Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

about debugging

Status
Not open for further replies.
ryezak

ryezak

Technical User
Joined
Jul 1, 2008
Messages
256
Anyone know how to debug to watch the traffic on 1 specific host based on IP address?

I am trying to see where the tcp ports are being blocked on 1 of my servers.

Thanks
 
Sort by date Sort by votes
create a standard access-list to match the host, then
type debug ip packet and enter the acl afterwords
 
Upvote 0 Downvote
Oh yeah, and apply the acl in and out on the int carrying the traffic
 
Upvote 0 Downvote
Word of warning , make sure you specify that ACL after the debug ip packet otherwise you run a high risk of burying the router and bringing down the network !
 
Upvote 0 Downvote
can someone provide me with a sample snippet of code for the acl? I have 63 other ips in the same subnet that I don't want to interupt with this acl.

thanks.
 
Upvote 0 Downvote
Hmm, thats not possible, it will block all other ip traffic.

Do this
c2600-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
c2600-1(config)#
c2600-1(config)#access-list 15 permit any
c2600-1(config)#int "put your int HERE"
c2600-1(config-if)#ip access-group 15 in
c2600-1(config-if)#ip access-group 15 out
c2600-1(config-if)#ex
c2600-1(config)#logging on
c2600-1(config)#logging host x.x.x.x
c2600-1(config)#logging trap informational
c2600-1(config)#logging buffered
c2600-1#debug ip packet 15

That should allow you to capture all ip traffic, thus not interrupting any type of traffic movement, then send all that information to a syslog server where you can sift through it till you find what you want. the logging buffered prevents the router from displaying the debug info on the screen, so your router doesn't explode.

-mike
 
Upvote 0 Downvote
To debug it would be something like this.

access-list 101 permit ip host 192.168.0.1 any
This is just an example.

On the layer 3 interface for that address range

interface g0/1
ip address 192.168.0.254 255.255.255.0
no ip route cache ---> add this statement


debug ip packet 101 detail

This will only show you the flow to and from the 192.168.0.1 address and thus not bury the router . Do not just do a debug ip packet this will debug every packet in the router which will use all the router resources and possibly hang the box. When finished do "undebug all " command.

 
Upvote 0 Downvote
vipergg,
first, thats basically what i wrote. second your directions are not complete. It will not work without applying the acl it to an interface. Third that will do exactly what he did not want Interrupt traffic for other hosts.



Also ryzek.

the command logging informational shold be debugging.

Then type no logging console.

20 yrs old, working towards my CCNP. Looking for a new job :)
02472
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
514
Zero6
Zero6
vippadil
  • Locked
  • Question Question
Doubt about Routing process.
Replies
2
Views
190
VinceWhirlwind
VinceWhirlwind
spivy66
  • Locked
  • Question Question
Question about buying a cisco router
Replies
5
Views
274
imbadatthis
imbadatthis
veilside
  • Locked
  • Question Question
Help about privilege levels (Cisco 2960)
Replies
0
Views
187
veilside
veilside
DougP
  • Locked
  • Question Question
total newbie question about dividing certain users on our network
Replies
5
Views
320
DougP
DougP

Part and Inventory Search

Sponsor

Back
Top