monitor traffic on port 2600 router

Discussion in 'Cisco' started by tg, Sep 4, 2009.

  1. tg

    tg Guest

    cisco 2651XM router
    IOS: c2600-adventerprisek9-mz.124-15.T8.bin

    I want to monitor live traffic on a network port and output it to a tftp
    syslog. The port is FastEthernet 1/14 but I'm only having partial success.
    I did:
    #debug int f1/14
    which seemed to go fine, and then I did:
    #logging on
    #logging 172.16.1.14 (ip address of the pc running TFTP32)
    #logging trap debugging
    but I'm not getting a proper report in the syslog of the TFTP program. I'm
    getting bits of info but not the full monte. What command should |I be
    using?
    thanks for any help.
    tg, Sep 4, 2009
    #1
    1. Advertising

  2. tg

    tg Guest

    "tg" <> wrote in message
    news:4aa11ed9$0$2541$...

    additional info:
    the device I want to monitor is set to 172.16.1.36 (connected to port
    f1/14) so I tried:
    #debug ip tcp packet address 172.16.1.36
    and got a bit more action but it's still not 'all' traffic.
    tg, Sep 5, 2009
    #2
    1. Advertising

  3. tg

    jimjim237 Guest

    On 5 Sep, 11:01, "tg" <> wrote:
    > "tg" <> wrote in message
    >
    > news:4aa11ed9$0$2541$...
    >
    > additional info:
    > the device I want to monitor is set to 172.16.1.36 (connected to port
    > f1/14) so I tried:
    > #debug ip tcp packet address 172.16.1.36
    > and got a bit more action but it's still not 'all' traffic.


    debug ip packet [detail]
    Dumps packets to the logging system
    *however* fast switched packets are not noticed

    So if you want to see all traffic you need to
    switch the router to do process switching.

    int x
    no ip route-cache
    (On the *input* interfaces at least I think
    but I would just put it on all relevant interfaces for the
    traffic)

    Of course this may reduce the performance of the router
    by 90% or so. i.e. to 10% of previous forwarding rate,
    or even worse. Of course debug will affect it further.

    Prepare for the router ceasing to function
    with deb ip pack. Even hang completely.

    You can use an access list to restrict the traffic
    that is dumped.

    deb ip pac 199 [det] - I seem to recall.
    access-l 199 ........

    Remember to record the config and to put the
    interfaces back the way they were when you are done.

    ip route-cache cef ! for example

    The latest greatest IOS has a capture facility in it like
    tcpdump or the pix/asa.

    Maybe 12.4.20T - not sure and have never tried it
    but it looks good. Think it can sent traffic say via ftp
    to a server in pcap format, handy for wireshark:))
    All approximate.

    Good luck.
    jimjim237, Sep 5, 2009
    #3
  4. tg

    tg Guest

    "jimjim237" <> wrote in message
    news:...
    > On 5 Sep, 11:01, "tg" <> wrote:
    >> "tg" <> wrote in message


    thanks for your feedback and I'm making some progress.
    I tried the access-list thing by doing:
    #access-list 106 permit tcp 172.16.1.36 255.255.255.255 any
    debug ip packet 106
    this produced a lot more action in the log but it seemed to include traffic
    from other ip's that had nothing to do with the device at 172.16.1.36. What
    I ideally want is to see just traffic in and out of 172.16.1.36. Perhaps
    I need to tweak the access-list but I'm not sure. Thanks for any further
    ideas.
    tg, Sep 6, 2009
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CompGuy
    Replies:
    11
    Views:
    128,967
    jhonny
    Sep 28, 2011
  2. Replies:
    2
    Views:
    782
  3. MooMetal

    Connecting 4 Port Router + Single Port Router

    MooMetal, Jan 29, 2009, in forum: Computer Support
    Replies:
    0
    Views:
    548
    MooMetal
    Jan 29, 2009
  4. tg
    Replies:
    6
    Views:
    3,866
    Williams
    Sep 16, 2010
  5. Al
    Replies:
    12
    Views:
    7,142
    alexd
    Nov 26, 2009
Loading...

Share This Page