Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Equipment Support » Hardware By Brand » Cisco » pix and fragment riddle
Uniqs:
157		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
Ciscoworks »
« [Config] DynDNS.org on Cisco 871  
highland8

join:2005-05-24
POLAND

pix and fragment riddle

Hello

On CCSP i have question:
pixfirewall# show fragment
Interface: outside
Size: 200, Chain: 24, Timeout: 5, Threshold: 133

How may fragment packets have entered the outside interface of the PIX Security Appliance since the last time the clear fragment command was executed ?
There are several answers: 133,200,900,915,920,935
And 935 is correct. Why ??
permalink · 2006-03-18 08:03:31 · Reply to this
snarohyans

join:2005-11-10
Indianapolis, IN

Re: pix and fragment riddle

It looks to me like there is a portion missing to that question...

Typically when executing that command, you should get the following:

pixfirewall(config)# show fragment outside
Interface: outside
Size:2000, Chain:45, Timeout:10
Queue:1060, Assemble:809, Fail:0, Overflow:0

Which indicates:

•A database size limit of 2000 packets.
•The chain length limit of 45 fragments.
•A timeout of ten seconds.
•1060 packets currently awaiting re-assembly.
•809 packets have been fully reassembled.
•No failure.
•No overflow.

Therefore, to answer the question, you would add up the queue and assembled tallies to come up with a total of the number of fragmented packets that have entered the interface.

It sounds incomplete to me, but I might be missing something

Hope this helps!
Aaron
permalink · 2006-03-18 10:01:23 · Print · Reply to this
Forums » Equipment Support » Hardware By Brand » CiscoCiscoworks »
« [Config] DynDNS.org on Cisco 871  

Thursday, 03-Dec 09:39:28 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [162] Comcast Releasing Promised Usage Meter
· [103] Avast Antivirus Has Gone Mad
· [101] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [80] Latest Consumer Reports Survey Not Kind To AT&T
· [70] Baltimore To Ban Lazy Cable Installs
· [63] Broadband Killed The Game Console
· [55] Rogers Unveils The ISP Dream Model
· [47] ACTA: Global Three Strikes
· [41] Rural Carriers Quickly Embracing Fiber
· [40] Cable Industry's 'Adoption Plus': Altruism Or PR Stunt?
Most people now reading
· False positive in Avast! or is it real? [Security]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· [Rant] Disrespect of PTO [Rants, Raves, and Praise]
· LFM Overkill [World of Warcraft]
· Working in a Stairwell and Surrounding High Walls [Home Repair & Improvement]
· Quality/longevity of 15A 120V receptacles [Home Repair & Improvement]
· Water pressure, my new nemesis. [Home Repair & Improvement]
· Microsoft Security Bulletin Summary for October 13, 2009 [Security]
· ICC Strats??? [World of Warcraft]
· Cisco SDM doesn't launch SDM GUI from popup window [Cisco]