Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

packet inspect

Hello,

It seems some of our users (maybe all) get intermittent issues when conecting to websites.  For example when I connect to cisco.com or google.com it might take ages but load or fail, if I hit F5 to refresh then it loads immediately.  During this time our internet bandwidth is low and I have even disabled the IPS policies.

I have been asked to do a packet inspection from my PC (192.168.19.11) to cisco.com (84.53.148.170) display the results in the CLI for that communication only, how can I do this?

I guess we want to see there are issues/delay with the syn,syn ack, ack process first then see what happens to the data?

I'm had a look at a couple of articles but looks complicated to me.

1 REPLY
Cisco Employee

Re: packet inspect

check and see if you are inspecting http. "sh run policy-map" output should show you.

The command that you are looking for is this.

sh service-policy flow tcp host 192.168.19.11 host 84.53.148.170 eq 80

You are not using any proxy are you? If so try to eliminate that.

Make sure the interfaces do not show any incrementing erros (sh int | i errors). If so, resolve that first.

-KS

159
Views
0
Helpful
1
Replies
CreatePlease to create content