Shamefully admitting a problem that I shouldn't have. packet-tracer flow directions

steele84steele84 Member Posts: 62 ■■□□□□□□□□
in CCNA Security
Hey all I have a problem when using the CLI packet-tracer.... I cannot get my head wrapped around the "input" interface. I always end up with a huge question mark over my head trying to decided which direction I should be testing from and end up guessing some times. So for example:

Interfaces:
inside 192.168.1.0
outside internet

I'm wanting to see if 8.8.8.8 is allowed to talk inside to 192.168.1.10:

is this correct ?
packet-tracer input outside tcp 8.8.8.8 80 192.168.1.10 80 detailed

or is this the correct format ?
packet-tracer input outside tcp 192.168.1.10 80 8.8.8.8 80 detailed


For the life of me I can't find a way to set this straight in my mind. If anyone has any tips please let me know.
“What lies behind us and what lies before us are tiny matters compared to what lies within us.”

Ralph Waldo Emerson
· Share on FacebookShare on Twitter

Comments

  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    You're good on the first one.

    packet-tracer input OUTSIDE tcp [SRC_HOST] [SRC_PORT] [DST_HOST] [DST_PORT]
    · Share on FacebookShare on Twitter
  • steele84steele84 Member Posts: 62 ■■□□□□□□□□
    Ok so I think my biggest problem would be when we take it down stream a little further (that and I have to wrap my head around that packet tracer only inspects input data) so if I wanted to look at the same from the inside it wouldn't be the same.

    packet-tracer input inside tcp 192.168.1.10 80 8.8.8.8 80 it would obviously be allowed because of security zones correct? like 100 - 0. But the point is that it isn't the same test.

    I cannot test on the inside interface if 8.8.8.8 is allowed on 192.168.1.10 correct ???
    “What lies behind us and what lies before us are tiny matters compared to what lies within us.”

    Ralph Waldo Emerson
    · Share on FacebookShare on Twitter
Sign In or Register to comment.