10-07-2007 01:31 PM - edited 03-05-2019 06:56 PM
I am trying to determine the source of traffic across a DS3 link.
I have applied an access-list inbound on the serial interface as shown:
access-list 102 permit tcp any any range 1 65535 log
access-list 102 permit udp any any range 1 65535 log
access-list 102 permit ip any any log
apply access-group 102 in s0/0
When viewing the log I am seeing this:
Oct 7 17:01:18.586: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or m
issed 38401 packets
Is there a limit set on the router log buffer?
10-07-2007 11:33 PM
Hi Wilson
You can rate-limit the syslog messages and you can also set the buffer size on the router. Attached is a doc that gives details of both.
http://www.cisco.com/web/about/security/intelligence/acl-logging.html
HTH
Jon
10-08-2007 01:45 PM
Thanks jon
10-08-2007 01:52 PM
jon,
Is it possible to use ethereal or wireshark to capture packets passing through the serial interface of a router from a workstation?
10-08-2007 02:34 PM
Richard
Capturing with wireshark (which is the new version of ethereal) works if the PC is connected to a SPAN port of a switch. But I do not believe that you can capture with wireshark for traffic on the serial port of a router.
I am not clear what you are looking for but I wonder if netflow could give you what you are looking for.
HTH
Rick
10-08-2007 05:00 PM
Thanks Rick,
I have no span ports available, the only ones available are being used already on that switch.
I have seen netflow mentioned here before.
Is this something that needs to be purchased from Cisco?
10-08-2007 05:10 PM
Wilson,
Netflow is an IOS feature that provides statistics on packets flowing through a router. The netflow cache would reveal information about source/destination address, source/destination port #s, protocol type and input interface etc.
http://www.cisco.com/en/US/docs/ios/12_1/switch/configuration/guide/xcdnfov.html
HTH
Sundar
10-09-2007 03:45 AM
See the "Configuring IP Traffic Export" feature, which captures packets to/from a router WAN or LAN interface and sends them to an analyser or IDS:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide