Good one - http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6723/prod_white_paper0900aecd803936f6.html
With regagrds Kings On Mon, Jun 13, 2011 at 12:02 AM, Jim Terry <[email protected]> wrote: > Hi all, > > I am catching up on email and ran across this one on FPM. Where did you > run across: > > match field tcp 'control-bits' eq 2 mask 0x3d > > I dont see control-bits as a key word in the config guide > > ( > http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_flex_pack_match_ps6441_TSD_Products_Configuration_Guide_Chapter.html > ) > Thanks, > > JT > > > On Thu, Jun 2, 2011 at 11:59 PM, Kingsley Charles < > [email protected]> wrote: > >> You are using match-all which makes to match a packet with both SYN and >> FIN. Split them and also use mask 0x3E for FIN >> >> class-map type access-control match-all SYN >> match field TCP dest-port eq 80 >> match field tcp control-bits eq 2 mask 0x3D >> >> class-map type access-control match-all FILTER >> match field TCP dest-port eq 80 >> match field tcp control-bits eq 1 mask 0x3E >> >> >> >> With regards >> Kings >> >> On Thu, Jun 2, 2011 at 8:20 PM, Bruno <[email protected]> wrote: >> >>> Check this statement >>> >>> class-map type access-control match-all FILTER >>> match field TCP dest-port eq 80 >>> match field tcp control-bits eq 2 mask 0x3D >>> match field tcp control-bits eq 1 mask 0x3D >>> >>> Will this catch either SYN OR FIN and other bits could be set as well? Is >>> that right? >>> -- >>> Bruno Fagioli (by Jaunty Jackalope) >>> Cisco Security Professional >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com <http://www.platinumplacement.com/> >>> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com <http://www.platinumplacement.com/> >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
