While reading Richard Stevens book about TCP "RST" bit and "FIN" bit, I recalled that the "established" keyword in IP extended access-list will match those packet with "RST" and "ACK" bit set.... I know an orderly shutdown of TCP session is "FIN", not "RST". In case the "established" keyword is used to match those already connected TCP traffic, why not the "established" keyword matchs both "ACK", "FIN", and "RST" bits? Is it most TCP sessions are "abortive release" rather than "orderly release"? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2716&t=2716 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question about IP extended access-list "established" keyword. [7:2716]
[EMAIL PROTECTED] (Katson Yeung) Tue, 01 May 2001 01:40:14 -0700
