Home
Certification Preparation
Cisco
CCNA & CCENT
CCNA Security
Shamefully admitting a problem that I shouldn't have. packet-tracer flow directions
steele84
Hey all I have a problem when using the CLI packet-tracer.... I cannot get my head wrapped around the "input" interface. I always end up with a huge question mark over my head trying to decided which direction I should be testing from and end up guessing some times. So for example:
Interfaces:
inside 192.168.1.0
outside internet
I'm wanting to see if 8.8.8.8 is allowed to talk inside to 192.168.1.10:
is this correct ?
packet-tracer input outside tcp 8.8.8.8 80 192.168.1.10 80 detailed
or is this the correct format ?
packet-tracer input outside tcp 192.168.1.10 80 8.8.8.8 80 detailed
For the life of me I can't find a way to set this straight in my mind. If anyone has any tips please let me know.
Find more posts tagged with
Comments
MitM
You're good on the first one.
packet-tracer input OUTSIDE tcp [SRC_HOST] [SRC_PORT] [DST_HOST] [DST_PORT]
steele84
Ok so I think my biggest problem would be when we take it down stream a little further (that and I have to wrap my head around that packet tracer only inspects input data) so if I wanted to look at the same from the inside it wouldn't be the same.
packet-tracer input inside tcp 192.168.1.10 80 8.8.8.8 80 it would obviously be allowed because of security zones correct? like 100 - 0. But the point is that it isn't the same test.
I cannot test on the inside interface if 8.8.8.8 is allowed on 192.168.1.10 correct ???
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
