RE: Classifying incoming vs outgoing HTTP traffic from Cisco Fanatic on 2009-04-02 (Ccielab archives 04/2009)

From: Cisco Fanatic <ebay_products_at_hotmail.com>
Date: Thu, 2 Apr 2009 17:33:28 -0700

Then what's the difference between

1) All HTTP traffic coming from Vlan 34.
4) All HTTP traffic going out to Vlan 34.

?? if you apply the access-list as you stated.

> Date: Thu, 2 Apr 2009 17:13:51 -0700
> Subject: Re: Classifying incoming vs outgoing HTTP traffic
> From: navin.ms_at_gmail.com
> To: ebay_products_at_hotmail.com
> CC: divinjohn_at_gmail.com; salah.elshekeil_at_gmail.com; ccielab_at_groupstudy.com
>
> As Salah has rightly pointed out,
>
> WebClient---------------------------------WebServer
>
> 1) For Traffic flowing from Client to Server:
> Src TCP port = Random port (say, RND > 1024)
> Dest TCP port = 80
>
> 2) For traffic flowing from Server to Client:
> Src TCP port = 80
> Dest TCP port = Same Random port (RND)
>
> The trick is how you interpret the Question !!
>
> When the task says all HTTP traffic coming from (or) to Vlan 34, it could
> mean one or both of -
> a) Client to Server traffic
> b) Server to Client traffic
>
> *Hence my solution would be to match both types of traffic.*
>
> For example:
> 1) All HTTP traffic coming from Vlan 34.
>
> ip access-list extended V34_in
> permit tcp 10.1.34.0 0.0.0.255 eq www any <-- HTTP traffic from
> Server to Client
> permit tcp 10.1.34.0 0.0.0.255 any eq www <-- HTTP traffic from
> Client to Server
>
>
> Regards,
> Naveen.
>
>
> On Thu, Apr 2, 2009 at 2:01 PM, Cisco Fanatic
> <ebay_products_at_hotmail.com>wrote:
>
> > This is what I belive is right?
> >
> > 1) All HTTP traffic coming from Vlan 34.
> >
> > ip access-list extended V34_in
> > permit tcp 10.1.34.0 0.0.0.255 eq www any
> >
> > 2) All HTTP traffic coming from R1 on Vlan 34.
> >
> > ip access-list extended V34_R1_in
> > permit tcp host 10.1.34.1 eq www any
> >
> > 3) All HTTP traffic coming from Web Server on Vlan 34.
> >
> > ip access-list extended V34_WS_in
> > permit tcp host 10.1.30.100 eq www any
> >
> > 4) All HTTP traffic going out to Vlan 34.
> >
> > ip access-list extended V34_out
> > permit tcp any 10.1.30.0 0.0.0.255 eq www
> >
> > 5) All HTTP traffic going out to Web Server on Vlan 34.
> >
> > ip access-list extended V34_WS_out
> > permit tcp any host 10.1.30.100 eq www
> >
> >
> > -Yuri
> >
> >
> > > >>
> > > >> On Thu, Apr 2, 2009 at 9:38 PM, naveen M S <navin.ms_at_gmail.com>
> > wrote:
> > > >>
> > > >>> Thanks Divin. This is my understanding.
> > > >>>
> > > >>> WebClient---------------------------------WebServer
> > > >>>
> > > >>> 1) For Traffic flowing from Client to Server:
> > > >>> Src TCP port = Any
> > > >>> Dest TCP port = 80
> > > >>>
> > > >>> 2) For traffic flowing from Server to Client:
> > > >>> Src TCP port = 80
> > > >>> Dest TCP port = 80
> > > >>>
> > > >>> Is this correct ?
> > > >>>
> > > >>>
> > > >>> On Thu, Apr 2, 2009 at 11:19 AM, Divin Mathew John <
> > divinjohn_at_gmail.com
> > > >>> >wrote:
> > > >>>
> > > >>> > I think destination Port would be more APT.! becoz to connect to
a
> > > >>> normal
> > > >>> > HTTP webserver u wud use port 80 to connect to web server and not
> > > >>> > necessarily POrt 80 on your comp.!
> > > >>> > Thanking You
> > > >>> >
> > > >>> > Yours Sincerely
> > > >>> >
> > > >>> > Divin Mathew John
> > > >>> > divinjohn_at_gmail.com
> > > >>> > divin_at_dide3d.com
> > > >>> > +91 9945430983
> > > >>> > +91 9846697191
> > > >>> > +974 5008916
> > > >>> > PGP PUBLIC KEY BLOCK @
> > http://www.dide3d.com/divin_Public_PGP_key.txt
> > > >>> > Sent from Bangalore, KA, India
> > > >>> >
> > > >>> > On Thu, Apr 2, 2009 at 11:44 PM, naveen M S <navin.ms_at_gmail.com>
> > > >>> wrote:
> > > >>> >
> > > >>> >> Group,
> > > >>> >>
> > > >>> >> I have trouble translating these statements to ACLs.
> > > >>> >>
> > > >>> >> 1) All HTTP traffic coming from Vlan 34.
> > > >>> >> 2) All HTTP traffic coming from R1 on Vlan 34.
> > > >>> >> 3) All HTTP traffic coming from Web Server on Vlan 34.
> > > >>> >> 4) All HTTP traffic going out to Vlan 34.
> > > >>> >> 5) All HTTP traffic going out to Web Server on Vlan 34.
> > > >>> >>
> > > >>> >> *Question is:*
> > > >>> >> Should I match both Source and Destination TCP port to 80 (or)
> > just
> > > >>> one of
> > > >>> >> them ?
> > > >>> >> Assume Vlan 34 = 10.1.34.0/24, R1 = 10.1.34.1/24, WebServer =
> > > >>> >> 10.1.34.100/24
> > > >>> >>
> > > >>> >> My solutions is for the above are:
> > > >>> >>
> > > >>> >> a) Match source tcp port = 80 for incoming HTTP traffic
> > > >>> >> b) Match destination tcp port = 80 for outgoing HTTP traffic.
> > > >>> >>
> > > >>> >> 1) ip access-list extended V34_in
> > > >>> >> permit tcp 10.1.34.0 0.0.0.255 eq www any
> > > >>> >>
> > > >>> >> 2) ip access-list extended V34_R1_in
> > > >>> >> permit tcp 10.1.34.1 0.0.0.0 eq www any
> > > >>> >>
> > > >>> >> 3) ip access-list extended V34_WS_in
> > > >>> >> permit tcp 10.1.30.100 0.0.0.0 eq www any
> > > >>> >>
> > > >>> >> 4) ip access-list extended V34_out
> > > >>> >> permit tcp any 10.1.30.0 0.0.0.255 eq www
> > > >>> >>
> > > >>> >> 5) ip access-list extended V34_WS_out
> > > >>> >> permit tcp any 10.1.30.100 0.0.0.0 eq www
> > > >>> >>
> > > >>> >> Can someone please highlight the Source & Destination TCP ports
> > for
> > > >>> HTTP
> > > >>> >> traffic in both directions ?
> > > >>> >>
> > > >>> >> Thanks very much,
> > > >>> >> Naveen.
> > > >>> >>
> > > >>> >>
> > > >>> >> Blogs and organic groups at http://www.ccie.net
> > > >>> >>
> > > >>> >>
> > > >>>
> > _______________________________________________________________________
> > > >>> >> Subscription information may be found at:
> > > >>> >> http://www.groupstudy.com/list/CCIELab.html
> > > >>>
> > > >>>
> > > >>> Blogs and organic groups at http://www.ccie.net
> > > >>>
> > > >>>
> > _______________________________________________________________________
> > > >>> Subscription information may be found at:
> > > >>> http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > ------------------------------
> > Rediscover Hotmail.: Get e-mail storage that grows with you. Check it
>
out.<http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover
> _Storage1_042009>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Received on Thu Apr 02 2009 - 17:33:28 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART