Debugging TCP traffic

corey.mckinney · ‎11-08-2005

I have an access list as shown:

access-list 199 permit tcp host <ip address> any

What debugging command can I use so that I can see the TCP traffic from this specific list?

Thanks

ankurbhasin · ‎11-08-2005

HI Corey,

Instead of enabling the debugs I think you can add the "log" keyword at the end of the access list and then you can check in the logs what all traffic is hitting this access list.

Also you can try

debug ip packet 199

Regards,

ANKUR

Richard Burts · ‎11-08-2005

Corey

There is an implicit part of the answer by Ankur and I think it helps to make it explicit. If you add the log keyword to the access list, then you also need to apply the access list to appropriate interface(s). And you would need to determine if there is any interaction between this access list and any other access lists that may be applied on any interface.

I believe that you were probably looking for the debug ip packet 199 as Ankur has said. This modifies the debug output and only shows traffic that matches the access list. This can be very effective in reducing the impact of a debug that is potentially very disruptive.

Also if you are telnetted to a router when you do this you will need to do terminal monitor so that you can see the debug output.

HTH

Rick

HTH

Rick