cbac debugging

Unanswered Question
Jul 30th, 2007
User Badges:

HI Guys,

How can I know why CBAC drops a packet. For example, the log I recieve for a dropped packet is

.Jul 30 11:42:01: %FW-6-DROP_PKT: Dropping tcp pkt =>

(IP addresses have been changed)

How can I know why this packet was dropped?

The partial config that resulted in the above log is as below

ip inspect log drp-pkt

int fa0/1

ip inspect name myfw out

Since the inspection is in the outbound direction , what does the log mean, in which direction was the packet transiting when it was dropped? Does the log mean the dropped packet had a source of or is it merely a session indicator like

packet of session> dropped?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
fmeetz Fri, 08/03/2007 - 05:49
User Badges:
  • Bronze, 100 points or more

I think CBAC inspects packet sequence numbers in TCP connections to verify that they are within expected ranges; CBAC drops any suspicious packets.

luqmankondeth Fri, 08/03/2007 - 06:03
User Badges:

cbac does do that and also drops packets it feels are part of an attack.however, the IOS doesnt give me any information (or I dont know how to get it) on why it dropped a particular packet.


This Discussion