12-27-2002 01:04 AM - edited 03-09-2019 01:30 AM
Dear all,
When the sniffing interface is connected to the monitoring port in 2950, the tcp reset feature don't work? Does anyone know what's the problem of it? Accept configuring the monitoring port in 2950, any other configuration is needed to make the tcp reset work? Thanks
Gary
01-03-2003 08:32 AM
Gary,
Refer to 'Configuring TCP Reset Using IDS Director' at the URL:
http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a008009491d.shtml.
Also, take a look at Cisco Intrusion Detection System (Overview Q&A) at:
http://www.cisco.com/en/US/products/hw/vpndevc/ps976/products_qanda_item09186a00800887c2.shtml
01-03-2003 10:25 AM
Some switches allow packets in on their span port. These work fine with
TCP Reset.
Some switches do not allow packets in on their span port. These do not work with TCP Reset.
Some switches (like the Cat 6000) have special "inpkts enable" command to allow packets in on their span port.
I don't know which category the 2950 fits into.
NOTE: In order for TCP Resets to work, the span port must also be in the same vlan as the connection being reset; or else the reset gets sent to the wrong vlan. NOTE: Future versions of the sensor will allow you to monitor with a span port that is also a trunl port so future versions can reset on each of the vlans being spanned (assuming the swtch allows in packets on the span port)
01-08-2003 04:50 AM
The 2950 will not support the inpkts option for your span port. You will not be able to use TCP Resets. This option is required in order to inject packets into the span port otherwise it is just passive. You would need a higher end switch to support this..
Derek Twaddle
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide