From: Church, Chuck (cchurch@wamnetgov.com)
Date: Tue Apr 27 2004 - 15:06:53 GMT-3
What does the exact log message look like? What are the source and
destination devices involved? Turn off fast switching on the hub
router. Create an access list that matches bidirectional traffic
between these two devices 'permit ip host x host y' and 'permit ip host
y host x'. Then do a 'deb ip packet dump Z' where Z is the number of
the extended access-list. What does the debug then show you? Anything
interesting? Careful about the debug, it's processor-intensive. Be
ready with a 'u all'.
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Wam!Net Government Services - Design & Implementation Team
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnetgov.com
PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.
com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
yuki hisano
Sent: Tuesday, April 27, 2004 12:34 PM
To: ccielab@groupstudy.com
Subject: RE: Port 0 Filter (Repost)
Chuck, Jonathan, and else,
I am sorry that my explanation was not clear enough. I thought what I
was asking was something well known to most of the guys on the list.
Here is the better explanation;
There is a private Hub-Spoke frame-relay network associated with one hub
and
7 spoke locations.
There are two Spoke sites generating a lot of traffic to each other.
These two sites send traffic to other sites as well although the amount
is less in comparison.
I hooked some access-list just to see what type of port number it is
using.
The result is like this:
source: 192.168.X.X (0) destination 192.168.X.X (0) (they are either
TCP or
UDP)
The number in parethesis is my question. Usually I find 445, 69, 25, 80
etc.
But I went ahead and deny port 0 with access-lists and it was
unsuccessful.
I have tried:
access-list 113 deny tcp any any eq 0
access-list 113 deny udp any any eq 0
access-list 113 permit ip any any
and,
access-list 113 deny tcp any eq 0 any
access-list 113 deny tcp any any eq 0
access-list 113 deny udp any eq 0 any
access-list 113 deny udp any any eq 0
access-list 113 permit ip any any
and,
access-list 113 permit tcp any any gt 0 lt 65535 access-list 113 permit
tcp any gt 0 lt 65535 any access-list 113 permit udp any any gt 0 lt
65535 access-list 113 permit udp any gt 0 lt 65535 any access-list 113
deny tcp any any access-list 113 deny udp any any access-list 113 permit
ip any any
all of the above did not work.
I am kind of stuck and doesnt seem to go anywhere with my knowledge.
Does this explain good enough?
Thanks for your help!
Yuki
>From: "Jonathan Hays" <nomad@gfoyle.org>
>Reply-To: "Jonathan Hays" <nomad@gfoyle.org>
>To: <ccielab@groupstudy.com>
>Subject: RE: Port 0 Filter (Repost)
>Date: Tue, 27 Apr 2004 09:44:20 -0400
>
>you wrote:
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> >Of yuki hisano
> >Sent: Tuesday, April 27, 2004 8:36 AM
> >To: ccielab@groupstudy.com
> >Subject: Port 0 Filter (Repost)
> >
> >
> >Hi,
> >
> >I am posting this again since I had only one response and did not
> >solve the prob.
> >
> >Is there any ways to filter port "0"ed traffic ??
> >
> >
> >Thanks.
> >
> >Yuki
>= = =
>
>In my opinion you did not provide enough information for a
>knowledgeable network engineer to even make a wild guess at your
problem.
>
>1. Describe the relevant network topology 2. Provide a sniffer or debug
>trace of the problem packets 3. Post sanitized configurations 4. Or at
>least describe the problem in more detail.
>
>While you're at it, you might read this:
>
>http://www.catb.org/~esr/faqs/smart-questions.html
>
>-Jonathan
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:56 GMT-3