cisco 2651XM router
I have a mail-and-web server set at 192.168.0.6 connected to fa0/0 on my router and I want to monitor all traffic in and out of the server. The best debug config I've found so far for this is:
access-list 106 permit ip any host 192.168.0.6
access-list 106 permit ip host 192.168.0.6 any
no ip route-cache (on fa0/0)
debug ip packet 106
but this doesn't show mail traffic. I do see some activity in the form of outside ip's probing the server but when I send or receive mail I should see activity in the debug but there's nothing. Is there a better way to capture ALL traffic to and from this ip address? Thanks for any help.
monitor session 1 source interface f0/1/1 rx
monitor session 1 destination interface f0/1/2
The most likely reason you are not seeing the traffic in your debug is that you will need to do 'no ip route-cache' on your other interfaces as well. The switching process for a packet will pretty much be determined by what switching type you have configured on your source interface. So with 'no ip route-cache' on your f0/0 you will only process switch packets which are entering f0/0.
However this is not goo practice for your network. You should be using another feature that does not cause of your traffic to be process switched. What information do you need about this traffic?
You could try 'ip source-track 192.168.0.6 - this will give you information on what is accessing your server using 'show ip source-track'
You could use 'ip accounting' under each inteface and then 'show ip accounting'
Or you can think about Netflow.
But again it all depends on what you want to view about this traffic.