Ok Thx. In that case I feel we need to use Nbar if the question mentions it but maybe somebody else can shed more light on this. Speaking of nbar does anyone have any tips on engaging the nbar engine without the IOS crashing?
Thanks and regards Yogesh Gawankar --- On Mon, 9/13/10, Vybhav Ramachandran <[email protected]> wrote: From: Vybhav Ramachandran <[email protected]> Subject: Re: [OSL | CCIE_Security] IPexpert Vol 1 , Lab 7A , Task 7.13 To: "Yogesh Gawankar" <[email protected]>, "OSL Security" <[email protected]> Date: Monday, September 13, 2010, 2:23 PM Hello Yogesh, Well FPM is by far the most detailed method to match payload in the traffic , but i think NBAR could also be used to perform some crude payload matching. For example , suppose we want to match traffic destined to port UDP 6060 which has the hex string "98AB" at an offset of 6 bytes from the start of the packet, we could define a custom protocol and configure it to match the string , like this: # ip nbar custom <NAME OF THE CUSTOM PROTOCOL> 6 hex 98AB destination udp 6060. This definitely is not as powerful as FPM in the sense that, for defining a custom NBAR protocol , we need to know the TCP or UDP ports that the traffic is destined for. It's not as flexible as FPM. My question was, since the question mentioned NBAR , are we allowed to use FPM as our matching technique? If yes, great :) Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
