Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
933
Views
10
Helpful
7
Replies

capture packets on router

wilson_1234_2
Level 3
Level 3

‎10-07-2007 01:31 PM - edited ‎03-05-2019 06:56 PM

I am trying to determine the source of traffic across a DS3 link.

I have applied an access-list inbound on the serial interface as shown:

access-list 102 permit tcp any any range 1 65535 log

access-list 102 permit udp any any range 1 65535 log

access-list 102 permit ip any any log

apply access-group 102 in s0/0

When viewing the log I am seeing this:

Oct 7 17:01:18.586: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or m

issed 38401 packets

Is there a limit set on the router log buffer?

Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎10-07-2007 11:33 PM

Hi Wilson

You can rate-limit the syslog messages and you can also set the buffer size on the router. Attached is a doc that gives details of both.

http://www.cisco.com/web/about/security/intelligence/acl-logging.html

HTH

Jon

wilson_1234_2
Level 3
Level 3
In response to Jon Marshall

‎10-08-2007 01:45 PM

Thanks jon

0 Helpful

wilson_1234_2
Level 3
Level 3
In response to Jon Marshall

‎10-08-2007 01:52 PM

jon,

Is it possible to use ethereal or wireshark to capture packets passing through the serial interface of a router from a workstation?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to wilson_1234_2

‎10-08-2007 02:34 PM

Richard

Capturing with wireshark (which is the new version of ethereal) works if the PC is connected to a SPAN port of a switch. But I do not believe that you can capture with wireshark for traffic on the serial port of a router.

I am not clear what you are looking for but I wonder if netflow could give you what you are looking for.

HTH

Rick

HTH

Rick

wilson_1234_2
Level 3
Level 3
In response to Richard Burts

‎10-08-2007 05:00 PM

Thanks Rick,

I have no span ports available, the only ones available are being used already on that switch.

I have seen netflow mentioned here before.

Is this something that needs to be purchased from Cisco?

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to wilson_1234_2

‎10-08-2007 05:10 PM

Wilson,

Netflow is an IOS feature that provides statistics on packets flowing through a router. The netflow cache would reveal information about source/destination address, source/destination port #s, protocol type and input interface etc.

http://www.cisco.com/en/US/docs/ios/12_1/switch/configuration/guide/xcdnfov.html

HTH

Sundar

0 Helpful

russ
Level 1
Level 1
In response to wilson_1234_2

‎10-09-2007 03:45 AM

See the "Configuring IP Traffic Export" feature, which captures packets to/from a router WAN or LAN interface and sends them to an analyser or IDS:

http://www.cisco.com/en/US/partner/products/ps6441/products_feature_guide09186a0080780575.html#wp1051294

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card