Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

about debugging

Status
Not open for further replies.
ryezak

ryezak

Technical User
Jul 1, 2008
256
Anyone know how to debug to watch the traffic on 1 specific host based on IP address?

I am trying to see where the tcp ports are being blocked on 1 of my servers.

Thanks
 
Sort by date Sort by votes
create a standard access-list to match the host, then
type debug ip packet and enter the acl afterwords
 
Upvote 0 Downvote
Oh yeah, and apply the acl in and out on the int carrying the traffic
 
Upvote 0 Downvote
Word of warning , make sure you specify that ACL after the debug ip packet otherwise you run a high risk of burying the router and bringing down the network !
 
Upvote 0 Downvote
can someone provide me with a sample snippet of code for the acl? I have 63 other ips in the same subnet that I don't want to interupt with this acl.

thanks.
 
Upvote 0 Downvote
Hmm, thats not possible, it will block all other ip traffic.

Do this
c2600-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
c2600-1(config)#
c2600-1(config)#access-list 15 permit any
c2600-1(config)#int "put your int HERE"
c2600-1(config-if)#ip access-group 15 in
c2600-1(config-if)#ip access-group 15 out
c2600-1(config-if)#ex
c2600-1(config)#logging on
c2600-1(config)#logging host x.x.x.x
c2600-1(config)#logging trap informational
c2600-1(config)#logging buffered
c2600-1#debug ip packet 15

That should allow you to capture all ip traffic, thus not interrupting any type of traffic movement, then send all that information to a syslog server where you can sift through it till you find what you want. the logging buffered prevents the router from displaying the debug info on the screen, so your router doesn't explode.

-mike
 
Upvote 0 Downvote
To debug it would be something like this.

access-list 101 permit ip host 192.168.0.1 any
This is just an example.

On the layer 3 interface for that address range

interface g0/1
ip address 192.168.0.254 255.255.255.0
no ip route cache ---> add this statement


debug ip packet 101 detail

This will only show you the flow to and from the 192.168.0.1 address and thus not bury the router . Do not just do a debug ip packet this will debug every packet in the router which will use all the router resources and possibly hang the box. When finished do "undebug all " command.

 
Upvote 0 Downvote
vipergg,
first, thats basically what i wrote. second your directions are not complete. It will not work without applying the acl it to an interface. Third that will do exactly what he did not want Interrupt traffic for other hosts.



Also ryzek.

the command logging informational shold be debugging.

Then type no logging console.

20 yrs old, working towards my CCNP. Looking for a new job :)
02472
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
234
Zero6
Zero6
vippadil
  • Locked
  • Question
Doubt about Routing process.
Replies
2
Views
92
VinceWhirlwind
VinceWhirlwind
spivy66
  • Locked
  • Question
Question about buying a cisco router
Replies
5
Views
97
imbadatthis
imbadatthis
veilside
  • Locked
  • Question
Help about privilege levels (Cisco 2960)
Replies
0
Views
99
veilside
veilside
DougP
  • Locked
  • Question
total newbie question about dividing certain users on our network
Replies
5
Views
91
DougP
DougP

Part and Inventory Search

Sponsor

Back
Top