The use of the mask is to ensure that bit 2 is the only bit inspected. Let me try this. Supposing you wanted to match all connection entering your device. To do that you have to make sure that SYN bit is set and ACK bit NOT set. If you only see the bit SYN set but no inspect the ACK bit, it could be a new connection entering or a connection being acked initiated from inside that is receiving its ACK now. So, with mask you can make sure that each bit is the way you want they are
On Tue, Aug 24, 2010 at 1:49 PM, Vybhav Ramachandran <[email protected]>wrote: > Oh sorry..my bad :) Ok, but what's the use of the "mask " keyword. > > Thanks and Cheers, > TacACK > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
