09-09-2007 11:59 PM - edited 03-05-2019 06:22 PM
Hi all,
Id like to ask how I can capture traffic
in Cisco routers? Something like in Cisco PIX firewalls. It is very nice in Cisco PIXs when I can troubleshoot outgoing and incoming traffic throught some interface of PIX.
Any idea?
BR
jl
09-10-2007 03:05 AM
JL
The packet capture in the PIX and ASA is a very helpful feature. Probably the closest thing on a router would be debug ip packet. This command will capture and display each IP packet that the router processes.
I have 2 cautions about using debug ip packet:
- if you need to capture packets you need to make sure that the router CPU is processing the packet. Therefore you may need to force the appropriate interfaces to process switch. Be aware that this will impact performance of the router.
- the debug ip packet tends to produce a lot of output and can impact performance of the router there are several things that you can do to reduce the impact of this debug:
-- do not send the debug output to the console port. Probably the least impact is sending the output to logging buffered or to terminal monitor.
-- use the debug with an access list to limit the data that it will report. You could do something like this:
access-list 199 permit ip any host 192.168.11.3
access-list 199 permit ip host 192.168.11.3 any
debug ip packet 199
This will display only traffic to and from the host 192.168.11.3
I believe this is as close as the router comes. But note that it is not as effective as the capture on PIX and ASA.
HTH
Rick
09-10-2007 06:17 AM
Rick,
the packet capture in the PIX and ASA is a very helpful feature -it is. And Im looking for something like this to know if my packets go inside/outside one interface and inside/outside other interface.
Any idea?
BR
jl
09-10-2007 06:49 AM
JL
As I already said the closest solution that I know of for IOS router is debug ip packet. It is not quite the same but it is as close as I know of for IOS.
HTH
Rick
09-10-2007 06:58 AM
Hello,
R u looking at capturing some specific classes of traffic in the router?
u can do so by using the ip nbar protocol-discovery command.
This will capture d traffic for an interface
including b/w consuming once like share ware traffic morpheus,kaaza et al.
U can view d output by sh ip nbar protocol-discovery command with many options to view in finer details like traffic counts etc.
Hope this helps/clarifies u .
Please do rate the post so tht it helps each one of us to give useful/proper outputs .
thnk u.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide