Troubleshooting VPN Connectivity | VPC Flow Logs - Answer | SOA-C02 Exam

Troubleshooting VPN Connectivity

Prev Question Next Question

Question

You are troubleshooting a VPN connectivity issue between your on-premises network & VPC.

To capture IP traffic, you have enabled VPC Flow logs on a web server interface. Following is the flow log record captured. 10 123456789010 eni-abc123de 172.31.41.189 172.8.51.117 39751 3389 6 20 3279 1218430010 1218430070 REJECT OK Which of the following statement is True with regards to VPC flow logs?

Answers

A. Host with IP 172.31.41.189 is trying RDP connection using UDP protocol to host with IP 172.8.51.117

B. Host with IP 172.8.51.117 is trying RDP connection using TCP protocol to host with IP 172.31.41.189

C. Host with IP 172.31.41.189 is trying RDP connection using TCP protocol to host with IP 172.8.51.117

D. Host with IP 172.8.51.117 is trying RDP connection using UDP protocol to host with IP 172.31.41.189

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: C.

In the above question, source IP 172.31.41.189 tries to do an RDP session (destination port 3389) to destination IP address 172.8.51.117 using TCP protocol ( Protocol number 6).

VPC Flow Logs have the following fields.

Version: 10

Account-id: 123456789010

Interface-id: eni-abc123de.

Source IP: 172.31.41.189

Destination IP: 172.8.51.117

Source Port: 39751

Destination Port: 3389

Protocol: 6

Packets:20

Bytes: 3279

Start Time:1218430010

End Time:1218430070

Action: REJECT.

Log-status: OK.

Option A is incorrect as VPC Logs has a protocol number 6 which is a TCP Protocol number & not a UDP packet that has a Protocol number 17.

Option B is incorrect as VPC logs source IP address is 172.31.41.189 while destination IP address is 172.8.51.117.

Option D is incorrect as VPC Logs has a protocol number 6 which is a TCP Protocol number & not a UDP which has a Protocol number 17

Also, the source IP address is 172.31.41.189 while the destination IP address is 172.8.51.117.

For more information on VPC Flow Logs, refer to the following URL-

https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

The VPC flow log record captured is as follows:

yaml
10 123456789010 eni-abc123de 172.31.41.189 172.8.51.117 39751 3389 6 20 3279 1218430010 1218430070 REJECT OK

Each field in the VPC flow log record represents the following information:

10 - The version number of the VPC Flow Logs format.
123456789010 - The AWS account ID.
eni-abc123de - The network interface ID.
172.31.41.189 - The source IP address.
172.8.51.117 - The destination IP address.
39751 - The source port number.
3389 - The destination port number.
6 - The protocol number.
20 - The number of packets transmitted from the source to the destination.
3279 - The number of bytes transmitted from the source to the destination.
1218430010 - The start time of the flow, in Unix epoch time.
1218430070 - The end time of the flow, in Unix epoch time.
REJECT - The action taken on the traffic.
OK - The reason for the action taken on the traffic.

From the above information, we can infer the following:

The source IP address is 172.31.41.189.
The destination IP address is 172.8.51.117.
The source port number is 39751.
The destination port number is 3389.
The protocol number is 6, which corresponds to TCP.

Therefore, the correct answer is option C: Host with IP 172.31.41.189 is trying RDP connection using TCP protocol to host with IP 172.8.51.117.

Prev Question Next Question