Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

Page of 1214
 
3-21
思科 ASA 系列命令参考,命令
 
 3       show as-path-access-list  show auto-update 命令
  show asp drop
Name: tcp-data-past-fin
TCP data send after FIN:
    This counter is incremented and the packet is dropped when the appliance receives new 
TCP data packet from an endpoint which had sent a FIN to close the connection.
Recommendations:
    None
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-3whs-failed
TCP failed 3 way handshake:
    This counter is incremented and the packet is dropped when appliance receives an 
invalid TCP packet during three-way-handshake.Example SYN-ACK from client will be dropped 
for this reason.
Recommendations:
    None
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-rstfin-ooo
TCP RST/FIN out of order:
    This counter is incremented and the packet is dropped when appliance receives a RST or 
a FIN packet with incorrect TCP sequence number.
Recommendations:
    None
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-seq-syn-diff
TCP SEQ in SYN/SYNACK invalid:
    This counter is incremented and the packet is dropped when appliance receives a SYN or 
SYN-ACK packet during three-way-handshake with incorrect TCP sequence number.
Recommendations:
    None
Syslogs:
    None
----------------------------------------------------------------
Name: tcp-ack-syn-diff
TCP ACK in SYNACK invalid:
    This counter is incremented and the packet is dropped when appliance receives a 
SYN-ACK packet during three-way-handshake with incorrect TCP acknowledgement number.
Recommendations:
    None
Syslogs:
    None