debug ip packet 
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||||||||||||||||||||
|
Posted by J Anderia on September 1, 2006, 7:56 pm
Please log in for more thread options use it with an access list, the show log command captures everything, not just what I've put in the acess list. Is there a way to get only what I want in the log buffer? This is what I'm doing: Log onto router - A 3660 running IOS 12.3(6)a 1. Configure an access list: access-list 150 permit tcp host 10.10.59.59 host 192.168.25.14 eq smtp access-list 150 permit tcp host 192.168.25.14 host 10.10.59.59 established 2. Turn on debug: debug ip packet detail 150 **(note, I've also tried a variation, debug ip packet 150 detail) 3. Telnet to port 25 from the host, 10.10.59.59 4. Run a 'show log' command on the router to look at the log Instead of just seeing the traffic between the two hosts in the access list, I see a multitude of traffic from other hosts. Am I doing something wrong here? I would love to be able to only see the narrowed down traffic that I've specified in my access list. Thanks! | |||||||||||||||||||||||||||||||||||||
|
Posted by lfnetworking on September 1, 2006, 8:07 pm
Please log in for more thread options > I like to use the debug packet ip detail command to troubleshoot but even when
I use it
> with an access list, the show log command captures everything, not just what
I've put in
> the acess list. Is there a way to get only what I want in the log buffer?
This is what
> I'm doing:
see a
> > Log onto router - A 3660 running IOS 12.3(6)a > > 1. Configure an access list: > access-list 150 permit tcp host 10.10.59.59 host 192.168.25.14 eq smtp > access-list 150 permit tcp host 192.168.25.14 host 10.10.59.59 established > > 2. Turn on debug: > debug ip packet detail 150 > **(note, I've also tried a variation, debug ip packet 150 detail) > > 3. Telnet to port 25 from the host, 10.10.59.59 > > 4. Run a 'show log' command on the router to look at the log > > Instead of just seeing the traffic between the two hosts in the access list, I > multitude of traffic from other hosts. Am I doing something wrong here? I
would love to
> be able to only see the narrowed down traffic that I've specified in my access
list.
>
watch the debug in your terminal in exec mode, no need to look at logs -
> Thanks! use the "term mon" command . sounds like you have terminal logging on as well | |||||||||||||||||||||||||||||||||||||
|
Posted by J Anderia on September 1, 2006, 8:23 pm
Please log in for more thread options Thanks for the quick reply! I have tried that and I still get all the unwanted
traffic showing up on the terminal. Any way to limit the traffic so it doesn't scroll off the screen too quickly when I'm trying to troubleshoot? >J Anderia wrote:
>> I like to use the debug packet ip detail command to troubleshoot but even
when I use it
>> with an access list, the show log command captures everything, not just what
I've put in
>> the acess list. Is there a way to get only what I want in the log buffer?
This is what
>> I'm doing:
I see a
>> >> Log onto router - A 3660 running IOS 12.3(6)a >> >> 1. Configure an access list: >> access-list 150 permit tcp host 10.10.59.59 host 192.168.25.14 eq smtp >> access-list 150 permit tcp host 192.168.25.14 host 10.10.59.59 established >> >> 2. Turn on debug: >> debug ip packet detail 150 >> **(note, I've also tried a variation, debug ip packet 150 detail) >> >> 3. Telnet to port 25 from the host, 10.10.59.59 >> >> 4. Run a 'show log' command on the router to look at the log >> >> Instead of just seeing the traffic between the two hosts in the access list, >> multitude of traffic from other hosts. Am I doing something wrong here? I
would love to
>> be able to only see the narrowed down traffic that I've specified in my
access list.
>>
>> Thanks! >watch the debug in your terminal in exec mode, no need to look at logs -
>use the "term mon" command . sounds like you have terminal logging on >as well | |||||||||||||||||||||||||||||||||||||
|
Posted by Barry Margolin on September 1, 2006, 9:42 pm
Please log in for more thread options
> I like to use the debug packet ip detail command to troubleshoot but even
> when I use it > with an access list, the show log command captures everything, not just what > I've put in > the acess list. Is there a way to get only what I want in the log buffer? > This is what > I'm doing: > > Log onto router - A 3660 running IOS 12.3(6)a > > 1. Configure an access list: > access-list 150 permit tcp host 10.10.59.59 host 192.168.25.14 eq smtp > access-list 150 permit tcp host 192.168.25.14 host 10.10.59.59 established Are you sure there wasn't already an access-list 150? If there was, you just added to the end of it, you didn't replace it. Type no access-list 150 before configuring the ACL, to ensure that it starts out empty. >
> 2. Turn on debug: > debug ip packet detail 150 > **(note, I've also tried a variation, debug ip packet 150 detail) > > 3. Telnet to port 25 from the host, 10.10.59.59 > > 4. Run a 'show log' command on the router to look at the log > > Instead of just seeing the traffic between the two hosts in the access list, > I see a > multitude of traffic from other hosts. Am I doing something wrong here? I > would love to > be able to only see the narrowed down traffic that I've specified in my > access list. > > Thanks! -- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group *** | |||||||||||||||||||||||||||||||||||||
|
Posted by J Anderia on September 1, 2006, 9:55 pm
Please log in for more thread options I did confirm that there was no other access-list 150 before I created it. A
"show run | inc list 150" confirms this for me now also. Could this be a bug with IOS 12.3(6)a? I'm guessing I am supposesd to see filtered results and not everything going through, is this correct? >
>> I like to use the debug packet ip detail command to troubleshoot but even
>> when I use it >> with an access list, the show log command captures everything, not just what >> I've put in >> the acess list. Is there a way to get only what I want in the log buffer? >> This is what >> I'm doing: >> >> Log onto router - A 3660 running IOS 12.3(6)a >> >> 1. Configure an access list: >> access-list 150 permit tcp host 10.10.59.59 host 192.168.25.14 eq smtp >> access-list 150 permit tcp host 192.168.25.14 host 10.10.59.59 established >
>Are you sure there wasn't already an access-list 150? If there was, you >just added to the end of it, you didn't replace it. Type > >no access-list 150 > >before configuring the ACL, to ensure that it starts out empty. > >>
>> 2. Turn on debug: >> debug ip packet detail 150 >> **(note, I've also tried a variation, debug ip packet 150 detail) >> >> 3. Telnet to port 25 from the host, 10.10.59.59 >> >> 4. Run a 'show log' command on the router to look at the log >> >> Instead of just seeing the traffic between the two hosts in the access list, >> I see a >> multitude of traffic from other hosts. Am I doing something wrong here? I >> would love to >> be able to only see the narrowed down traffic that I've specified in my >> access list. >> >> Thanks! | |||||||||||||||||||||||||||||||||||||
| Similar Threads | Posted |
| debug ip packet | September 1, 2006, 7:56 pm |
| Decode debug packet output from pix | February 14, 2006, 9:29 pm |
| debug packet syntax error hosed my PIX? | February 6, 2006, 6:01 pm |
| %PIX-4-402106: Rec'd packet not an IPSEC packet. | August 25, 2006, 4:06 pm |
| IOS Debug | August 15, 2005, 3:39 am |
| Pix debug, get more out of it | June 15, 2005, 7:41 am |
| Debug QoS cos & dscp | September 13, 2005, 5:50 pm |
| debug packets on PIX with 7.0 | October 11, 2005, 12:19 am |
| Cisco Pix debug help | March 19, 2006, 5:37 am |
| PIX 501 vpdn debug help | December 11, 2006, 10:15 pm |
| what does debug outputs mean ? | March 22, 2007, 5:53 pm |
| Pix Debug Commands | April 10, 2008, 2:34 pm |
| debug frame-relay lmi | October 25, 2005, 1:42 am |
| filtering debug output | June 19, 2005, 7:04 pm |
| How to debug this ping response ??? | September 4, 2006, 12:14 am |