How do I capture packets on 3825 Router

vitomacdoc · ‎10-01-2007

Hello, newbie here.

I need to create ACL's for my 3825 router, but I do not know which packets are coming through. I need to allow some arbitrary packets in the upper ranges, but I do not know what ports they are coming through.

I tried to use the "capture" command on my router, but it does not seem to exist.

Any ideas? Any help is appreciated.

Thanx

Richard Burts · ‎10-01-2007

Vito

One way to get this information is to configure an access list which permits traffic and uses the log parameter to write a information about the packet into syslog. If you do:

access-list 101 permit ip any any log

and apply access-group 101 (in or out) to an interface you will see the source and destination addresses but not TCP or UDP ports

or you could do this:

access-list 102 permit tcp any any range 1 65535 log

access-list 102 permit udp any any rante 1 65535 log

access-list 102 permit ip any any log

and apply access-group 102 (in or out) to the interface to see tcp and udp port numbers.

HTH

Rick

HTH

Rick

vitomacdoc · ‎10-04-2007

Thank you for the information.

I wrote a list that seperates the log into 10,000s ( gt 60000 log, gt 50000 log, etc)

But will your tip tell me the exact ports, or just the ranges?

Thank you again.

Richard Burts · ‎10-05-2007

Vito

In my suggestion the log messages will have the exact port number that was in the packet and not just the range.

The key concept to understand here is that is you just do some thing like permit ip any any or even permit tcp any any then the log records will show zero in the port number. The log record can not show the actual port if the access list is not looking for port numbers. The reason to use the range (or to use gt) is to get the access list to examine the port number which will allow it to report the port number.

HTH

Rick

HTH

Rick