Thanks a bunch. Found the same explanation in this link
*http://www.firewall.cx/tcp-analysis-section-1.php*
On Thu, Apr 2, 2009 at 12:16 PM, Divin Mathew John
<divinjohn_at_gmail.com>wrote:
> yes i think saleah is rt
> Thanking You
>
> Yours Sincerely
>
> Divin Mathew John
> divinjohn_at_gmail.com
> divin_at_dide3d.com
> +91 9945430983
> +91 9846697191
> +974 5008916
> PGP PUBLIC KEY BLOCK @ http://www.dide3d.com/divin_Public_PGP_key.txt
> Sent from Bangalore, KA, India
>
> On Fri, Apr 3, 2009 at 12:23 AM, Salah ElShekeil <
> salah.elshekeil_at_gmail.com> wrote:
>
>> Traffic distend to a web server
>>
>> Source port = random
>>
>> Distention port = 80
>>
>> Traffic coming from a web server
>>
>> Source port = 80
>>
>> Destination port = random
>>
>> �It will reply to the same client source port�
>>
>>
>>
>> HTH
>>
>>
>>
>> Salah
>>
>>
>> On Thu, Apr 2, 2009 at 9:38 PM, naveen M S <navin.ms_at_gmail.com> wrote:
>>
>>> Thanks Divin. This is my understanding.
>>>
>>> WebClient---------------------------------WebServer
>>>
>>> 1) For Traffic flowing from Client to Server:
>>> Src TCP port = Any
>>> Dest TCP port = 80
>>>
>>> 2) For traffic flowing from Server to Client:
>>> Src TCP port = 80
>>> Dest TCP port = 80
>>>
>>> Is this correct ?
>>>
>>>
>>> On Thu, Apr 2, 2009 at 11:19 AM, Divin Mathew John <divinjohn_at_gmail.com
>>> >wrote:
>>>
>>> > I think destination Port would be more APT.! becoz to connect to a
>>> normal
>>> > HTTP webserver u wud use port 80 to connect to web server and not
>>> > necessarily POrt 80 on your comp.!
>>> > Thanking You
>>> >
>>> > Yours Sincerely
>>> >
>>> > Divin Mathew John
>>> > divinjohn_at_gmail.com
>>> > divin_at_dide3d.com
>>> > +91 9945430983
>>> > +91 9846697191
>>> > +974 5008916
>>> > PGP PUBLIC KEY BLOCK @ http://www.dide3d.com/divin_Public_PGP_key.txt
>>> > Sent from Bangalore, KA, India
>>> >
>>> > On Thu, Apr 2, 2009 at 11:44 PM, naveen M S <navin.ms_at_gmail.com>
>>> wrote:
>>> >
>>> >> Group,
>>> >>
>>> >> I have trouble translating these statements to ACLs.
>>> >>
>>> >> 1) All HTTP traffic coming from Vlan 34.
>>> >> 2) All HTTP traffic coming from R1 on Vlan 34.
>>> >> 3) All HTTP traffic coming from Web Server on Vlan 34.
>>> >> 4) All HTTP traffic going out to Vlan 34.
>>> >> 5) All HTTP traffic going out to Web Server on Vlan 34.
>>> >>
>>> >> *Question is:*
>>> >> Should I match both Source and Destination TCP port to 80 (or) just
>>> one of
>>> >> them ?
>>> >> Assume Vlan 34 = 10.1.34.0/24, R1 = 10.1.34.1/24, WebServer =
>>> >> 10.1.34.100/24
>>> >>
>>> >> My solutions is for the above are:
>>> >>
>>> >> a) Match source tcp port = 80 for incoming HTTP traffic
>>> >> b) Match destination tcp port = 80 for outgoing HTTP traffic.
>>> >>
>>> >> 1) ip access-list extended V34_in
>>> >> permit tcp 10.1.34.0 0.0.0.255 eq www any
>>> >>
>>> >> 2) ip access-list extended V34_R1_in
>>> >> permit tcp 10.1.34.1 0.0.0.0 eq www any
>>> >>
>>> >> 3) ip access-list extended V34_WS_in
>>> >> permit tcp 10.1.30.100 0.0.0.0 eq www any
>>> >>
>>> >> 4) ip access-list extended V34_out
>>> >> permit tcp any 10.1.30.0 0.0.0.255 eq www
>>> >>
>>> >> 5) ip access-list extended V34_WS_out
>>> >> permit tcp any 10.1.30.100 0.0.0.0 eq www
>>> >>
>>> >> Can someone please highlight the Source & Destination TCP ports for
>>> HTTP
>>> >> traffic in both directions ?
>>> >>
>>> >> Thanks very much,
>>> >> Naveen.
>>> >>
>>> >>
>>> >> Blogs and organic groups at http://www.ccie.net
>>> >>
>>> >>
>>> _______________________________________________________________________
>>> >> Subscription information may be found at:
>>> >> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 02 2009 - 12:34:12 ART