Please help with tracking lost packets via Cisco 2524??

Discussion in 'Cisco' started by Joshua Colvin, Oct 22, 2003.

  1. Hi all,
    We have software that talks to a webserver internal to our LAN. Now if
    the clients are inside our LAN they work great, no problems. However
    when outside our LAN there are certain periods of time where our
    gateway gets no packets and the clients timeout waiting for a connect.
    Sniffing packets I see them leaving the client machine, but never
    getting to our gateway, so I have a feeling it's our router.

    We have a Cisco 2524 using a full T1 span configured the following
    way:


    cisco1>>show running-config
    Building configuration...

    Current configuration:
    !
    version 11.1
    service config
    service slave-log
    service udp-small-servers
    service tcp-small-servers
    !
    hostname cisco1
    !
    enable secret 5 #####
    enable password #####
    !
    username admin
    prompt cisco1>>
    !
    interface Ethernet0
    ip address 12.170.16.129 255.255.255.240
    !
    interface Serial0
    ip address 12.170.19.245 255.255.255.252
    encapsulation frame-relay IETF
    no fair-queue
    service-module t1 timeslots 1-24
    frame-relay map ip 12.170.19.246 50 IETF nocompress
    !
    interface Serial1
    no ip address
    shutdown
    !
    router igrp 1
    network 12.0.0.0
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 12.170.19.246
    logging buffered
    access-list 150 permit ip any any
    snmp-server community marisys RO
    snmp-server community public RO
    banner incoming ^Celcome
    ^C
    !
    line con 0
    line aux 0
    line vty 0 4
    password #####
    login
    !
    end

    cisco1>>



    I've been trying to learn how to sniff packets on the router itself,
    but I never see what I expect. For example, if I do:

    terminal monitor
    config t
    access-list 150 permit ip any any
    ^Z
    debug ip packet 150
    terminal monitor

    then just HTTP to 152.20.76.100 (or wherever), I never see any packet
    showing 152.20.76.100 going through, even though HTTP traffic is
    obviously occuring. Am I missing some debug option to see these
    packets? Does anyone see anything suspicious with my configuration?
    I've been browsing cisco.com for over a day reading everything I can
    but no luck so far. My router might not be the problem after all, but
    since I can't even see packets going through that ARE going through,
    I'm not doing at least one thing right.

    I do notice "encapsulation failed" msgs every now and then, and this
    is the result of a test:
    cisco1>>show service-module
    Module type is T1/fractional
    Hardware revision is B, Software revision is 1.2 ,
    Image checksum is 0x2162E11, Protocol revision is 1.1
    Receiver has no alarms.
    Framing is ESF, Line Code is B8ZS, Current clock source is line,
    Fraction has 24 timeslots (64 Kbits/sec each), Net bandwidth is 1536
    Kbits/sec.
    Last module self-test (done 00:00:25): Passed
    Last clearing of alarm counters 21:44:55
    loss of signal : 0,
    loss of frame : 2, last occurred 00:00:24
    AIS alarm : 0,
    Remote alarm : 0,
    Module access errors : 0,
    Total Data (last 86 15 minute intervals):
    0 Line Code Violations, 1 Path Code Violations
    0 Slip Secs, 1 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
    1 Errored Secs, 0 Bursty Err Secs, 1 Severely Err Secs, 0 Unavail
    Secs
    Data in current interval (893 seconds elapsed):
    1 Line Code Violations, 0 Path Code Violations
    0 Slip Secs, 1 Fr Loss Secs, 1 Line Err Secs, 0 Degraded Mins
    1 Errored Secs, 0 Bursty Err Secs, 1 Severely Err Secs, 0 Unavail
    Secs
    cisco1>>

    If anyone can offer any advice or suggestions I'd really appreciate
    it.
    Thanks,
    josh
     
    Joshua Colvin, Oct 22, 2003
    #1
    1. Advertising

  2. In article <>,
    Joshua Colvin <> wrote:
    >I've been trying to learn how to sniff packets on the router itself,
    >but I never see what I expect. For example, if I do:
    >
    >terminal monitor
    >config t
    >access-list 150 permit ip any any
    >^Z
    >debug ip packet 150
    >terminal monitor
    >
    >then just HTTP to 152.20.76.100 (or wherever), I never see any packet
    >showing 152.20.76.100 going through, even though HTTP traffic is
    >obviously occuring. Am I missing some debug option to see these
    >packets? Does anyone see anything suspicious with my configuration?
    >I've been browsing cisco.com for over a day reading everything I can
    >but no luck so far. My router might not be the problem after all, but
    >since I can't even see packets going through that ARE going through,
    >I'm not doing at least one thing right.


    You have to turn off fast switching in order for "debug ip packet" to show
    anything.

    #conf t
    interface Ethernet 0
    no ip route-cache
    interface Serial0
    no ip route-cache

    --
    Barry Margolin,
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
     
    Barry Margolin, Oct 22, 2003
    #2
    1. Advertising

  3. Barry Margolin <> wrote in message news:<XPAlb.164$3.com>...
    > In article <>,
    > Joshua Colvin <> wrote:
    > >I've been trying to learn how to sniff packets on the router itself,
    > >but I never see what I expect. For example, if I do:
    > >
    > >terminal monitor
    > >config t
    > >access-list 150 permit ip any any
    > >^Z
    > >debug ip packet 150
    > >terminal monitor
    > >
    > >then just HTTP to 152.20.76.100 (or wherever), I never see any packet
    > >showing 152.20.76.100 going through, even though HTTP traffic is
    > >obviously occuring. Am I missing some debug option to see these
    > >packets? Does anyone see anything suspicious with my configuration?
    > >I've been browsing cisco.com for over a day reading everything I can
    > >but no luck so far. My router might not be the problem after all, but
    > >since I can't even see packets going through that ARE going through,
    > >I'm not doing at least one thing right.

    >
    > You have to turn off fast switching in order for "debug ip packet" to show
    > anything.
    >
    > #conf t
    > interface Ethernet 0
    > no ip route-cache
    > interface Serial0
    > no ip route-cache



    Barry: thanks a lot for your help. That solved my problem and I'm now
    able to see all packets. :)
    I thought process-switching always occurs during packet establishment
    since there should be nothing in the cache, so I rebooted my router to
    clear out the cache and expected to see atleast the EST packet, but
    apparently that's not the case. Thanks again.
     
    Joshua Colvin, Oct 23, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lowell
    Replies:
    2
    Views:
    609
  2. Parasites Lost

    Cisco 2524 110/240V

    Parasites Lost, Feb 24, 2005, in forum: Cisco
    Replies:
    1
    Views:
    524
  3. Edw. Peach

    Tracking Someone Tracking Me

    Edw. Peach, Jun 15, 2005, in forum: Computer Security
    Replies:
    4
    Views:
    669
    Olden Doode
    Jul 7, 2005
  4. Replies:
    1
    Views:
    757
    ipacl
    Dec 13, 2006
  5. Scott Townsend
    Replies:
    3
    Views:
    839
    Scott Townsend
    Mar 7, 2007
Loading...

Share This Page