From: gladston@br.ibm.com
Date: Wed Jun 29 2005 - 15:53:58 GMT-3
Hi,
Cisco pages does not say it and Deal's book neither, but tests show 'ip tcp intercept connection-timeout' only works for Intercept mode.
Do you get the same result?
*Mar 1 07:03:23: INTERCEPT: new connection (148.5.14.4:11060 SYN -> 150.100.1.254:23)
*Mar 1 07:03:23: INTERCEPT(*): (148.5.14.4:11060 <- ACK+SYN 150.100.1.254:23)
*Mar 1 07:03:23: INTERCEPT: 1st half of connection is established (148.5.14.4:11060 ACK -> 150.100.1.254:23)
*Mar 1 07:03:23: INTERCEPT(*): (148.5.14.4:11060 SYN -> 150.100.1.254:23)
*Mar 1 07:03:23: INTERCEPT: 2nd half of connection established (148.5.14.4:11060 <- ACK+SYN 150.100.1.254:23)
*Mar 1 07:03:23: INTERCEPT(*): (148.5.14.4:11060 ACK -> 150.100.1.254:23)
*Mar 1 07:03:23: INTERCEPT(*): (148.5.14.4:11060 <- WINDOW 150.100.1.254:23)
*Mar 1 07:03:56: INTERCEPT: ESTAB timing out (148.5.14.4:11060 <-> 150.100.1.254:23)
*Mar 1 07:03:56: INTERCEPT(*): (148.5.14.4:11060 <- RST 150.100.1.254:23)
*Mar 1 07:03:56: INTERCEPT(*): (148.5.14.4:11060 RST -> 150.100.1.254:23)
Rack2R1(config)#ip tcp intercept mode watch
*Mar 1 07:06:46: INTERCEPT: new connection (148.5.14.4:11063 SYN -> 150.100.1.2
54:23)
*Mar 1 07:06:46: INTERCEPT: (148.5.14.4:11063 <- ACK+SYN 150.100.1.254:23)
*Mar 1 07:06:46: INTERCEPT: (148.5.14.4:11063 ACK -> 150.100.1.254:23)
The connection is never timeout when configured for watch mode.
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:45 GMT-3