Capture packets on router

Unanswered Question
Oct 7th, 2007

I am trying to determine the source of traffic across a DS3 link.

I have applied an access-list inbound on the serial interface as shown:

access-list 102 permit tcp any any range 1 65535 log

access-list 102 permit udp any any range 1 65535 log

access-list 102 permit ip any any log

apply access-group 102 in s0/0

When viewing the log I am seeing this:

Oct 7 17:01:18.586: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 38401 packets

Is there a limit set on the router log buffer?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
lgijssel Sun, 10/07/2007 - 21:34

Using an acl with log like this is drawing heavy on the CPU because there are many cycles involved in handling a packet. Your DS3 will handle a lot more traffic than the CPU can handle. In this case I presume that subsequent packets are by-passed in one way or another and listed as "missed" i.e. not processed by the acl/logger.

It would be better to attempt to capture the traffic with an packet analyzer (wireshark) and get your information that way.



wilson_1234_2 Mon, 10/08/2007 - 13:53

Thanks for the reply,

Is it possible to use ethereal or wireshark to capture packets passing through the serial interface of a router from a workstation?

Edison Ortiz Mon, 10/08/2007 - 14:22

Any packet traversing the DS3 will go via the router's LAN interface, correct ?

If that's the case, SPAN the port where this LAN interface is connected with destination towards the workstation running Ethereal.


wilson_1234_2 Mon, 10/08/2007 - 17:01

Thanks for the reply.

I have no more configurable SPAN ports available for that switch, they are being used already.


This Discussion