Yeah, I had to use string instead. How did people do when they wanted to match something on the end of the packet? Curious Maybe having more than one match statements with payload-start offset at 0 on the first and 256 on second and so forth
Anyway, good to know that 15T is able to sweep the entire packet at once. Thanks Tyson On Fri, Feb 25, 2011 at 12:49 PM, Tyson Scott <[email protected]> wrote: > 12.4T only supports looking 256 bytes into a packet. What you are trying > to do isn't supported until 15T I think. change your size to <256. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Bruno > *Sent:* Friday, February 25, 2011 9:10 AM > *To:* CCIE Security Maillist > *Subject:* [OSL | CCIE_Security] Just to understand - FPM > > > > Running FPM. Why this error? > > class-map type access-control match-all cm1 > match field TCP dest-port eq 23 > match start TCP payload-start offset 0 size 1460 regex ".*cisco.*" > *Error - regular expression search space > 256 is not supported* > > I could get this done doing by string instead > class-map type access-control match-all cm1 > match field TCP dest-port eq 23 > match start TCP payload-start offset 0 size 1460 string "cisco" > > This worked fine. > > Class-map: cm1 (match-all) > 21 packets, 1272 bytes > 5 minute offered rate 0 bps > Match: field TCP dest-port eq 23 > Match: start TCP payload-start offset 0 size 1460 string "cisco" > > Just wonder why regex could not go through the whole packet > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
