Hi all,
To view real time packet in my routers, some times, i run debug mode and terminal monitor to print result on session, and then, i run undebug all to stop debug.
The problem is, this operation take a lot of memory/cpu.
How can i view result of debug mode without impact performance of the router ? Maybe by sending result of debug mode to syslog server ? If yes how, can i do it ?
ThankYou very much for your help
Best Regards NS
Thanks a lot Jo for quick answer
Cdly NS
"Jo Reed" a écrit dans le message de news:7F3ie.8340$ snipped-for-privacy@newsfe5-win.ntli.net...
You can use an access-list to filter "debug ip packet" or just use a sniffer.
In article , ns wrote: :To view real time packet in my routers, some times, i run debug mode and :terminal monitor to print result on session, and then, i run undebug all to :stop debug.
:The problem is, this operation take a lot of memory/cpu.
:How can i view result of debug mode without impact performance of the router
In general, you cannot.
:Maybe by sending result of debug mode to syslog server ? If yes how, can i :do it ?
Sending anything to syslog takes memory and cpu and would have
*some* performance impact.If performance is a problem, you need to avoid having the router do extra work to make the packet contents available. In some models and versions, there is no way to do that. In other models and versions, you can "span" or "rspan" without performance penalty.
If you are proposing to send the debug messages via syslog, then your requirement is not really for 'real time' packet analysis.
Do your routers support packet capture?
Not to high-jack someone else's thread, but what routers do this? I know that PIXes do, but I didn't know that any routers have that ability. I guess that I need to spend more time on Cisco's website..
-Richard
:> Do your routers support packet capture?
:Not to high-jack someone else's thread, but what routers do this? I know :that PIXes do, but I didn't know that any routers have that ability.
The Network Analysis Module (NAM) for one. NM-CIDS for another. And the "SVC-ADM" "Traffic Anomaly Detector Module".
IOS with the RMON feature allows capture of packet headers ("rmon capture").
There might be others; I am no IOS expert.
Thanks a lot for yours anwers
Cdly NS
Hi All,
I don't know if my routers support packet capture. I would like to find a standard solution for all cisco routers, also for catalysts L3.
I tested by sending logging to syslog and saving logging on buffer. This two solutions work fine. Its betten than writing debug on the terminal monitor.
So, it's work fine, i can run debug mode without having great problem
ThankYou very much
Cdly NS
"Walter Roberson" a écrit dans le message de news:d6c0ss$6rb$ snipped-for-privacy@canopus.cc.umanitoba.ca...
There is the (undocumented) 'debug ip packet dump' which logs a hexdump of matching packets.
The following bit of Perl will massage it into something text2pcap (part of Ethereal:
---------------------- Cut here ----------------------------
#!/usr/bin/perl
# Convert Cisco dump file format to something text2pcap can read. # Author: Hamish Moffatt . # License: GPL (see
sub dumppkt () { for ($i = 0; $i < scalar(@pkt); $i++) { if ($i % 16 == 0) { printf "\n%08X", $i; }
printf " %02X", $pkt[$i]; }
}while() { chomp;
unless (m/[0-9A-F]{8}:/) { rly do her in?ØA DROPPRIVS=yes@Á-capture_wbai* interparse* msn/?? dumppkt; undef @pkt; next; }
# Strip the offsets and ASCII dump $hex = substr $_, 10, 35;
# Remove all spaces $hex =~ s/ //g;
# Convert hex bytes on this line while ((length $hex) > 0) { push @pkt, hex (substr $hex, 0, 2, ""); }
}dumppkt; print "\n";
-------------------------- Cut here ------------------------------
Regards,
Marco.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.