01-12-2010 09:15 AM - edited 03-11-2019 09:56 AM
Hi all:
I would like to know if there is a tool, command or whatever (not ASDM) in order to know if the FWSM is dropping a packet.
I tried with capture command with the type acl-drop all option but the appliances doesn't show anything even creating an specific access-list that drops my connections.
With the normal capture neither shows if a packet is being dropped, only shows the packet but no more information. Through ASDM is impossible to see nothing with real monitoring o buffer and filtering by my IP, although it must show my dropping packets, it doesn't.
Thanks a lot,
Francisco
01-12-2010 01:10 PM
Francisco,
The FWSM doesn't have a packet tracer feature like the ASA.
Also the ASP drop capture are only for control traffic.
The existing conns packets are processed in hardware so the functionality is not the same and the cpu cannot give you answer with one command.
Your best bet is syslogs at level 7.
I hope it helps.
PK
01-12-2010 07:41 PM
sh np all stats | e : 0
Will give you quite a bit of output. Note the "space" after the ":". If you sent 1000 pings with timeout 0 from a host, you can use the output to see if any counter went up by a thousand.
You can clear the counter by issuing "clear np all stats".
-KS
01-13-2010 07:37 AM
PK, what do you mean with syslog at level 7?.
-KS, there are a huge traffic passing through the FWSM, I tried the command you said but it's very difficult to know if the interesting traffic is being drooped.
Thanks for your replies,
Francisco
01-13-2010 09:21 AM
level 7 is debugging level.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide