08-29-2008 12:43 AM - edited 03-03-2019 11:19 PM
Hi,
Is there a way to track TCP options (e.g.MSS) using an ACL.
08-31-2008 10:02 PM
Hello Ranil,
MSS is a parameter that is negotiated by the two endpoints during TCP setup I think this would require deep packet inspection like in a stateful firewall or at least IOS feature set.
If you want to troubleshoot a TCP session with a router you can use the debug tcp command.
ACLs allow for the keyword established that check the SYN flag.
Hope to help
Giuseppe
08-31-2008 11:58 PM
Hi Giuseppe,
Thanks a lot for the confirmation. I was thinking of stateful inspection too.
And I've tried already with TCP flags which doesn't say much about it's options.
Wouldn't want to enable debug TCP also, as it will be quite resource intensive. Perhaps, with an ACL it'd try debugging IP packets.
Other choice would be to export IP traffic(ip traffic-export) and analyze on the fly. What is your experience with regard to ip traffic-export? Haven't used it so far and would like to have some thoughts.
Many thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide