07-30-2007 03:47 AM - edited 03-03-2019 06:05 PM
HI Guys,
How can I know why CBAC drops a packet. For example, the log I recieve for a dropped packet is
.Jul 30 11:42:01: %FW-6-DROP_PKT: Dropping tcp pkt 191.147.27.13:42423 => 111.136.132.36:80
(IP addresses have been changed)
How can I know why this packet was dropped?
The partial config that resulted in the above log is as below
ip inspect log drp-pkt
int fa0/1
ip inspect name myfw out
Since the inspection is in the outbound direction , what does the log mean, in which direction was the packet transiting when it was dropped? Does the log mean the dropped packet had a source of 191.147.27.13 or is it merely a session indicator like
packet of session 191.147.27.13=>111.136.132.36 dropped?
Thanks
08-03-2007 05:49 AM
I think CBAC inspects packet sequence numbers in TCP connections to verify that they are within expected ranges; CBAC drops any suspicious packets.
08-03-2007 06:03 AM
cbac does do that and also drops packets it feels are part of an attack.however, the IOS doesnt give me any information (or I dont know how to get it) on why it dropped a particular packet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide