TCP reset

Answered Question
Aug 29th, 2008
User Badges:

I am unable to configure the TCP Reset on my IPS 4255 in Promiscous mode.


I have declare one interface of 0/0 IPS as tcp reset, for interface gig 0/1.


but still not working. Please tell me how to configure and how to verify the configuration.

Correct Answer by Farrukh Haroon about 8 years 8 months ago

Make a custom STRING TCP signature direction 'to server' for Telnet (Port 23). Match on any string like 'abcd'. Now telnet on the SPANNED vlan, and then try to type abcd. as soon as you type 'd' (the last letter) your telnet connection will get stuck :)


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Farrukh Haroon Fri, 08/29/2008 - 12:02
User Badges:
  • Red, 2250 points or more

Did you add the ingress keyword on the switch? Can you post your SPAN configs?


Regards


Farrukh

wasiimcisco Sat, 08/30/2008 - 06:24
User Badges:

Please see the span configuraiton,


monitor session 1 source interface Gi1/0/1

monitor session 1 destination interface Gi1/0/5


now when i try to give the ingress keyword it gave me error of incomplete command error.


dot1q ingress forwarding using dot1q encapsulation

isl ingress forwarding using isl encapsulation

untagged ingress forwarding using untagged encapsulation

vlan Set default VLAN for untagged ingress traffic


I have only one VLN 1 and 13 as native VLAN on my switch.


All switch ports are member of VLAN 1.


Switch is trunk with other switch


PDC-OUT-3750-1#sh interfaces trun

PDC-OUT-3750-1#sh interfaces trunk


Port Mode Encapsulation Status Native vlan

Po1 on 802.1q trunking 13


Port Vlans allowed on trunk

Po1 1-4094


Port Vlans allowed and active in management domain

Po1 1,13


Port Vlans in spanning tree forwarding state and not pruned


Please let me know which option to select after ingress.


I will be very greatful to you.



wasiimcisco Sat, 08/30/2008 - 10:02
User Badges:

Thanks for the reply, but please let me know how the verify that the tcp reset is working. I have signature that has action configured to rest tcp connection.


but how can i verify that tcp rest is working.

Correct Answer
Farrukh Haroon Sat, 08/30/2008 - 10:16
User Badges:
  • Red, 2250 points or more

Make a custom STRING TCP signature direction 'to server' for Telnet (Port 23). Match on any string like 'abcd'. Now telnet on the SPANNED vlan, and then try to type abcd. as soon as you type 'd' (the last letter) your telnet connection will get stuck :)


Regards


Farrukh

Actions

This Discussion