But I don't think so it will work, if you want to match either SYN and FIN. Also the mask for matching FIN flag is wrong.
With regards Kings On Fri, Jun 3, 2011 at 6:56 PM, Bruno <[email protected]> wrote: > Agree King. > But that`s what I saw configured and wanted to understand as it is > It seems to match either SYN and FIN at the same packet. I didn't > understand > > > On Fri, Jun 3, 2011 at 2:59 AM, Kingsley Charles < > [email protected]> wrote: > >> You are using match-all which makes to match a packet with both SYN and >> FIN. Split them and also use mask 0x3E for FIN >> >> class-map type access-control match-all SYN >> >> match field TCP dest-port eq 80 >> match field tcp control-bits eq 2 mask 0x3D >> >> class-map type access-control match-all FILTER >> match field TCP dest-port eq 80 >> match field tcp control-bits eq 1 mask 0x3E >> >> >> >> With regards >> Kings >> >> On Thu, Jun 2, 2011 at 8:20 PM, Bruno <[email protected]> wrote: >> >>> Check this statement >>> >>> class-map type access-control match-all FILTER >>> match field TCP dest-port eq 80 >>> match field tcp control-bits eq 2 mask 0x3D >>> match field tcp control-bits eq 1 mask 0x3D >>> >>> Will this catch either SYN OR FIN and other bits could be set as well? Is >>> that right? >>> -- >>> Bruno Fagioli (by Jaunty Jackalope) >>> Cisco Security Professional >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >> >> > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
