Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
359
Views
0
Helpful
2
Replies

cbac debugging

luqmankondeth
Level 1
Level 1

‎07-30-2007 03:47 AM - edited ‎03-03-2019 06:05 PM

HI Guys,

How can I know why CBAC drops a packet. For example, the log I recieve for a dropped packet is

.Jul 30 11:42:01: %FW-6-DROP_PKT: Dropping tcp pkt 191.147.27.13:42423 => 111.136.132.36:80

(IP addresses have been changed)

How can I know why this packet was dropped?

The partial config that resulted in the above log is as below

ip inspect log drp-pkt

int fa0/1

ip inspect name myfw out

Since the inspection is in the outbound direction , what does the log mean, in which direction was the packet transiting when it was dropped? Does the log mean the dropped packet had a source of 191.147.27.13 or is it merely a session indicator like

packet of session 191.147.27.13=>111.136.132.36 dropped?

Thanks

Labels:
0 Helpful
2 Replies 2

fmeetz
Level 4
Level 4

‎08-03-2007 05:49 AM

I think CBAC inspects packet sequence numbers in TCP connections to verify that they are within expected ranges; CBAC drops any suspicious packets.

0 Helpful

luqmankondeth
Level 1
Level 1
In response to fmeetz

‎08-03-2007 06:03 AM

cbac does do that and also drops packets it feels are part of an attack.however, the IOS doesnt give me any information (or I dont know how to get it) on why it dropped a particular packet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card