=p_major,hostname=FWM300,category=dos,event="TCP max segments;reassembly",src_geo=US,srcip=200.x.x.x,srcport=443,srczone=external,dstip=192.168.x.x,dstport=18229,attackip=200.x.x.x,attackport=443,attackzone=external,protocol=6,interface=1-0,reason="There are too many out of order segments in TCP reassembly processing."
where 200.x.x.x is VPN server IP
192.168.x.x is user PC IP
Need to confirm if Mcafee is dropping the traffic?
Solved! Go to Solution.
You probably have packet loss outside the firewall. You can do tcpdumps on the firewall and the device outside the firewall to confirm this. You can do a Google search to learn how to spot packet loss in a tcpdump capture (retransmissions, duplicate-ACKs, etc.).
I did tcp dump by below command on external interface on firewall
tcpdump -npi external -w file
After this i hit enter and i see below
Now i press control +C to stop the TCP dump.will this stop the TCP dump on firewall?
How can i make sure tcpdump is stopped?