ASA TCP ping

Did you know that the latest code for Cisco ASA firewall (8.4) now supports TCP ping? I have earlier complained about the fact that you cannot telnet out from an ASA cli. You still can´t, but at least you can use the tcp ping feature to see if a specific tcp port is reachable. That´s awesome!

 

asa-firewall# ping tcp nat0.net 80
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to 94.247.168.200 port 80
from 213.66.135.232, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/14 ms
asa-firewall#

 

For each exclamation mark above there are 3 packets generated:

  1. SYN-packet from the ASA to the destination host.
  2. SYN-ACK-packet from the destination host back to the ASA.
  3. RST-packet from the ASA to the destination host.

 

The ‘ping tcp’-command is a great way to generate outbound tcp-traffic to verify reachability to a foreign host!

Tagged with: ,
Posted in Cisco Security, Uncategorized

Leave a Reply

Your email address will not be published.

*

Signuppp

[mc4wp_form id="2457"]
Website Security Test