Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What does TCP:SEW means?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 74.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moh10ly
      last edited by

      I'm receiving many TCP:SEW on a specific port which is related to Microsoft Lync federation. I'm continuing to lose federated partners on Lync and not sure if this SEW has anything to translate and look at? or look for.

      anyone?  ???

      Power is Knowledge.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        S would be SYN, meaning it's starting a new connection.
        E is ECE "indicate that the TCP peer is ECN capable during 3-way handshake"
        W is CWR "Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set"

        If you're seeing a SYN blocked it's usually because it's not matching a firewall and/or NAT rule as you expect.

        Should that software be opening up a port with UPnP? Or some other way?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          moh10ly
          last edited by

          The traffic is allowed, it doesn't block it and that's what makes it even more odd! The thing is I would like to know if seeing such traffic flagged with the SEW is normal or indicates there's a problem ?

          The port is actually matching the rule I have enabled .. as I see that outgoing and incoming connection are coming/going to the right host/destination ports for the server hosted in my data center/client connected.

          this logged connection shows that my server is sending packet to destination partner's IP on port 5061 for federation purpose on Lync.. still I'm unable to communicate with this partner.

          Dec 27 17:12:38 DMZ   10.20.10.150:64121   134.56.3.168:5061 TCP:SEW

          This happened only 2 days ago. so I'm not sure what's the case, before that I had federation with MSN/Skype so My Lync could talk normally to Skype and MSN contacts. now I can't but this was logged on my servers as a certificate issue and i'm intending to reinstall the certificates and hope the issue gets fixed with all of them.

          But this other partner was working normally. now not ??? ???

          Power is Knowledge.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            The TCP flags aren't likely to be of any relation, you're logging it as passed, it's getting passed. Just having a state created doesn't necessarily mean end to end connectivity is working though, analyzing a packet capture would determine that. If the TCP session is legit in a capture, then you know you have an application-level issue, not a network issue.

            1 Reply Last reply Reply Quote 0
            • M
              moh10ly
              last edited by

              So it's most likely a certificate issue then, Would certificate issue causes packets to not being sent or received as expected by the server application ?

              Power is Knowledge.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.