pix and fragment riddle - dslreports.com

Author	All Replies
highland8 join:2005-05-24 POLAND	pix and fragment riddle Hello On CCSP i have question: pixfirewall# show fragment Interface: outside Size: 200, Chain: 24, Timeout: 5, Threshold: 133 How may fragment packets have entered the outside interface of the PIX Security Appliance since the last time the clear fragment command was executed ? There are several answers: 133,200,900,915,920,935 And 935 is correct. Why ??
highland8 join:2005-05-24 POLAND	to forum · permalink · · 2006-03-18 08:03:31 ·
snarohyans join:2005-11-10 Indianapolis, IN	It looks to me like there is a portion missing to that question... Typically when executing that command, you should get the following: pixfirewall(config)# show fragment outside Interface: outside Size:2000, Chain:45, Timeout:10 Queue:1060, Assemble:809, Fail:0, Overflow:0 Which indicates: •A database size limit of 2000 packets. •The chain length limit of 45 fragments. •A timeout of ten seconds. •1060 packets currently awaiting re-assembly. •809 packets have been fully reassembled. •No failure. •No overflow. Therefore, to answer the question, you would add up the queue and assembled tallies to come up with a total of the number of fragmented packets that have entered the interface. It sounds incomplete to me, but I might be missing something Hope this helps! Aaron
snarohyans join:2005-11-10 Indianapolis, IN	to forum · permalink · · 2006-03-18 10:01:23 ·


Monday, 09-Nov 14:31:48	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF