Capturing traffic in router.

Unanswered Question
Sep 9th, 2007
User Badges:

Hi all,


Id like to ask how I can capture traffic

in Cisco routers? Something like in Cisco PIX firewalls. It is very nice in Cisco PIXs when I can troubleshoot outgoing and incoming traffic throught some interface of PIX.


Any idea?

BR

jl

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Richard Burts Mon, 09/10/2007 - 03:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

JL


The packet capture in the PIX and ASA is a very helpful feature. Probably the closest thing on a router would be debug ip packet. This command will capture and display each IP packet that the router processes.


I have 2 cautions about using debug ip packet:

- if you need to capture packets you need to make sure that the router CPU is processing the packet. Therefore you may need to force the appropriate interfaces to process switch. Be aware that this will impact performance of the router.

- the debug ip packet tends to produce a lot of output and can impact performance of the router there are several things that you can do to reduce the impact of this debug:

-- do not send the debug output to the console port. Probably the least impact is sending the output to logging buffered or to terminal monitor.

-- use the debug with an access list to limit the data that it will report. You could do something like this:

access-list 199 permit ip any host 192.168.11.3

access-list 199 permit ip host 192.168.11.3 any

debug ip packet 199

This will display only traffic to and from the host 192.168.11.3


I believe this is as close as the router comes. But note that it is not as effective as the capture on PIX and ASA.


HTH


Rick

johnleeee Mon, 09/10/2007 - 06:17
User Badges:

Rick,


the packet capture in the PIX and ASA is a very helpful feature -it is. And Im looking for something like this to know if my packets go inside/outside one interface and inside/outside other interface.


Any idea?


BR

jl


Richard Burts Mon, 09/10/2007 - 06:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

JL


As I already said the closest solution that I know of for IOS router is debug ip packet. It is not quite the same but it is as close as I know of for IOS.


HTH


Rick

foxbatreco Mon, 09/10/2007 - 06:58
User Badges:
  • Bronze, 100 points or more

Hello,


R u looking at capturing some specific classes of traffic in the router?

u can do so by using the ip nbar protocol-discovery command.

This will capture d traffic for an interface

including b/w consuming once like share ware traffic morpheus,kaaza et al.

U can view d output by sh ip nbar protocol-discovery command with many options to view in finer details like traffic counts etc.

Hope this helps/clarifies u .


Please do rate the post so tht it helps each one of us to give useful/proper outputs .

thnk u.

Actions

This Discussion