Re: ip tcp intercept watch-timeout <#of seconds>

From: ccie2be (ccie2be@nyc.rr.com)
Date: Thu Jan 06 2005 - 19:31:17 GMT-3

• Next message: Mark Lasarko: "RE: curious..."
• Previous message: ccie2be: "Re: Opinions wanted [bcc][faked-from][bayes]"
• Maybe in reply to: ccie2be: "ip tcp intercept watch-timeout <#of seconds>"
• Next in thread: Mark Lasarko: "Re: ip tcp intercept watch-timeout <#of seconds>"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hmmm, you may be right but this is what the documentation says:

"By default, the software waits for 30 seconds for a watched connection to
reach established state before sending a Reset to the server. To change this
value, use the following command in global configuration mode: "

By saying the router waits 30 seconds "to reach established state", that
could apply to either intercept or watch mode, couldn't it?

At least, that must mean the router is waiting for the third "leg" of the
tcp handshake, so I don't think that since the router

immediately sends a syn-ack infers the answer to this, but I'm not sure.

----- Original Message -----
From: "Mark Lasarko" <mlasarko@co.ba.md.us>
To: <ccielab@groupstudy.com>; <ccie2be@nyc.rr.com>
Sent: Thursday, January 06, 2005 5:18 PM
Subject: Re: ip tcp intercept watch-timeout <#of seconds>

> Greetings Tim,
>
> I think this command only applies to the watch mode because as I
> understand it, in (default) intercept mode, the router automatically
> responds to the SYN request immediately on behalf of the host via
> SYN-ACK, and waits for an ACK from the client before allowing the
> connection through.
>
> Therefore I do not believe this setting would be applicable to
> intercept mode, only passive/watch since in intercept mode there is
> nothing, no SYN open... that is, to "watch".
>
> Make sense?
>
> Please somebody correct me if I am wrong - I might have some configs to
> update :)
>
> Best,
> ~M
>
>
> >>> "ccie2be" <ccie2be@nyc.rr.com> 1/6/2005 4:55:45 PM >>>
>
> Hi guys,
>
> Does the above command apply to both tcp intercept modes: intercept
> and
> watch, or just the watch mode?
>
> TIA, Tim
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Mark Lasarko: "RE: curious..."
• Previous message: ccie2be: "Re: Opinions wanted [bcc][faked-from][bayes]"
• Maybe in reply to: ccie2be: "ip tcp intercept watch-timeout <#of seconds>"
• Next in thread: Mark Lasarko: "Re: ip tcp intercept watch-timeout <#of seconds>"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:19 GMT-3