The question should have stated FPM not NBAR. I have updated the question to be titled "Flexible Packet Matching" instead of MQC using NBAR.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: tsc...@ipexpert.com Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: ccie_security-boun...@onlinestudylist.com [mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Yogesh Gawankar Sent: Monday, September 13, 2010 1:09 AM To: OSL Security; Vybhav Ramachandran Subject: Re: [OSL | CCIE_Security] IPexpert Vol 1 , Lab 7A , Task 7.13 Ok Thx. In that case I feel we need to use Nbar if the question mentions it but maybe somebody else can shed more light on this. Speaking of nbar does anyone have any tips on engaging the nbar engine without the IOS crashing? Thanks and regards Yogesh Gawankar --- On Mon, 9/13/10, Vybhav Ramachandran <tac...@tacack.com> wrote: From: Vybhav Ramachandran <tac...@tacack.com> Subject: Re: [OSL | CCIE_Security] IPexpert Vol 1 , Lab 7A , Task 7.13 To: "Yogesh Gawankar" <yogesh...@yahoo.com>, "OSL Security" <ccie_security@onlinestudylist.com> Date: Monday, September 13, 2010, 2:23 PM Hello Yogesh, Well FPM is by far the most detailed method to match payload in the traffic , but i think NBAR could also be used to perform some crude payload matching. For example , suppose we want to match traffic destined to port UDP 6060 which has the hex string "98AB" at an offset of 6 bytes from the start of the packet, we could define a custom protocol and configure it to match the string , like this: # ip nbar custom <NAME OF THE CUSTOM PROTOCOL> 6 hex 98AB destination udp 6060. This definitely is not as powerful as FPM in the sense that, for defining a custom NBAR protocol , we need to know the TCP or UDP ports that the traffic is destined for. It's not as flexible as FPM. My question was, since the question mentioned NBAR , are we allowed to use FPM as our matching technique? If yes, great :) Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
