TCP FIN and Close age out
I have a DHCP DNS Wins Certificate server Kasper antivirus exchnage and oracle 10g configured in my Lan, i have configured 802.1x machine authentication and vlan assignment via IC 4000 and security policies are applied via ISG 2000 juniper Firewall. we have seen a lot of TCP FIn Tcp port no 1116 and close age out TCP Port no 1026 on my Lan Firewall ISG 2000
Software/Hardware used:
Software/Hardware used:
ASKED:
January 20, 2009 9:08 AM
UPDATED:
January 21, 2009 1:00 AM
Answer Wiki:
Last Wiki Answer Submitted:
Be the first to answer this question.
All Answer Wiki Contributors:
Be the first to answer this question.
To see all answers submitted to the Answer Wiki: View Answer History.
Stepping back outside of potential nuances with the applications you mention, are you seeing any FIN ACKs? Any specific hosts the TCP 1026 is originating from? Any specific patterns to the traffic? Is it causing problems?
One of the best things you can do is to connect a network analyzer such as OmniPeek (or Ethereal if you’re willing and eager to take that on) to the network segment and see where the traffic is originating, etc. The reason I like commercial products like OmniPeek is because you can it in “monitor” mode to get a much simpler representation of what’s going on. WELL worth the money.