From: Thomwin Chen (thomwin_chen@yahoo.com)
Date: Thu Aug 18 2005 - 22:53:39 GMT-3
Hi Tim,
sorry if I have disturbing you highly :)
actually, I just curious about this so I decided to test it.
I send you the previous discussion about this.
actually, this is a pretty easy to test. you only need a box of Cisco router with 2 Ethernet.
one interface headed to your LAN, the other one headed to your Laptop with crossover cable.
this test also bring another conclusion.
in matching mime, you can't match only the jpg file.
once you put match protocol http mime "image/jpeg" all of <jpeg,jpg,jpe,jfif,pjpeg,pjp> will be matched.
and also about matching the other mime, I think the correct way is to use the second column rather than the third column on http://www.sfsu.edu/training/mimetype.htm
example :
to match bin file --->> match protocol http mime "application/octet-stream"
and not match protocol http mime "*bin"
Thanks Scott !
Rgds,
Thomwin
<previous>
Grab a copy of Ethereal (sniffer) and capture the packets of your web
traffic. Now go look inside the packets.
Regardless of the URL you go to (which would match on the URL string part),
a web page is returned in chunks. One piece at a time. Each piece that
comes in will reflect the original URL information, but will contain
sub-pieces such as filename and MIME type (in order to tell the browser what
piece of code or plug-in to use in order to view it). This MIME type will
be the designator.
Check out http://www.sfsu.edu/training/mimetype.htm for a list of MIMEs.
You should get multiple file extensions that are considered the same MIME
type (.jpe, .jpg and.jpeg are common for JPEG type files)...
URL matches what you type in the browser. MIME matches what pieces actually
come in.
HTH,
Scott
-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Edwards, Andrew M
Sent: Friday, August 05, 2005 1:55 PM
To: ccielab@xxxxxxxxxxxxxx
Subject: Need another set of eyes... Mqc matching mime types
Okay, I labbed this up to my PC at home and did some testing. Hopefully
someone can shed some more light on the match protocol http options.
I need to understand why BOTH embedded jpeg images and URL jpeg images
(*.jpeg/*.jpg) are matched with the "match protocol http mime image/jpeg"
I was expecting only embedded jpeg images to match, not jpeg images with as
a string in the URL. Afterall, isn't that what match protocol http URL is
for?
Here's the config I used:
class-map match-any mime
match protocol http mime "image/jpeg"
policy-map qos
class mime
set ip precedence 2
int s0/0
service in qos
Here is what I did:
Opened web browser to http://www.google.com select "images" at the top
search for cisco match counters increment as embedded jpeg results were
returned to the
search page. This makes sense!
Then, I selected a jpeg image from the search results.
At this point, I was going to download the jpeg, so I cleared the counters
for the policy-map and selected the jpeg image to download.
The download began with *.jpeg/*.jpg in the URL string. The string is as
follows:
http://users.757.org/~ethan/pics/2-ebay/selling/cisco/cisco2.jpg
And checking the match counters I noticed they incremented on matching mime
types when *.jpg was in the URL Does this mean that a match on MIME types
will match on embedded images AND the string URL?
The following shows the counters:
Serial0/0
Service-policy input: qos
Class-map: mime (match-any)
40 packets, 60160 bytes
5 minute offered rate 4000 bps, drop rate 0 bps
Match: protocol http mime "image/jpeg"
40 packets, 60160 bytes
5 minute rate 4000 bps
QoS Set
precedence 2
Packets marked 40
Class-map: class-default (match-any)
4 packets, 556 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
</previous>
ccie2be <ccie2be@nyc.rr.com> wrote:
Hey Thomas,
Excellent but highly disturbing observations.
How did you make your determination?
And, are you 100% sure you're observations are correct?
Assuming you are correct, these inconsistencies are very disturbing.
Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Thomwin Chen
Sent: Thursday, August 18, 2005 1:46 AM
To: ccielab@groupstudy.com
Subject: observation on NBAR
Hi All,
I just observed NBAR and tested it.
I use this following link :
http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guid
e09186a0080134add.html
and use this link sent by Scott Morris several days ago:
http://www.sfsu.edu/training/mimetype.htm
I just noticed that :
match protocol http mime "*jpg" ---> didn't match anything (even the jpg
file)
match protocol http mime "*jpeg" or match protocol http mime "image/jpeg"
---> match jpeg,jpg,jpe,jfif,pjpeg,pjp
match protocol http mime "*mpg" ---> didn't match anything (even the mpg
file)
match protocol http mime "*mpeg" or match protocol http mime "video/mpeg"
----> match mpeg,mpg,mpe,mpv,vbs,mpegv
match protocol http host "cisco*" ----> didn't match www.cisco.com
match protocol http host "*cisco*" -----> match www.cisco.com
match protocol http url "WWChannels*" match www.cisco.com/WWChannels/
match protocol http url "*WWChannels*" match www.cisco.com/WWChannels/
match protocol http url "LOCATR*" didn't match
www.cisco.com/WWChannels/LOCATR/
match protocol http url "*LOCATR* match www.cisco.com/WWChannels/LOCATR/
Rgds,
Thomwin
---------------------------------
Start your day with Yahoo! - make it your home page
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3
