RE: Classifying incoming vs outgoing HTTP traffic from Cisco Fanatic on 2009-04-02 (Ccielab archives 04/2009)

From: Cisco Fanatic <ebay_products_at_hotmail.com>
Date: Thu, 2 Apr 2009 19:05:14 -0700

Thanks Dale .. well explained. I think I got it now :)

> Date: Fri, 3 Apr 2009 11:50:25 +1100
> Subject: Re: Classifying incoming vs outgoing HTTP traffic
> From: dale.shaw_at_gmail.com
> To: ebay_products_at_hotmail.com
> CC: navin.ms_at_gmail.com; divinjohn_at_gmail.com; salah.elshekeil_at_gmail.com;
ccielab_at_groupstudy.com
>
> Hi,
>
> On Fri, Apr 3, 2009 at 11:33 AM, Cisco Fanatic
> <ebay_products_at_hotmail.com> wrote:
> > Then what's the difference between
> >
> > 1) All HTTP traffic coming from Vlan 34.
> > 4) All HTTP traffic going out to Vlan 34.
> >
> > ?? if you apply the access-list as you stated.
>
> Nothing -- both 1) and 4) are handled -- HTTP requests (to tcp/80)
> _and_ HTTP responses.
>
> ip access-list extended V34_in
> ! HTTP responses from a server on Vlan34 to a client somewhere else
("any")
> permit tcp 10.1.34.0 0.0.0.255 eq www any
> ! HTTP requests from a client on Vlan34 to a server somewhere else
("any")
> permit tcp 10.1.34.0 0.0.0.255 any eq www
>
> You could tighten it up a bit:
>
> ip access-list extended V34_in
> ! HTTP responses from a server on Vlan34 to a client somewhere else
("any")
> permit tcp 10.1.34.0 0.0.0.255 eq www any gt 1023
> ! HTTP requests from a client on Vlan34 to a server somewhere else
("any")
> permit tcp 10.1.34.0 0.0.0.255 gt 1023 any eq www
>
> Or even:
>
> ip access-list extended V34_in
> ! HTTP responses from a server on Vlan34 to a client somewhere else
("any")
> permit tcp 10.1.34.0 0.0.0.255 eq www any gt 1023 established
> ! HTTP requests from a client on Vlan34 to a server somewhere else
("any")
> permit tcp 10.1.34.0 0.0.0.255 gt 1023 any eq www
>
> It's really just poor wording in the question. TCP flows have an
> inherent "direction". Connections are initiated from one end (the
> source) and accepted on the other (the destination). I think it's best
> to separate the terms "client" and "server" with "source" and
> "destination". Of course, HTTP is a client-server protocol: the client
> (source) always initiates a connection to the server (destination).
>
> The TCP source port used by the HTTP client (web browser, typically)
> is going to be >1023 (i.e. 1024-65535), and the TCP destination port
> listening on the server is (almost always) going to be 80 (within the
> "well known" range 0-1023).
>
> So, if the question doesn't make it clear if you're expected to match
> client-->server traffic ("HTTP requests"), server-->client traffic
> ("HTTP responses"), or both, you should ask the proctor!
>
> TCP is a wonderful world of its own.
>
> cheers,
> Dale
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Received on Thu Apr 02 2009 - 19:05:14 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART