Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

cbac debugging

HI Guys,

How can I know why CBAC drops a packet. For example, the log I recieve for a dropped packet is

.Jul 30 11:42:01: %FW-6-DROP_PKT: Dropping tcp pkt 191.147.27.13:42423 => 111.136.132.36:80

(IP addresses have been changed)

How can I know why this packet was dropped?

The partial config that resulted in the above log is as below

ip inspect log drp-pkt

int fa0/1

ip inspect name myfw out

Since the inspection is in the outbound direction , what does the log mean, in which direction was the packet transiting when it was dropped? Does the log mean the dropped packet had a source of 191.147.27.13 or is it merely a session indicator like

packet of session 191.147.27.13=>111.136.132.36 dropped?

Thanks

2 REPLIES
Bronze

Re: cbac debugging

I think CBAC inspects packet sequence numbers in TCP connections to verify that they are within expected ranges; CBAC drops any suspicious packets.

New Member

Re: cbac debugging

cbac does do that and also drops packets it feels are part of an attack.however, the IOS doesnt give me any information (or I dont know how to get it) on why it dropped a particular packet.

132
Views
0
Helpful
2
Replies