Router - Viewing Network Traffic

Discussion in 'Cisco' started by JDB, Mar 4, 2004.

  1. JDB

    JDB Guest

    This seems to me to be a very basic question, but I can't find any specific
    info thru Google, etc.

    If I have a router configured for buffered logging, how can I view actual
    the log of network traffic (source, destination, port, packet detail,etc)
    that's passing through? The "show logging" command just tells me the number
    of stored messages, but not the content of those messages (some of which I
    presume are traffic details).

    Do I need to be doing a show type of command at the interface level or
    something?

    Thanks for any help..

    JDB
    JDB, Mar 4, 2004
    #1
    1. Advertising

  2. In article <>,
    "JDB" <> wrote:

    > This seems to me to be a very basic question, but I can't find any specific
    > info thru Google, etc.
    >
    > If I have a router configured for buffered logging, how can I view actual
    > the log of network traffic (source, destination, port, packet detail,etc)
    > that's passing through? The "show logging" command just tells me the number
    > of stored messages, but not the content of those messages (some of which I
    > presume are traffic details).
    >
    > Do I need to be doing a show type of command at the interface level or
    > something?


    "show log" will normally show the contents of the log buffer.

    Note that the router doesn't normally log network traffic. If you want
    traffic to be logged, you need to use a packet filter that has "log"
    options specified, or use the "debug ip packet" command.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, Mar 5, 2004
    #2
    1. Advertising

  3. JDB

    Jesse Guest

    Depends on wether you want to view all traffic or just traffic coming
    from a specific network/subnet. To view all traffic I think doing
    something like "access-list 150 permit ip any any log" will do. But be
    aware that the log will fill up very quickly depending on the amount of
    incoming traffic, this may also put a lot of load on the cpu because of
    the logging. Or if you know what subnet you would like to view do
    something like:

    access-list 150 permit ip 192.168.5.0 0.0.0.255 192.168.10.0 log
    access-list 150 permit ip any any

    This will logg traffic coming from the dot 5 network to any host on the
    dot 10 network. HTH!

    JDB wrote:
    > This seems to me to be a very basic question, but I can't find any specific
    > info thru Google, etc.
    >
    > If I have a router configured for buffered logging, how can I view actual
    > the log of network traffic (source, destination, port, packet detail,etc)
    > that's passing through? The "show logging" command just tells me the number
    > of stored messages, but not the content of those messages (some of which I
    > presume are traffic details).
    >
    > Do I need to be doing a show type of command at the interface level or
    > something?
    >
    > Thanks for any help..
    >
    > JDB
    >
    >
    >
    Jesse, Mar 5, 2004
    #3
  4. JDB

    JustMe Guest

    Jesse wrote:

    > Depends on wether you want to view all traffic or just traffic coming
    > from a specific network/subnet. To view all traffic I think doing
    > something like "access-list 150 permit ip any any log" will do. But be
    > aware that the log will fill up very quickly depending on the amount of
    > incoming traffic, this may also put a lot of load on the cpu because of
    > the logging. Or if you know what subnet you would like to view do
    > something like:
    >
    > access-list 150 permit ip 192.168.5.0 0.0.0.255 192.168.10.0 log
    > access-list 150 permit ip any any
    >
    > This will logg traffic coming from the dot 5 network to any host on the
    > dot 10 network. HTH!



    Look for netfow if your router supports it
    JustMe, Mar 5, 2004
    #4
  5. JDB

    Hansang Bae Guest

    In article <>,
    says...
    >
    > This seems to me to be a very basic question, but I can't find any specific
    > info thru Google, etc.
    >
    > If I have a router configured for buffered logging, how can I view actual
    > the log of network traffic (source, destination, port, packet detail,etc)
    > that's passing through? The "show logging" command just tells me the number
    > of stored messages, but not the content of those messages (some of which I
    > presume are traffic details).
    >
    > Do I need to be doing a show type of command at the interface level or
    > something?



    "ip accounting" under the interface. But instead, use netflow if your
    IOS supports it.

    int s4/0/0/1:0
    ip route-cache flow

    "sho ip cache flow" (or something close to that)


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Mar 5, 2004
    #5
  6. JDB

    JohnnyS Guest

    Well, if you are TESTING, you might throw this in... Im not sure anyone in
    the real world would recommend doing this....

    !
    access-list 101 permit ip any any log-input (This logs
    source/dest/pckt info)
    access-list 102 permit ip any any log-input (This logs
    source/dest/pckt info)
    !
    int e0/0
    ip access-group 101 in (This assigns ACL#101 to log incoming
    pckts on int e0/0)
    int e0/1
    ip access-group 102 in (This assigns ACL#102 to log incoming
    pckts on int e0/1)
    !
    service timestamps log datetime localtime (This puts time/date
    stamps on each packet)
    logging buffered 8192 debugging (This sets your log
    buffer size. I recommend syslog instead)











    "JDB" <> wrote in message
    news:...
    >
    > This seems to me to be a very basic question, but I can't find any

    specific
    > info thru Google, etc.
    >
    > If I have a router configured for buffered logging, how can I view actual
    > the log of network traffic (source, destination, port, packet detail,etc)
    > that's passing through? The "show logging" command just tells me the

    number
    > of stored messages, but not the content of those messages (some of which I
    > presume are traffic details).
    >
    > Do I need to be doing a show type of command at the interface level or
    > something?
    >
    > Thanks for any help..
    >
    > JDB
    >
    >
    >
    JohnnyS, Mar 6, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hypno999

    traffic-shaping limit ftp traffic

    Hypno999, Oct 7, 2005, in forum: Cisco
    Replies:
    5
    Views:
    3,628
  2. Skybuck Flying
    Replies:
    0
    Views:
    4,832
    Skybuck Flying
    Jan 19, 2006
  3. Ray Donzdorf

    PC Viewing vs DVD Player Viewing - MP3 play very fast

    Ray Donzdorf, Dec 11, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    733
    Ray Donzdorf
    Dec 11, 2004
  4. Replies:
    0
    Views:
    3,213
  5. Evolution
    Replies:
    1
    Views:
    848
    Walter Roberson
    Feb 27, 2007
Loading...

Share This Page