Thank you everyone. This white paper is the other key! JT
On Sun, Jun 12, 2011 at 10:15 PM, Kingsley Charles < [email protected]> wrote: > Good one - > http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6723/prod_white_paper0900aecd803936f6.html > > With regagrds > Kings > > > On Mon, Jun 13, 2011 at 12:02 AM, Jim Terry <[email protected]> wrote: > >> Hi all, >> >> I am catching up on email and ran across this one on FPM. Where did you >> run across: >> >> match field tcp 'control-bits' eq 2 mask 0x3d >> >> I dont see control-bits as a key word in the config guide >> >> ( >> http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_flex_pack_match_ps6441_TSD_Products_Configuration_Guide_Chapter.html >> ) >> Thanks, >> >> JT >> >> >> On Thu, Jun 2, 2011 at 11:59 PM, Kingsley Charles < >> [email protected]> wrote: >> >>> You are using match-all which makes to match a packet with both SYN and >>> FIN. Split them and also use mask 0x3E for FIN >>> >>> class-map type access-control match-all SYN >>> match field TCP dest-port eq 80 >>> match field tcp control-bits eq 2 mask 0x3D >>> >>> class-map type access-control match-all FILTER >>> match field TCP dest-port eq 80 >>> match field tcp control-bits eq 1 mask 0x3E >>> >>> >>> >>> With regards >>> Kings >>> >>> On Thu, Jun 2, 2011 at 8:20 PM, Bruno <[email protected]> wrote: >>> >>>> Check this statement >>>> >>>> class-map type access-control match-all FILTER >>>> match field TCP dest-port eq 80 >>>> match field tcp control-bits eq 2 mask 0x3D >>>> match field tcp control-bits eq 1 mask 0x3D >>>> >>>> Will this catch either SYN OR FIN and other bits could be set as well? >>>> Is that right? >>>> -- >>>> Bruno Fagioli (by Jaunty Jackalope) >>>> Cisco Security Professional >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, >>>> please visit www.ipexpert.com >>>> >>>> Are you a CCNP or CCIE and looking for a job? Check out >>>> www.PlatinumPlacement.com <http://www.platinumplacement.com/> >>>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com <http://www.platinumplacement.com/> >>> >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
