Meraki

Community

Trying to set a double port forwarding

JeffreyG
Comes here often
‎Jan 22 2024 9:38 AM
‎Jan 22 2024 9:38 AM

Trying to set a double port forwarding

Hi I'm actually struggling trying to figure how to set my double port forward to remotely access a device by ssh on a network.

 

So here's the situation I have two servers on a network. This network is made of two MX68CW-NA routers with one as spare. The ssh port of the servers has been changed for 50022. Both servers are connected to an MS Switch which is connected to the router. I can connect from one server to the other from the same LAN 10.20.100.X. I can connect from my computer connected to the ISP router 192.168.2.X to each server by my port forward on the MX router. If I connect a server directly to the ISP router and set its port forward and reach it from the outside. For some reason, we can't remove the ISP router of the network at this moment.

I tried to set the forwarding as fallow, but it doesn't work:
ISP router rule: ext-port 40043, int-port 40043 protocol both, destination-ip my main Meraki router ext-ip which is 192.168.2.103.
MX router: ext-port 40043, int-port 50022 protocol tcp, destination-ip my server ip which is 10.20.100.43.


Then this should work : ssh user@public-isp-router-address -p 40043

 

So I expect it to travel like that:
wan-device -> public-isp-ip :40043 -> meraki-router :40043 -> server-ip :50022

 

I don't see any settings or firewall rules that could prevent that. I'm not sure if some vlan settings can be the cause or if there's something else that I'm missing.

Here's the vlan config

ID VLAN name Subnet VLAN interface IP Group policy

10ADMIN10.20.10.0/2410.20.10.1None
100IOT10.20.100.0/2410.20.100.1None
110MGMT10.20.110.0/2410.20.110.1None
120CAMERA10.20.120.0/2410.20.120.1None


Thanks for your time. I hope we can find something.

 

Labels:
0 Kudos
13 Replies 13
ww
Kind of a big deal
Kind of a big deal
‎Jan 22 2024 9:59 AM
‎Jan 22 2024 9:59 AM

Did you test the public ip:port from another wan device/address or from a device on the lan side of the mx?

 

I would make a capture on the internet port of the mx with filter "port 40043" to test if you see traffic when you initiate the sessions

In response to ww
JeffreyG
Comes here often
‎Jan 22 2024 10:03 AM
‎Jan 22 2024 10:03 AM

Yes I tested it from an other wan addresse. As I said, I can reach a device on my ISP network from the outside.

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jan 22 2024 10:02 AM
‎Jan 22 2024 10:02 AM

If you have 2 MX'es in a warm spare setup please check if you are running virtual IP or not.
In this setup you should do that and you must use the virtual IP as destination on your ISP router.

 

When testing you could run a temporary packet capture on the Internet side of your active MX to see if your SSH traffic is even reaching the MX.

In response to GIdenJoe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 22 2024 11:14 AM
‎Jan 22 2024 11:14 AM

I think @GIdenJoe might be on the right track.  Try doing a 1:1 NAT on the MX, such as 192.168.2.43 to 10.20.100.43, and then only allow through port 50022 (you'll have to change your ISP router to forwarding to this port as well then).

0 Kudos
In response to PhilipDAth
JeffreyG
Comes here often
‎Jan 22 2024 12:03 PM
‎Jan 22 2024 12:03 PM

Hi, I already tried to use the 1:1 NAT. So I set exactly like you said as public ip 192.168.2.43:40043 and port forwarded to 10.20.100.43:50022. I can't reach the device. Thanks for the suggestion. Maybe I'm still missing something.

 
0 Kudos
In response to GIdenJoe
JeffreyG
Comes here often
‎Jan 22 2024 11:41 AM
‎Jan 22 2024 11:41 AM

Interesting. I didn't know this feature. I'm not the one who configured this network and I'm still new in the area and with those products.
 
So I see that there's no virtual ip configured on the warm spare. It's important to know that I'm managing it remotely and it's important to avoid any misconfiguration that could result in a loss of connection.
So I see where to set the virtual ip, I see in the documentation that this ip must be different from the ip of both router. So if I set it to 192.168.2.104 as the other router is on .102 and validated that .104 is available.
This should be fine at least to set that ip.
 
I'll try the packet capture too after that.
0 Kudos
In response to GIdenJoe
JeffreyG
Comes here often
‎Jan 22 2024 2:23 PM
‎Jan 22 2024 2:23 PM

So I tried that. I added the virtual ip at 192.168.2.104. Changed the port forward to that address.
I did the packet capture with 2 high levels of logging with a filtering on port 40043. (not sure if a better filter could be used
 
We see that the router receive the packet from my own wan ip which is 184.145.157.57, it has for destinations192.168.2.104:40043. That makes me think that the packet can reach the destination, but it can't be returned to its source (my computer in this case).


--- Start Of Stream ---
tcpdump: listening on wan0_sniff, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:04:44.342528 IP (tos 0x0, ttl 121, id 9581, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63172 > 192.168.2.104.40043: Flags [S], cksum 0xa1c9 (correct), seq 2779087038, win 64240, options [mss 1434,nop,wscale 8,nop,nop,sackOK], length 0
22:04:45.343424 IP (tos 0x0, ttl 121, id 9585, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63172 > 192.168.2.104.40043: Flags [S], cksum 0xa1b7 (correct), seq 2779087038, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
22:04:47.351590 IP (tos 0x0, ttl 121, id 9591, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63172 > 192.168.2.104.40043: Flags [S], cksum 0xa1b7 (correct), seq 2779087038, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
22:04:51.358396 IP (tos 0x0, ttl 121, id 9601, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63172 > 192.168.2.104.40043: Flags [S], cksum 0xa1b7 (correct), seq 2779087038, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
22:04:59.372416 IP (tos 0x0, ttl 121, id 9624, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63172 > 192.168.2.104.40043: Flags [S], cksum 0xa1b7 (correct), seq 2779087038, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
--- End Of Stream ---
--- Start Of Stream ---
tcpdump: listening on wan0_sniff, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:05:21.535630 54:64:d9:33:62:3e > cc:03:d9:ca:a3:ee, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 121, id 9700, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63188 > 192.168.2.104.40043: Flags [S], cksum 0x47a9 (correct), seq 1156135819, win 64240, options [mss 1434,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 25e4 4000 7906 c304 b891 9d39 E..4%.@.y......9
0x0010: c0a8 0268 f6d4 9c6b 44e9 3b8b 0000 0000 ...h...kD.;.....
0x0020: 8002 faf0 47a9 0000 0204 059a 0103 0308 ....G...........
0x0030: 0101 0402 ....
22:05:22.542346 54:64:d9:33:62:3e > cc:03:d9:ca:a3:ee, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 121, id 9703, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63188 > 192.168.2.104.40043: Flags [S], cksum 0x4797 (correct), seq 1156135819, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 25e7 4000 7906 c301 b891 9d39 E..4%.@.y......9
0x0010: c0a8 0268 f6d4 9c6b 44e9 3b8b 0000 0000 ...h...kD.;.....
0x0020: 8002 faf0 4797 0000 0204 05ac 0103 0308 ....G...........
0x0030: 0101 0402 ....
22:05:24.563463 54:64:d9:33:62:3e > cc:03:d9:ca:a3:ee, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 121, id 9708, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63188 > 192.168.2.104.40043: Flags [S], cksum 0x4797 (correct), seq 1156135819, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 25ec 4000 7906 c2fc b891 9d39 E..4%.@.y......9
0x0010: c0a8 0268 f6d4 9c6b 44e9 3b8b 0000 0000 ...h...kD.;.....
0x0020: 8002 faf0 4797 0000 0204 05ac 0103 0308 ....G...........
0x0030: 0101 0402 ....
22:05:28.568214 54:64:d9:33:62:3e > cc:03:d9:ca:a3:ee, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 121, id 9720, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63188 > 192.168.2.104.40043: Flags [S], cksum 0x4797 (correct), seq 1156135819, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 25f8 4000 7906 c2f0 b891 9d39 E..4%.@.y......9
0x0010: c0a8 0268 f6d4 9c6b 44e9 3b8b 0000 0000 ...h...kD.;.....
0x0020: 8002 faf0 4797 0000 0204 05ac 0103 0308 ....G...........
0x0030: 0101 0402 ....
22:05:36.580532 54:64:d9:33:62:3e > cc:03:d9:ca:a3:ee, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 121, id 9740, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.63188 > 192.168.2.104.40043: Flags [S], cksum 0x4797 (correct), seq 1156135819, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 260c 4000 7906 c2dc b891 9d39 E..4&.@.y......9
0x0010: c0a8 0268 f6d4 9c6b 44e9 3b8b 0000 0000 ...h...kD.;.....
0x0020: 8002 faf0 4797 0000 0204 05ac 0103 0308 ....G...........
0x0030: 0101 0402 ....
--- End Of Stream ---

0 Kudos
In response to JeffreyG
ww
Kind of a big deal
Kind of a big deal
‎Jan 22 2024 3:11 PM
‎Jan 22 2024 3:11 PM

And what do you see on a lan side capture "port 50022"

0 Kudos
In response to ww
JeffreyG
Comes here often
‎Jan 22 2024 3:29 PM
‎Jan 22 2024 3:29 PM

Here's the result
I went to see the ssh connection on the device and nothing seems to appear in the ssh log.
(I forgot to mention, but I can access the device by our autossh reverse tunnel service. But what I try to achieve is a direct connection. But if needed I can check some log on it.)
I'm not sure what we can understand by this capture. If you can tell me.
Thanks

--- Start Of Stream ---
tcpdump: listening on all_lan_sniff, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:20:09.231778 IP (tos 0x0, ttl 120, id 20214, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.64737 > 10.20.100.43.50022: Flags [S], cksum 0x425a (correct), seq 2054370073, win 64240, options [mss 1434,nop,wscale 8,nop,nop,sackOK], length 0
23:20:10.235128 IP (tos 0x0, ttl 120, id 20215, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.64737 > 10.20.100.43.50022: Flags [S], cksum 0x4248 (correct), seq 2054370073, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
23:20:12.250678 IP (tos 0x0, ttl 120, id 20216, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.64737 > 10.20.100.43.50022: Flags [S], cksum 0x4248 (correct), seq 2054370073, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
23:20:16.244732 IP (tos 0x0, ttl 120, id 20217, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.64737 > 10.20.100.43.50022: Flags [S], cksum 0x4248 (correct), seq 2054370073, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
23:20:24.250327 IP (tos 0x0, ttl 120, id 20218, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.64737 > 10.20.100.43.50022: Flags [S], cksum 0x4248 (correct), seq 2054370073, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
23:20:25.282522 IP (tos 0x10, ttl 64, id 52554, offset 0, flags [DF], proto TCP (6), length 88)
10.20.100.41.34826 > 52.149.141.62.50022: Flags [P.], cksum 0x68f6 (correct), seq 3290150381:3290150417, ack 3475999202, win 501, options [nop,nop,TS val 1662121006 ecr 3773618601], length 36
23:20:25.309576 IP (tos 0x10, ttl 45, id 50899, offset 0, flags [DF], proto TCP (6), length 80)
52.149.141.62.50022 > 10.20.100.41.34826: Flags [P.], cksum 0x4455 (correct), seq 1:29, ack 36, win 501, options [nop,nop,TS val 3773678675 ecr 1662121006], length 28
23:20:25.309786 IP (tos 0x10, ttl 64, id 52555, offset 0, flags [DF], proto TCP (6), length 52)
10.20.100.41.34826 > 52.149.141.62.50022: Flags [.], cksum 0x294e (correct), seq 36, ack 29, win 501, options [nop,nop,TS val 1662121033 ecr 3773678675], length 0
23:20:25.448511 IP (tos 0x10, ttl 64, id 45366, offset 0, flags [DF], proto TCP (6), length 88)
10.20.100.44.52514 > 52.149.141.62.50022: Flags [P.], cksum 0xf0cf (correct), seq 1374537876:1374537912, ack 696510548, win 501, options [nop,nop,TS val 2142485273 ecr 3773618803], length 36
23:20:25.474795 IP (tos 0x10, ttl 44, id 63192, offset 0, flags [DF], proto TCP (6), length 88)
52.149.141.62.50022 > 10.20.100.44.52514: Flags [P.], cksum 0x1fec (correct), seq 1:37, ack 36, win 501, options [nop,nop,TS val 3773678840 ecr 2142485273], length 36
23:20:25.475000 IP (tos 0x10, ttl 64, id 45367, offset 0, flags [DF], proto TCP (6), length 52)
10.20.100.44.52514 > 52.149.141.62.50022: Flags [.], cksum 0xa6ba (correct), seq 36, ack 37, win 501, options [nop,nop,TS val 2142485300 ecr 3773678840], length 0
--- End Of Stream ---

0 Kudos
In response to JeffreyG
ww
Kind of a big deal
Kind of a big deal
‎Jan 23 2024 3:48 AM
‎Jan 23 2024 3:48 AM

Looks like the traffic is going to10.20.100.43.50022.  But the 10.20.100.43 does not respond.

Maybe that port is not open on that system

0 Kudos
In response to ww
JeffreyG
Comes here often
‎Jan 23 2024 11:39 AM
‎Jan 23 2024 11:39 AM

The port is open. I can connect by ssh from 10.20.100.4 to 10.20.100.43.50022
I'm also able to connect from 192.168.2.219 to 10.20.100.43.50022 via my Meraki port forward

0 Kudos
In response to JeffreyG
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jan 23 2024 1:16 PM
‎Jan 23 2024 1:16 PM

So the MX is actually forwarding the traffic to said IP and port like you configured.  Can you verify in the packet capture or more detailed new packet capture that the destination MAC address is in fact the MAC address of the machine running SSH?
If yes you could verify on the switch where the host is at that the packet is delivered to the end host and the problem has to do with perhaps the client firewall or client routing back out.

0 Kudos
In response to GIdenJoe
JeffreyG
Comes here often
‎Jan 23 2024 2:35 PM
‎Jan 23 2024 2:35 PM


Hi,
I didn't see that the other format doesnt contain the mac address. As you said I have to do another capture.

As we can see here the ethernet interface is 10.20.100.43/24 - e4:5f:01:70:e8:5c
And I connected the wifi interface for testing and management purpose 192.168.2.219/24 - e4:5f:01:70:e8:5d

@gp0043:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether e4:5f:01:70:e8:5c brd ff:ff:ff:ff:ff:ff
inet 10.20.100.43/24 metric 100 brd 10.20.100.255 scope global dynamic eth0
valid_lft 53471sec preferred_lft 53471sec
inet6 fe80::e65f:1ff:fe70:e85c/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether e4:5f:01:70:e8:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.2.219/24 metric 1 brd 192.168.2.255 scope global dynamic wlan0
valid_lft 226267sec preferred_lft 226267sec
inet6 fe80::e65f:1ff:fe70:e85d/64 scope link
valid_lft forever preferred_lft forever

Here's a new capture with every details

--- Start Of Stream ---
tcpdump: listening on all_lan_sniff, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:27:55.495799 cc:03:d9:ca:a3:ee > e4:5f:01:70:e8:5c, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x0, ttl 120, id 20234, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.49381 > 10.20.100.43.50022: Flags [S], cksum 0xd55b (correct), seq 3564143126, win 64240, options [mss 1434,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 4f0a 4000 7806 efaf b891 9d39 E..4O.@.x......9
0x0010: 0a14 642b c0e5 c366 d470 8216 0000 0000 ..d+...f.p......
0x0020: 8002 faf0 d55b 0000 0204 059a 0103 0308 .....[..........
0x0030: 0101 0402 ....
22:27:56.497612 cc:03:d9:ca:a3:ee > e4:5f:01:70:e8:5c, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x0, ttl 120, id 20235, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.49381 > 10.20.100.43.50022: Flags [S], cksum 0xd549 (correct), seq 3564143126, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 4f0b 4000 7806 efae b891 9d39 E..4O.@.x......9
0x0010: 0a14 642b c0e5 c366 d470 8216 0000 0000 ..d+...f.p......
0x0020: 8002 faf0 d549 0000 0204 05ac 0103 0308 .....I..........
0x0030: 0101 0402 ....
22:27:58.505212 cc:03:d9:ca:a3:ee > e4:5f:01:70:e8:5c, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x0, ttl 120, id 20236, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.49381 > 10.20.100.43.50022: Flags [S], cksum 0xd549 (correct), seq 3564143126, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 4f0c 4000 7806 efad b891 9d39 E..4O.@.x......9
0x0010: 0a14 642b c0e5 c366 d470 8216 0000 0000 ..d+...f.p......
0x0020: 8002 faf0 d549 0000 0204 05ac 0103 0308 .....I..........
0x0030: 0101 0402 ....
22:28:02.520922 cc:03:d9:ca:a3:ee > e4:5f:01:70:e8:5c, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x0, ttl 120, id 20237, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.49381 > 10.20.100.43.50022: Flags [S], cksum 0xd549 (correct), seq 3564143126, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 4f0d 4000 7806 efac b891 9d39 E..4O.@.x......9
0x0010: 0a14 642b c0e5 c366 d470 8216 0000 0000 ..d+...f.p......
0x0020: 8002 faf0 d549 0000 0204 05ac 0103 0308 .....I..........
0x0030: 0101 0402 ....
22:28:08.021914 e4:5f:01:70:e7:e4 > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 106: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 63114, offset 0, flags [DF], proto TCP (6), length 88)
10.20.100.42.60028 > 52.149.141.62.50022: Flags [P.], cksum 0x96c1 (correct), seq 2536491953:2536491989, ack 4271154822, win 501, options [nop,nop,TS val 617840332 ecr 3856881348], length 36
0x0000: 4510 0058 f68a 4000 4006 13f4 0a14 642a E..X..@.@.....d*
0x0010: 3495 8d3e ea7c c366 972f cbb1 fe94 a686 4..>.|.f./......
0x0020: 8018 01f5 96c1 0000 0101 080a 24d3 7ecc ............$.~.
0x0030: e5e3 56c4 6a3c 8d9b e855 d841 6fba 4dc9 ..V.j<...U.Ao.M.
0x0040: c52f 83ca 31fa b81a b3a6 0aab 0b6d d135 ./..1........m.5
0x0050: 5594 c731 d674 e06e U..1.t.n
22:28:08.048925 cc:03:d9:ca:a3:ee > e4:5f:01:70:e7:e4, ethertype 802.1Q (0x8100), length 106: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 44, id 33248, offset 0, flags [DF], proto TCP (6), length 88)
52.149.141.62.50022 > 10.20.100.42.60028: Flags [P.], cksum 0x0756 (correct), seq 1:37, ack 36, win 501, options [nop,nop,TS val 3856941426 ecr 617840332], length 36
0x0000: 4510 0058 81e0 4000 2c06 9c9e 3495 8d3e E..X..@.,...4..>
0x0010: 0a14 642a c366 ea7c fe94 a686 972f cbd5 ..d*.f.|...../..
0x0020: 8018 01f5 0756 0000 0101 080a e5e4 4172 .....V........Ar
0x0030: 24d3 7ecc cd2d b222 dbb4 1e48 8f12 865c $.~..-."...H...\
0x0040: 01f8 f79b e741 e6d9 8d00 476a ae5d 277c .....A....Gj.]'|
0x0050: 4ec6 2061 45b1 06b0 N..aE...
22:28:08.049125 e4:5f:01:70:e7:e4 > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 63115, offset 0, flags [DF], proto TCP (6), length 52)
10.20.100.42.60028 > 52.149.141.62.50022: Flags [.], cksum 0xc37b (correct), seq 36, ack 37, win 501, options [nop,nop,TS val 617840360 ecr 3856941426], length 0
0x0000: 4510 0034 f68b 4000 4006 1417 0a14 642a E..4..@.@.....d*
0x0010: 3495 8d3e ea7c c366 972f cbd5 fe94 a6aa 4..>.|.f./......
0x0020: 8010 01f5 c37b 0000 0101 080a 24d3 7ee8 .....{......$.~.
0x0030: e5e4 4172 ..Ar
22:28:08.426935 e4:5f:01:70:e8:f5 > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 106: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 2816, offset 0, flags [DF], proto TCP (6), length 88)
10.20.100.41.58794 > 52.149.141.62.50022: Flags [P.], cksum 0x834a (correct), seq 2125455321:2125455357, ack 731346957, win 501, options [nop,nop,TS val 1745384137 ecr 3856881789], length 36
0x0000: 4510 0058 0b00 4000 4006 ff7f 0a14 6429 E..X..@.@.....d)
0x0010: 3495 8d3e e5aa c366 7eaf dfd9 2b97 780d 4..>...f~...+.x.
0x0020: 8018 01f5 834a 0000 0101 080a 6808 72c9 .....J......h.r.
0x0030: e5e3 587d 6e3a 0b7f 33b6 fe6b 36ac c7af ..X}n:..3..k6...
0x0040: bc1a 4bf1 8e3d d3df 3266 04b4 f7f5 6f75 ..K..=..2f....ou
0x0050: 223b f978 4abf e374 ";.xJ..t
22:28:08.453202 cc:03:d9:ca:a3:ee > e4:5f:01:70:e8:f5, ethertype 802.1Q (0x8100), length 106: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 44, id 22751, offset 0, flags [DF], proto TCP (6), length 88)
52.149.141.62.50022 > 10.20.100.41.58794: Flags [P.], cksum 0x5dc4 (correct), seq 1:37, ack 36, win 501, options [nop,nop,TS val 3856941831 ecr 1745384137], length 36
0x0000: 4510 0058 58df 4000 2c06 c5a0 3495 8d3e E..XX.@.,...4..>
0x0010: 0a14 6429 c366 e5aa 2b97 780d 7eaf dffd ..d).f..+.x.~...
0x0020: 8018 01f5 5dc4 0000 0101 080a e5e4 4307 ....].........C.
0x0030: 6808 72c9 4aba e83b fd46 5d90 dfa8 de02 h.r.J..;.F].....
0x0040: e593 3c1a 92fa 4860 a515 a744 9e68 cba2 ..<...H`...D.h..
0x0050: 2d60 fa36 7be4 9542 -`.6{..B
22:28:08.453397 e4:5f:01:70:e8:f5 > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 2817, offset 0, flags [DF], proto TCP (6), length 52)
10.20.100.41.58794 > 52.149.141.62.50022: Flags [.], cksum 0x9558 (correct), seq 36, ack 37, win 501, options [nop,nop,TS val 1745384163 ecr 3856941831], length 0
0x0000: 4510 0034 0b01 4000 4006 ffa2 0a14 6429 E..4..@.@.....d)
0x0010: 3495 8d3e e5aa c366 7eaf dffd 2b97 7831 4..>...f~...+.x1
0x0020: 8010 01f5 9558 0000 0101 080a 6808 72e3 .....X......h.r.
0x0030: e5e4 4307 ..C.
22:28:08.921665 e4:5f:01:70:e9:3d > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 106: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 22082, offset 0, flags [DF], proto TCP (6), length 88)
10.20.100.44.57012 > 52.149.141.62.50022: Flags [P.], cksum 0x94f9 (correct), seq 4136253688:4136253724, ack 1811290382, win 501, options [nop,nop,TS val 2225748732 ecr 3856882256], length 36
0x0000: 4510 0058 5642 4000 4006 b43a 0a14 642c E..XVB@.@..:..d,
0x0010: 3495 8d3e deb4 c366 f68a 38f8 6bf6 190e 4..>...f..8.k...
0x0020: 8018 01f5 94f9 0000 0101 080a 84aa 3afc ..............:.
0x0030: e5e3 5a50 470d 66e2 426a b040 5611 ca8a ..ZPG.f.Bj.@V...
0x0040: b9b9 ea8e 6d76 b3ad f6e4 debf 0ebe ac73 ....mv.........s
0x0050: b023 bebd 3b74 9741 .#..;t.A
22:28:08.948148 cc:03:d9:ca:a3:ee > e4:5f:01:70:e9:3d, ethertype 802.1Q (0x8100), length 98: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 45, id 402, offset 0, flags [DF], proto TCP (6), length 80)
52.149.141.62.50022 > 10.20.100.44.57012: Flags [P.], cksum 0x256e (correct), seq 1:29, ack 36, win 501, options [nop,nop,TS val 3856942326 ecr 2225748732], length 28
0x0000: 4510 0050 0192 4000 2d06 1bf3 3495 8d3e E..P..@.-...4..>
0x0010: 0a14 642c c366 deb4 6bf6 190e f68a 391c ..d,.f..k.....9.
0x0020: 8018 01f5 256e 0000 0101 080a e5e4 44f6 ....%n........D.
0x0030: 84aa 3afc 4b7a 4dd1 fa72 7b34 f324 2e1b ..:.KzM..r{4.$..
0x0040: f252 9340 3bbc 2bce c03b f3eb 93c0 78a0 .R.@;.+..;....x.
22:28:08.948395 e4:5f:01:70:e9:3d > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 22083, offset 0, flags [DF], proto TCP (6), length 52)
10.20.100.44.57012 > 52.149.141.62.50022: Flags [.], cksum 0x0335 (correct), seq 36, ack 29, win 501, options [nop,nop,TS val 2225748759 ecr 3856942326], length 0
0x0000: 4510 0034 5643 4000 4006 b45d 0a14 642c E..4VC@.@..]..d,
0x0010: 3495 8d3e deb4 c366 f68a 391c 6bf6 192a 4..>...f..9.k..*
0x0020: 8010 01f5 0335 0000 0101 080a 84aa 3b17 .....5........;.
0x0030: e5e4 44f6 ..D.
22:28:09.749659 e4:5f:01:70:e8:44 > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 106: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 42284, offset 0, flags [DF], proto TCP (6), length 88)
10.20.100.45.57276 > 52.149.141.62.50022: Flags [P.], cksum 0xc279 (correct), seq 715623828:715623864, ack 280003692, win 501, options [nop,nop,TS val 1625559306 ecr 3856883110], length 36
0x0000: 4510 0058 a52c 4000 4006 654f 0a14 642d E..X.,@.@.eO..d-
0x0010: 3495 8d3e dfbc c366 2aa7 8d94 10b0 846c 4..>...f*......l
0x0020: 8018 01f5 c279 0000 0101 080a 60e4 110a .....y......`...
0x0030: e5e3 5da6 9dd1 dab4 bea7 a80c 1852 df93 ..]..........R..
0x0040: b7d9 f99a d74c eda0 5668 2243 fb4d 63b8 .....L..Vh"C.Mc.
0x0050: f335 3ff9 6e14 15a1 .5?.n...
22:28:09.776431 e4:5f:01:70:e9:3a > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 106: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 27677, offset 0, flags [DF], proto TCP (6), length 88)
10.20.100.144.47810 > 52.149.141.62.50022: Flags [P.], cksum 0x7738 (correct), seq 1178195736:1178195772, ack 35976639, win 501, options [nop,nop,TS val 1546394831 ecr 3856883098], length 36
0x0000: 4510 0058 6c1d 4000 4006 9dfb 0a14 6490 E..Xl.@.@.....d.
0x0010: 3495 8d3e bac2 c366 4639 d718 0224 f5bf 4..>...fF9...$..
0x0020: 8018 01f5 7738 0000 0101 080a 5c2c 1ccf ....w8......\,..
0x0030: e5e3 5d9a 2097 9118 ae95 6ec5 4545 e227 ..].......n.EE.'
0x0040: 0982 b5f6 7bea 2754 5509 d794 b6c0 af1a ....{.'TU.......
0x0050: 2be6 52bf 41c1 d103 +.R.A...
22:28:09.776434 cc:03:d9:ca:a3:ee > e4:5f:01:70:e8:44, ethertype 802.1Q (0x8100), length 106: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 44, id 3174, offset 0, flags [DF], proto TCP (6), length 88)
52.149.141.62.50022 > 10.20.100.45.57276: Flags [P.], cksum 0x3880 (correct), seq 1:37, ack 36, win 501, options [nop,nop,TS val 3856943154 ecr 1625559306], length 36
0x0000: 4510 0058 0c66 4000 2c06 1216 3495 8d3e E..X.f@.,...4..>
0x0010: 0a14 642d c366 dfbc 10b0 846c 2aa7 8db8 ..d-.f.....l*...
0x0020: 8018 01f5 3880 0000 0101 080a e5e4 4832 ....8.........H2
0x0030: 60e4 110a c9cb 5ea2 0ac5 b74e ff1e 5dcb `.....^....N..].
0x0040: e19b 9555 2fdf f1a2 a6d5 c60b 1074 fd9d ...U/........t..
0x0050: 68ca 9d06 8eb9 8c04 h.......
22:28:09.776734 e4:5f:01:70:e8:44 > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 42285, offset 0, flags [DF], proto TCP (6), length 52)
10.20.100.45.57276 > 52.149.141.62.50022: Flags [.], cksum 0xb3cf (correct), seq 36, ack 37, win 501, options [nop,nop,TS val 1625559333 ecr 3856943154], length 0
0x0000: 4510 0034 a52d 4000 4006 6572 0a14 642d E..4.-@.@.er..d-
0x0010: 3495 8d3e dfbc c366 2aa7 8db8 10b0 8490 4..>...f*.......
0x0020: 8010 01f5 b3cf 0000 0101 080a 60e4 1125 ............`..%
0x0030: e5e4 4832 ..H2
22:28:09.803353 cc:03:d9:ca:a3:ee > e4:5f:01:70:e9:3a, ethertype 802.1Q (0x8100), length 98: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 44, id 55452, offset 0, flags [DF], proto TCP (6), length 80)
52.149.141.62.50022 > 10.20.100.144.47810: Flags [P.], cksum 0x3956 (correct), seq 1:29, ack 36, win 501, options [nop,nop,TS val 3856943181 ecr 1546394831], length 28
0x0000: 4510 0050 d89c 4000 2c06 4584 3495 8d3e E..P..@.,.E.4..>
0x0010: 0a14 6490 c366 bac2 0224 f5bf 4639 d73c ..d..f...$..F9.<
0x0020: 8018 01f5 3956 0000 0101 080a e5e4 484d ....9V........HM
0x0030: 5c2c 1ccf 9fea fe00 459a 04f7 26cc 5af5 \,......E...&.Z.
0x0040: e631 b526 b4e7 06d0 bbe6 bb5e ad8e ea02 .1.&.......^....
22:28:09.803560 e4:5f:01:70:e9:3a > cc:03:d9:ca:a3:ee, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x10, ttl 64, id 27678, offset 0, flags [DF], proto TCP (6), length 52)
10.20.100.144.47810 > 52.149.141.62.50022: Flags [.], cksum 0x0969 (correct), seq 36, ack 29, win 501, options [nop,nop,TS val 1546394858 ecr 3856943181], length 0
0x0000: 4510 0034 6c1e 4000 4006 9e1e 0a14 6490 E..4l.@.@.....d.
0x0010: 3495 8d3e bac2 c366 4639 d73c 0224 f5db 4..>...fF9.<.$..
0x0020: 8010 01f5 0969 0000 0101 080a 5c2c 1cea .....i......\,..
0x0030: e5e4 484d ..HM
22:28:10.523749 cc:03:d9:ca:a3:ee > e4:5f:01:70:e8:5c, ethertype 802.1Q (0x8100), length 70: vlan 100, p 0, ethertype IPv4 (0x0800), (tos 0x0, ttl 120, id 20238, offset 0, flags [DF], proto TCP (6), length 52)
184.145.157.57.49381 > 10.20.100.43.50022: Flags [S], cksum 0xd549 (correct), seq 3564143126, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 4500 0034 4f0e 4000 7806 efab b891 9d39 E..4O.@.x......9
0x0010: 0a14 642b c0e5 c366 d470 8216 0000 0000 ..d+...f.p......
0x0020: 8002 faf0 d549 0000 0204 05ac 0103 0308 .....I..........
0x0030: 0101 0402 ....
--- End Of Stream ---


Packet related to 52.149.141.62 are destinated to the autossh server.

Thanks

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.