Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Cisco: NSP Capture expressions on an FWSM (was Re: Telnet FROM a PIX Appliance?)   Index | Next | Previous | View Flat

sam_mailinglists at spacething Jun 30, 2008, 9:54 AM Views: 505 Permalink Capture expressions on an FWSM (was Re: Telnet FROM a PIX Appliance?) Tony Varriale wrote: > Any chance you could give the group more details before saying it > can't be trusted? > I'm afraid I don't have any concrete details to add, but I've found capture expressions on Firewall Service Modules to be quite inconsistent. Presumably this is something to do with the modules interaction with the chassis? I haven't had the time to lab this, and I haven't always had problems, but I now generally work to the mantra that "the absence of a packet in an FWSM capture is not proof that the packet does not exist, but the presence of a packet in a capture does prove it's existence". Perhaps there is a cisco documentation on this, listing known caveats and limitations? Sam > tv > ----- Original Message ----- From: "Higham, Josh" <jhigham[at]epri.com> > To: <cisco-nsp[at]puck.nether.net> > Sent: Monday, June 30, 2008 10:41 AM > Subject: Re: [c-nsp] Telnet FROM a PIX Appliance? > > >>> [mailto:cisco-nsp-bounces[at]puck.nether.net] On Behalf Of Ziv Leyes >>> >>> I guess it's more as a "working right" educational purpose, >>> so you won't use your firewall as a debugging client. >>> In newer versions there's the packet tracker that can help >>> you debug connectivity problems. >>> Ziv >> >> As an FYI, the ASA/Pix packet capture cannot currently be completely >> trusted (version 8.0). I found an annoying bug where I would capture >> the frame on a span session monitoring the port connected to the >> firewall, but it wouldn't show up on the firewall capture. >> >> The packet in question was also being dropped by the firewall, but with >> no logging (and with a permit ip any any rule in place). The 'fix' was >> to apply a nat translation and then remove it. TAC was completely >> unhelpful (worst ever TAC experience). >> >> Blocking outbound sessions on the firewall also means that it can't be >> used to bounce an attack, if compromised. >> >> Thanks, >> Josh > _______________________________________________ cisco-nsp mailing list cisco-nsp[at]puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Subject User Time Capture expressions on an FWSM (was Re: Telnet FROM a PIX Appliance?) sam_mailinglists at spacething Jun 30, 2008, 9:54 AM     Re: Capture expressions on an FWSM (was Re: Telnet FROM a PIX Appliance?) jhigham at epri Jul 1, 2008, 9:06 AM     Re: Capture expressions on an FWSM (was Re: Telnet FROM a PIX Appliance?) ayourtch at gmail Jul 2, 2008, 2:19 AM

Index | Next | Previous | View Flat   Cisco     BBA     NAS     NSP     uBR     VOIP

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.