get db st 9572093.0: bgroup0(i) len=66:f0def1ba52d8->40b4f055e349/0800 172.16.141.102 -> 76.65.199.219/6 vhl=45, tos=00, id=7591, frag=4000, ttl=128 tlen=52 tcp:ports 56876->2000, seq=1508163500, ack=0, flag=8002/SYN 40 b4 f0 55 e3 49 f0 de f1 ba 52 d8 08 00 45 00 @..U.I....R...E. 00 34 1d a7 40 00 80 06 8f 89 ac 10 8d 66 4c 41 .4..@........fLA c7 db de 2c 07 d0 59 e4 bf ac 00 00 00 00 80 02 ...,..Y......... 20 00 02 bd 00 00 02 04 04 ec 01 03 03 02 01 01 ................ 04 02 .. ****** 9572093.0: packet received [52]****** ipid = 7591(1da7), @03a11070 packet passed sanity check. flow_decap_vector IPv4 process bgroup0:172.16.141.102/56876->76.65.199.219/2000,6 no session found flow_first_sanity_check: in , out chose interface bgroup0 as incoming nat if. flow_first_routing: in , out search route to (bgroup0, 172.16.141.102->76.65.199.219) in vr trust-vr for vsd-0/flag-0/ifp-null cached route 0 for 76.65.199.219 add route 2773 for 76.65.199.219 to route cache table [ Dest] 2773.route 76.65.199.219->172.31.250.1, to ethernet0/0 routed (x_dst_ip 76.65.199.219) from bgroup0 (bgroup0 in 0) to ethernet0/0 policy search from zone 2-> zone 1 policy_flow_search policy search nat_crt from zone 2-> zone 1 RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 76.65.199.219, port 2000, proto 6) No SW RPC rule match, search HW rule swrs_search_ip: policy matched id/idx/action = 2/1/0x1 Permitted by policy 2 src-nat dip id = 2, 172.16.141.102/56876->172.31.250.38/1737 choose interface ethernet0/0 as outgoing phy if no loop on ifp ethernet0/0. session application type 71, name SCCP, nas_id 0, timeout 1800sec ALG vector is attached service lookup identified service 71. flow_first_final_check: in , out existing vector list 18b-2a82494. Session (id:7981) created for first pak 18b flow_first_install_session======> route to 172.31.250.1 cached arp entry with MAC 000000000000 for 172.31.250.1 arp entry found for 172.31.250.1 ifp2 ethernet0/0, out_ifp ethernet0/0, flag 10800e00, tunnel ffffffff, rc 1 outgoing wing prepared, ready handle cleartext reverse route search route to (ethernet0/0, 76.65.199.219->172.16.141.102) in vr trust-vr for vsd-0/flag-3000/ifp-bgroup0 cached route 1 for 172.16.141.102 [ Dest] 1.route 172.16.141.102->172.16.141.102, to bgroup0 route to 172.16.141.102 cached arp entry with MAC f0def1ba52d8 for 172.16.141.102 arp entry found for 172.16.141.102 ifp2 bgroup0, out_ifp bgroup0, flag 00800e01, tunnel ffffffff, rc 1 flow got session. flow session id 7981 flow_main_body_vector in ifp bgroup0 out ifp ethernet0/0 flow vector index 0x18b, vector addr 0x2a82494, orig vector 0x2a82494 av/uf/voip checking. tcp seq check. Got syn, 172.16.141.102(56876)->76.65.199.219(2000), nspflag 0x801e01, 0x10800e00 post addr xlation: 172.31.250.38->76.65.199.219. packet send out to b0b2dc2342ae through ethernet0/0 9572093.0: bgroup0(i) len=66:f0def1ba52d8->40b4f055e349/0800 172.16.141.102 -> 76.65.199.219/6 vhl=45, tos=00, id=7592, frag=4000, ttl=128 tlen=52 tcp:ports 56877->2000, seq=602431670, ack=0, flag=8002/SYN 40 b4 f0 55 e3 49 f0 de f1 ba 52 d8 08 00 45 00 @..U.I....R...E. 00 34 1d a8 40 00 80 06 8f 88 ac 10 8d 66 4c 41 .4..@........fLA c7 db de 2d 07 d0 23 e8 60 b6 00 00 00 00 80 02 ...-..#.`....... 20 00 97 ae 00 00 02 04 04 ec 01 03 03 02 01 01 ................ 04 02 .. ****** 9572093.0: packet received [52]****** ipid = 7592(1da8), @03a13070 packet passed sanity check. flow_decap_vector IPv4 process bgroup0:172.16.141.102/56877->76.65.199.219/2000,6 no session found flow_first_sanity_check: in , out chose interface bgroup0 as incoming nat if. flow_first_routing: in , out search route to (bgroup0, 172.16.141.102->76.65.199.219) in vr trust-vr for vsd-0/flag-0/ifp-null cached route 2773 for 76.65.199.219 [ Dest] 2773.route 76.65.199.219->172.31.250.1, to ethernet0/0 routed (x_dst_ip 76.65.199.219) from bgroup0 (bgroup0 in 0) to ethernet0/0 policy search from zone 2-> zone 1 policy_flow_search policy search nat_crt from zone 2-> zone 1 RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 76.65.199.219, port 2000, proto 6) No SW RPC rule match, search HW rule swrs_search_ip: policy matched id/idx/action = 2/1/0x1 Permitted by policy 2 src-nat dip id = 2, 172.16.141.102/56877->172.31.250.38/1867 choose interface ethernet0/0 as outgoing phy if no loop on ifp ethernet0/0. session application type 71, name SCCP, nas_id 0, timeout 1800sec ALG vector is attached service lookup identified service 71. flow_first_final_check: in , out existing vector list 18b-2a82494. Session (id:7997) created for first pak 18b flow_first_install_session======> route to 172.31.250.1 cached arp entry with MAC 000000000000 for 172.31.250.1 arp entry found for 172.31.250.1 ifp2 ethernet0/0, out_ifp ethernet0/0, flag 10800e00, tunnel ffffffff, rc 1 outgoing wing prepared, ready handle cleartext reverse route search route to (ethernet0/0, 76.65.199.219->172.16.141.102) in vr trust-vr for vsd-0/flag-3000/ifp-bgroup0 cached route 1 for 172.16.141.102 [ Dest] 1.route 172.16.141.102->172.16.141.102, to bgroup0 route to 172.16.141.102 cached arp entry with MAC f0def1ba52d8 for 172.16.141.102 arp entry found for 172.16.141.102 ifp2 bgroup0, out_ifp bgroup0, flag 00800e01, tunnel ffffffff, rc 1 flow got session. flow session id 7997 flow_main_body_vector in ifp bgroup0 out ifp ethernet0/0 flow vector index 0x18b, vector addr 0x2a82494, orig vector 0x2a82494 av/uf/voip checking. tcp seq check. Got syn, 172.16.141.102(56877)->76.65.199.219(2000), nspflag 0x801e01, 0x10800e00 post addr xlation: 172.31.250.38->76.65.199.219. packet send out to b0b2dc2342ae through ethernet0/0 9572094.0: bgroup0(o) len=62:40b4f055e349->f0def1ba52d8/0800 76.65.199.219 -> 172.16.141.102/6 vhl=45, tos=00, id=36006, frag=4000, ttl=118 tlen=48 tcp:ports 2000->56876, seq=2519822986, ack=1508163501, flag=7012/SYN/ACK f0 de f1 ba 52 d8 40 b4 f0 55 e3 49 08 00 45 00 ....R.@..U.I..E. 00 30 8c a6 40 00 76 06 2a 8e 4c 41 c7 db ac 10 .0..@.v.*.LA.... 8d 66 07 d0 de 2c 96 31 72 8a 59 e4 bf ad 70 12 .f...,.1r.Y...p. 44 e8 e9 10 00 00 02 04 04 ec 01 01 04 02 D............. 9572094.0: bgroup0(i) len=60:f0def1ba52d8->40b4f055e349/0800 172.16.141.102 -> 76.65.199.219/6 vhl=45, tos=00, id=7593, frag=4000, ttl=128 tlen=40 tcp:ports 56876->2000, seq=1508163501, ack=2519822987, flag=5010/ACK 40 b4 f0 55 e3 49 f0 de f1 ba 52 d8 08 00 45 00 @..U.I....R...E. 00 28 1d a9 40 00 80 06 8f 93 ac 10 8d 66 4c 41 .(..@........fLA c7 db de 2c 07 d0 59 e4 bf ad 96 31 72 8b 50 10 ...,..Y....1r.P. ff f0 5a 04 00 00 00 00 00 00 00 00 ..Z......... ****** 9572094.0: packet received [40]****** ipid = 7593(1da9), @03a12070 packet passed sanity check. flow_decap_vector IPv4 process bgroup0:172.16.141.102/56876->76.65.199.219/2000,6 existing session found. sess token 3 flow got session. flow session id 7981 flow_main_body_vector in ifp bgroup0 out ifp N/A flow vector index 0x18b, vector addr 0x2a82494, orig vector 0x2a82494 av/uf/voip checking. asp vector processing state: 1 tcp seq check. Got ack, 172.16.141.102(56876)->76.65.199.219(2000), natpflag 0x8000000, nspflag 0x801e01, 0x10801e00, timeout=900 post addr xlation: 172.31.250.38->76.65.199.219. packet send out to b0b2dc2342ae through ethernet0/0 9572094.0: bgroup0(o) len=62:40b4f055e349->f0def1ba52d8/0800 76.65.199.219 -> 172.16.141.102/6 vhl=45, tos=00, id=36007, frag=4000, ttl=118 tlen=48 tcp:ports 2000->56877, seq=2907567579, ack=602431671, flag=7012/SYN/ACK f0 de f1 ba 52 d8 40 b4 f0 55 e3 49 08 00 45 00 ....R.@..U.I..E. 00 30 8c a7 40 00 76 06 2a 8d 4c 41 c7 db ac 10 .0..@.v.*.LA.... 8d 66 07 d0 de 2d ad 4d f5 db 23 e8 60 b7 70 12 .f...-.M..#.`.p. 44 e8 e3 94 00 00 02 04 04 ec 01 01 04 02 D............. 9572094.0: bgroup0(i) len=60:f0def1ba52d8->40b4f055e349/0800 172.16.141.102 -> 76.65.199.219/6 vhl=45, tos=00, id=7594, frag=4000, ttl=128 tlen=40 tcp:ports 56877->2000, seq=602431671, ack=2907567580, flag=5010/ACK 40 b4 f0 55 e3 49 f0 de f1 ba 52 d8 08 00 45 00 @..U.I....R...E. 00 28 1d aa 40 00 80 06 8f 92 ac 10 8d 66 4c 41 .(..@........fLA c7 db de 2d 07 d0 23 e8 60 b7 ad 4d f5 dc 50 10 ...-..#.`..M..P. ff f0 54 88 00 00 00 00 00 00 00 00 ..T......... ****** 9572094.0: packet received [40]****** ipid = 7594(1daa), @03a12870 packet passed sanity check. flow_decap_vector IPv4 process bgroup0:172.16.141.102/56877->76.65.199.219/2000,6 existing session found. sess token 3 flow got session. flow session id 7997 flow_main_body_vector in ifp bgroup0 out ifp N/A flow vector index 0x18b, vector addr 0x2a82494, orig vector 0x2a82494 av/uf/voip checking. asp vector processing state: 1 tcp seq check. Got ack, 172.16.141.102(56877)->76.65.199.219(2000), natpflag 0x8000000, nspflag 0x801e01, 0x10801e00, timeout=900 post addr xlation: 172.31.250.38->76.65.199.219. packet send out to b0b2dc2342ae through ethernet0/0 9572094.0: bgroup0(i) len=372:f0def1ba52d8->40b4f055e349/0800 172.16.141.102 -> 76.65.199.219/6 vhl=45, tos=00, id=7595, frag=4000, ttl=128 tlen=358 tcp:ports 56877->2000, seq=602431671, ack=2907567580, flag=5018/ACK 40 b4 f0 55 e3 49 f0 de f1 ba 52 d8 08 00 45 00 @..U.I....R...E. 01 66 1d ab 40 00 80 06 8e 53 ac 10 8d 66 4c 41 .f..@....S...fLA c7 db de 2d 07 d0 23 e8 60 b7 ad 4d f5 dc 50 18 ...-..#.`..M..P. ff f0 18 82 00 00 47 45 54 20 2f 20 48 54 54 50 ......GET./.HTTP 2f 31 2e 31 0d 0a 41 63 63 65 70 74 3a 20 74 65 /1.1..Accept:.te 78 74 2f 68 74 6d 6c 2c 20 61 70 70 6c 69 63 61 xt/html,.applica 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 20 tion/xhtml+xml,. 2a 2f 2a 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 */*..Accept-Lang 75 61 67 65 3a 20 66 72 2d 43 48 0d 0a 55 73 65 uage:.fr-CH..Use 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 r-Agent:.Mozilla 2f 35 2e 30 20 28 63 6f 6d 70 61 74 69 62 6c 65 /5.0.(compatible 3b 20 4d 53 49 45 20 39 2e 30 3b 20 57 69 6e 64 ;.MSIE.9.0;.Wind 6f 77 73 20 4e 54 20 36 2e 31 3b 20 57 4f 57 36 ows.NT.6.1;.WOW6 34 3b 20 54 72 69 64 65 6e 74 2f 35 2e 30 29 0d 4;.Trident/5.0). 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 .Accept-Encoding 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d :.gzip,.deflate. 0a 48 6f 73 74 3a 20 77 77 77 2e 6e 74 63 69 61 .Host:.www.ntcia 2e 63 6f 6d 3a 32 30 30 30 0d 0a 49 66 2d 4d 6f .com:2000..If-Mo 64 69 66 69 65 64 2d 53 69 6e 63 65 3a 20 54 68 dified-Since:.Th 75 2c 20 30 36 20 4d 61 72 20 32 30 31 34 20 31 u,.06.Mar.2014.1 32 3a 32 35 3a 34 37 20 47 4d 54 3b 20 6c 65 6e 2:25:47.GMT;.len 67 74 68 3d 33 34 32 35 0d 0a 43 6f 6e 6e 65 63 gth=3425..Connec 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 tion:.Keep-Alive 0d 0a 0d 0a .... ****** 9572094.0: packet received [358]****** ipid = 7595(1dab), @03a13870 packet passed sanity check. flow_decap_vector IPv4 process bgroup0:172.16.141.102/56877->76.65.199.219/2000,6 existing session found. sess token 3 flow got session. flow session id 7997 flow_main_body_vector in ifp bgroup0 out ifp N/A flow vector index 0x18b, vector addr 0x2a82494, orig vector 0x2a82494 av/uf/voip checking. asp vector processing state: 2 ASP inject packet from ethernet0/0 **** jump to packet:76.65.199.219->172.31.250.38 flow_decap_vector IPv4 process flow packet already have session. flow session id 7997 flow_main_body_vector in ifp ethernet0/0 out ifp bgroup0 flow vector index 0x18b, vector addr 0x2a82494, orig vector 0x2a82494 av/uf/voip checking. post addr xlation: 76.65.199.219->172.16.141.102. packet send out to f0def1ba52d8 through bgroup0 9572094.0: bgroup0(o) len=54:40b4f055e349->f0def1ba52d8/0800 76.65.199.219 -> 172.16.141.102/6 vhl=45, tos=00, id=35183, frag=0000, ttl=63 tlen=40 tcp:ports 2000->56877, seq=2907567580, ack=602431989, flag=5010/ACK f0 de f1 ba 52 d8 40 b4 f0 55 e3 49 08 00 45 00 ....R.@..U.I..E. 00 28 89 6f 00 00 3f 06 a4 cd 4c 41 c7 db ac 10 .(.o..?...LA.... 8d 66 07 d0 de 2d ad 4d f5 dc 23 e8 61 f5 50 10 .f...-.M..#.a.P. fe c1 54 79 00 00 ..Ty.. **** pak processing end. packet dropped, ASP tcp proxy will rebuild a new one packet dropped, unkown type packet