How debug specific port # on interface

Unanswered Question
Aug 13th, 2003
User Badges:

How do I debug for a specific port number on an interface? I've been asked to monitor port 135, to see exactly how much activity there is.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Wed, 08/13/2003 - 17:20
User Badges:
  • Cisco Employee,

You can do this:


> access-list 100 permit tcp any any eq 135

> access-list 100 permit udp any any eq 135

> access-list 100 permit ip any any


> int Serial 0

> description Outside interface

> ip access-group 100 in


This applies ACL 100 inbound on your outside interface, where ACL 100 still allows everything through. You can then just do:


> show access-list 100


to see the counters on the first two lines, this'll tell you how many packets you're seeing.


Of course, it would be smarter to actually deny the first two lines in the ACL rather than permit them as this'll protect you somewhat, and you'll still see the counters increment.


If you want to see exactly where the packets are coming from, you can add the log keyword to the end of the first two ACL lines, then the router will spew out a console message showing you the source and destination every time it sees a packet.

Actions

This Discussion