Hi all I need claficiation on the data matching options in FPM.
router(config-cmap)#match start l3-start offset 123 size 4 ? eq eq gt gt lt lt neq neq range range regex regex string string When do we use eq, string and regex? My understanding is that, when you want to directly match the hex pattern in the packet, then we use "eq" as following: Router(config)# class-map type access-control match-all mydoom2 Router(config-cmap)# match field ip length gt 44 Router(config-cmap)# match start l3-start offset 40 size 4 eq 0x47455420 Router(config-cmap)# match start l3-start offset 78 size 4 eq 0x6d3a3830 *We should regex or string, when we need to match letters or alaphabets which is not hex as following:* class-map type access-control match-all test-class match field TCP dest-port gt 10 match start l3-start offset 40 size 32 regex "ABCD" class-map type access-control match-all test-class match field TCP dest-port gt 10 match start l3-start offset 40 size 32 string "ABCD" The IOS will be convert ABCD into ASCII, then into hex and then will search the packet for the hex value Please let me know, your thoughts. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
