Giuseppe Larosa Sun, 08/31/2008 - 22:02
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ranil,

MSS is a parameter that is negotiated by the two endpoints during TCP setup I think this would require deep packet inspection like in a stateful firewall or at least IOS feature set.

If you want to troubleshoot a TCP session with a router you can use the debug tcp command.

ACLs allow for the keyword established that check the SYN flag.

Hope to help


rsgamage1 Sun, 08/31/2008 - 23:58
User Badges:
  • Bronze, 100 points or more

Hi Giuseppe,

Thanks a lot for the confirmation. I was thinking of stateful inspection too.

And I've tried already with TCP flags which doesn't say much about it's options.

Wouldn't want to enable debug TCP also, as it will be quite resource intensive. Perhaps, with an ACL it'd try debugging IP packets.

Other choice would be to export IP traffic(ip traffic-export) and analyze on the fly. What is your experience with regard to ip traffic-export? Haven't used it so far and would like to have some thoughts.

Many thanks,


This Discussion