cancel
Showing results for 
Search instead for 
Did you mean: 
mike18
Level 7
Report Inappropriate Content
Message 1 of 6

There are too many out of order segments in TCP

Jump to solution

Hi Everyone,

We have vendor at site who uses SSL VLN he is having disconnection issues.

Traffic flows via Mcafee firewall

log shows

+0000",fac=f_kernel,area=a_nil_area,type=t_attack,pri=p_major,hostname=FWM300,category=dos,event="TCP max segments;reassembly",src_geo=US,srcip=200.x.x.x,srcport=443,srczone=external,dstip=192.168.x.x,dstport=18229,attackip=200.x.x.x,attackport=443,attackzone=external,protocol=6,interface=1-0,reason="There are too many out of order segments in TCP reassembly processing."

where 200.x.x.x is VPN server IP

192.168.x.x is user PC IP

Need to confirm if Mcafee is dropping the traffic?

Regards

Mike

1 Solution

Accepted Solutions

Re: There are too many out of oder segments in TCP

Jump to solution

hi mike,

after Cltr+C, you should see something like this:

^C50322 packets captured

256637 packets received by filter

0 packets dropped by kernel

5 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 6

Re: There are too many out of oder segments in TCP

Jump to solution

You probably have packet loss outside the firewall.  You can do tcpdumps on the firewall and the device outside the firewall to confirm this.  You can do a Google search to learn how to spot packet loss in a tcpdump capture (retransmissions, duplicate-ACKs, etc.).

mike18
Level 7
Report Inappropriate Content
Message 3 of 6

Re: There are too many out of oder segments in TCP

Jump to solution

I did tcp dump by below command on external interface on firewall

tcpdump -npi external -w file

After this i hit enter and i see below

file

Now i press control +C to stop the TCP dump.will this stop the TCP dump on firewall?

How can i make sure tcpdump is stopped?

Regards

Mike

Re: There are too many out of oder segments in TCP

Jump to solution

hi mike,

after Cltr+C, you should see something like this:

^C50322 packets captured

256637 packets received by filter

0 packets dropped by kernel

mike18
Level 7
Report Inappropriate Content
Message 5 of 6

Re: There are too many out of oder segments in TCP

Jump to solution

Many thanks

Regards

Mike

mike18
Level 7
Report Inappropriate Content
Message 6 of 6

Re: There are too many out of oder segments in TCP

Jump to solution

Many thanks

Regards

Mike

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator