Re: [OSL | CCIE_Security] CCIE_Security Digest, Vol 48, Issue 67

simon Fri, 11 Jun 2010 01:53:55 -0700

3. Troubleshooting (Vybhav Ramachandran

Hi TackACK,
TS is included in the config part. No dedicated section.


Cheers
Simon


Zitat von [email protected]:

Send CCIE_Security mailing list submissions to
        [email protected]

To subscribe or unsubscribe via the World Wide Web, visit
        http://onlinestudylist.com/mailman/listinfo/ccie_security
or, via email, send a message with subject or body 'help' to
        [email protected]

You can reach the person managing the list at
        [email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CCIE_Security digest..."


Today's Topics:

   1. Re: Traceroute unix-style? (Piotr Kaluzny)
   2. Re: Traceroute unix-style? (Jimmy Larsson)
   3. Troubleshooting (Vybhav Ramachandran)
   4. Re: Traceroute unix-style? (Piotr Kaluzny)
   5. Re: Traceroute unix-style? (Jimmy Larsson)


----------------------------------------------------------------------

Message: 1
Date: Fri, 11 Jun 2010 09:49:37 +0200
From: Piotr Kaluzny <[email protected]>
To: Jimmy Larsson <[email protected]>
Cc: OSL Security <[email protected]>
Subject: Re: [OSL | CCIE_Security] Traceroute unix-style?
Message-ID:
        <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"

Jimmy,

ICMP_OBJ group covers Unix traceroute. It uses ICMP Type 3 Code 3 (Port
Unreachable) and ICMP Type 11 Code 0 (Time Exceeded; TTL exceeded in
transit).

Cheers,
Piotr K


On Fri, Jun 11, 2010 at 8:36 AM, Jimmy Larsson <[email protected]> wrote:

Hi!

In Lab 18 task 1.6 we should allow unix-style traceroute thru the ASA. DSG
opens icmp-traffic but as far as I know unix-style traceroute uses
udp-ports. What am I missing here?

Br Jimmy


--
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------

_______________________________________________
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com



--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
-------------- next part --------------
An HTML attachment was scrubbed...

URL:<http://onlinestudylist.com/pipermail/ccie_security/attachments/20100611/bb0706cd/attachment-0001.html>


------------------------------

Message: 2
Date: Fri, 11 Jun 2010 10:08:34 +0200
From: Jimmy Larsson <[email protected]>
To: Piotr Kaluzny <[email protected]>
Cc: OSL Security <[email protected]>
Subject: Re: [OSL | CCIE_Security] Traceroute unix-style?
Message-ID:
        <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"

But then, whats the difference between unix and windows traceroute according
to port/protocol usage?

http://en.wikipedia.org/wiki/Traceroute

http://www.topbits.com/how-unix-and-windows-traceroutes-differ.html

<http://www.topbits.com/how-unix-and-windows-traceroutes-differ.html>Br
Jimmy


2010/6/11 Piotr Kaluzny <[email protected]>

Jimmy,

ICMP_OBJ group covers Unix traceroute. It uses ICMP Type 3 Code 3 (Port
Unreachable) and ICMP Type 11 Code 0 (Time Exceeded; TTL exceeded in
transit).

Cheers,
Piotr K


On Fri, Jun 11, 2010 at 8:36 AM, Jimmy Larsson <[email protected]>wrote:

Hi!

In Lab 18 task 1.6 we should allow unix-style traceroute thru the ASA. DSG
opens icmp-traffic but as far as I know unix-style traceroute uses
udp-ports. What am I missing here?

Br Jimmy


--
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------

_______________________________________________
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com



--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com




--
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------
-------------- next part --------------
An HTML attachment was scrubbed...

URL:<http://onlinestudylist.com/pipermail/ccie_security/attachments/20100611/a161514a/attachment-0001.html>

------------------------------

Message: 3
Date: Fri, 11 Jun 2010 13:46:25 +0530
From: Vybhav Ramachandran <[email protected]>
To: OSL Security <[email protected]>
Subject: [OSL | CCIE_Security] Troubleshooting
Message-ID:
        <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"

Hello All,

In the lab, will we have a dedicated troubleshooting section or will the
troubleshooting questions be mixed in with the confioguration questions.

Also,i'm having problems with the (B) labs in the vol1 workbook. I am able
to identify the problems , but still soemtimes i'm unable to get it to work.
Does anyone else face this issue or is it just me.

Cheers,
TacACK
-------------- next part --------------
An HTML attachment was scrubbed...

URL:<http://onlinestudylist.com/pipermail/ccie_security/attachments/20100611/c2cb9f00/attachment-0001.html>

------------------------------

Message: 4
Date: Fri, 11 Jun 2010 10:19:32 +0200
From: Piotr Kaluzny <[email protected]>
To: Jimmy Larsson <[email protected]>
Cc: OSL Security <[email protected]>
Subject: Re: [OSL | CCIE_Security] Traceroute unix-style?
Message-ID:
        <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"

Unix-based traceroute sends UDP probes (Port Unreachable is expected to be
received from the end device), whereas Windows-based sends ICMP Echo
Requests (expects Echo Replies from the end device).

Regards,
Piotr K

On Fri, Jun 11, 2010 at 10:08 AM, Jimmy Larsson <[email protected]> wrote:

But then, whats the difference between unix and windows traceroute
according to port/protocol usage?

http://en.wikipedia.org/wiki/Traceroute

http://www.topbits.com/how-unix-and-windows-traceroutes-differ.html

<http://www.topbits.com/how-unix-and-windows-traceroutes-differ.html>Br
Jimmy


2010/6/11 Piotr Kaluzny <[email protected]>

Jimmy,


ICMP_OBJ group covers Unix traceroute. It uses ICMP Type 3 Code 3 (Port
Unreachable) and ICMP Type 11 Code 0 (Time Exceeded; TTL exceeded in
transit).

Cheers,
Piotr K


 On Fri, Jun 11, 2010 at 8:36 AM, Jimmy Larsson <[email protected]>wrote:

 Hi!

In Lab 18 task 1.6 we should allow unix-style traceroute thru the ASA.
DSG opens icmp-traffic but as far as I know unix-style traceroute uses
udp-ports. What am I missing here?

 Br Jimmy


--
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------

_______________________________________________
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com



--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com




--
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------




--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
-------------- next part --------------
An HTML attachment was scrubbed...

URL:<http://onlinestudylist.com/pipermail/ccie_security/attachments/20100611/75f8c8f1/attachment-0001.html>


------------------------------

Message: 5
Date: Fri, 11 Jun 2010 10:48:13 +0200
From: Jimmy Larsson <[email protected]>
To: Piotr Kaluzny <[email protected]>
Cc: OSL Security <[email protected]>
Subject: Re: [OSL | CCIE_Security] Traceroute unix-style?
Message-ID:
        <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"

Thats exactly my point. So why does DSG open for ICMP-traffic, not UDP?

/Jimmy

2010/6/11 Piotr Kaluzny <[email protected]>

Unix-based traceroute sends UDP probes (Port Unreachable is expected to be
received from the end device), whereas Windows-based sends ICMP Echo
Requests (expects Echo Replies from the end device).

Regards,
Piotr K



On Fri, Jun 11, 2010 at 10:08 AM, Jimmy Larsson <[email protected]>wrote:

But then, whats the difference between unix and windows traceroute
according to port/protocol usage?

http://en.wikipedia.org/wiki/Traceroute

http://www.topbits.com/how-unix-and-windows-traceroutes-differ.html

<http://www.topbits.com/how-unix-and-windows-traceroutes-differ.html>Br
Jimmy


2010/6/11 Piotr Kaluzny <[email protected]>

Jimmy,


ICMP_OBJ group covers Unix traceroute. It uses ICMP Type 3 Code 3 (Port
Unreachable) and ICMP Type 11 Code 0 (Time Exceeded; TTL exceeded in
transit).

Cheers,
Piotr K

On Fri, Jun 11, 2010 at 8:36 AM, Jimmy Larsson<[email protected]>wrote:

 Hi!

In Lab 18 task 1.6 we should allow unix-style traceroute thru the ASA.
DSG opens icmp-traffic but as far as I know unix-style traceroute uses
udp-ports. What am I missing here?

 Br Jimmy


--
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------

_______________________________________________
For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com



--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com




--
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------




--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com




--
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------
-------------- next part --------------
An HTML attachment was scrubbed...

URL:<http://onlinestudylist.com/pipermail/ccie_security/attachments/20100611/628c8868/attachment.html>


End of CCIE_Security Digest, Vol 48, Issue 67
*********************************************





_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Security] CCIE_Security Digest, Vol 48, Issue 67

Reply via email to