Hi all, I am catching up on email and ran across this one on FPM. Where did you run across:
match field tcp 'control-bits' eq 2 mask 0x3d I dont see control-bits as a key word in the config guide ( http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_flex_pack_match_ps6441_TSD_Products_Configuration_Guide_Chapter.html ) Thanks, JT On Thu, Jun 2, 2011 at 11:59 PM, Kingsley Charles < [email protected]> wrote: > You are using match-all which makes to match a packet with both SYN and > FIN. Split them and also use mask 0x3E for FIN > > class-map type access-control match-all SYN > match field TCP dest-port eq 80 > match field tcp control-bits eq 2 mask 0x3D > > class-map type access-control match-all FILTER > match field TCP dest-port eq 80 > match field tcp control-bits eq 1 mask 0x3E > > > > With regards > Kings > > On Thu, Jun 2, 2011 at 8:20 PM, Bruno <[email protected]> wrote: > >> Check this statement >> >> class-map type access-control match-all FILTER >> match field TCP dest-port eq 80 >> match field tcp control-bits eq 2 mask 0x3D >> match field tcp control-bits eq 1 mask 0x3D >> >> Will this catch either SYN OR FIN and other bits could be set as well? Is >> that right? >> -- >> Bruno Fagioli (by Jaunty Jackalope) >> Cisco Security Professional >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com <http://www.platinumplacement.com/> >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
