Cisco IOS debug commands and packet monitoring

cisco cisco-catalyst
11,628

Solution 1

You may look at Embedded Packet Capture feature - 12.4(20)T or later.

Solution 2

If you're looking for a very specific data flow, this might be do-able on a Cisco device alone. You can get basic packet source / destination information like this.

ip access-list extended acl-track-flow
permit ip host 10.2.3.4 any log-input
permit ip any any

log-input will cause the router to generate a syslog message every time the ACL entry is triggered, including the MAC address of the packet.

For more detail, you could use "debug ip packet acl [detail]", which should be run with an ACL filter to keep it from cratering your router.

Finally, you can do "debug ip packet acl dump", which is a hidden command. This will actually show you the full contents of the packets that match . Seriously un-recommend running this on a production router without a very specific ACL for a very small flow.

The correct answer is to configure a SPAN port on the downstream switch that mirrors all traffic on the router port to a Wireshark (or similar) capture device.

Share:
11,628

Related videos on Youtube

T. Webster
Author by

T. Webster

Updated on September 18, 2022

Comments

  • T. Webster
    T. Webster over 1 year

    There is a long list of debug commands. Are there any debug (or other IOS) commands which can capture detailed packet or frame (layer 2, 3) data across an interface? I know we have show-mac-address-table and show arp, but this doesn't show things like what was the destination MAC of the frame, the destination IPv4 of the packet, or what type of protocol (e.g. ICMP, ARP) used. Does IOS 12.3+ offer a way to do this?

    All I have found as far as debug is

    http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htarpmon.html#wp1203532

  • cpt_fink
    cpt_fink about 11 years
    EPC is very useful at a remote site where you don't have the ability to set up a SPAN port and a wireshark device.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cisco switchport is solid amber
How do I change my password on a Cisco Catalyst 2960 switch?
Cisco native port has to be included in allowed vlans of trunk
Vlan Management Policy Server ( VMPS) Configuration and Management
How to enable Cisco switch port mirroring without rebooting?
How to configure a Cisco Catalyst 2960 to synchronize with an NTP server
Configure cisco switch remotely without console access
LACP Trunk from Cisco to Fortinet
Configure spanning tree from HP to Cisco hardware
High latency/drops between Cisco switches in two locations. How to troubleshoot?