Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1282
Views
7
Helpful
4
Replies

Capturing traffic in router.

johnleeee
Level 1
Level 1

‎09-09-2007 11:59 PM - edited ‎03-05-2019 06:22 PM

Hi all,

Id like to ask how I can capture traffic

in Cisco routers? Something like in Cisco PIX firewalls. It is very nice in Cisco PIXs when I can troubleshoot outgoing and incoming traffic throught some interface of PIX.

Any idea?

BR

jl

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎09-10-2007 03:05 AM

JL

The packet capture in the PIX and ASA is a very helpful feature. Probably the closest thing on a router would be debug ip packet. This command will capture and display each IP packet that the router processes.

I have 2 cautions about using debug ip packet:

- if you need to capture packets you need to make sure that the router CPU is processing the packet. Therefore you may need to force the appropriate interfaces to process switch. Be aware that this will impact performance of the router.

- the debug ip packet tends to produce a lot of output and can impact performance of the router there are several things that you can do to reduce the impact of this debug:

-- do not send the debug output to the console port. Probably the least impact is sending the output to logging buffered or to terminal monitor.

-- use the debug with an access list to limit the data that it will report. You could do something like this:

access-list 199 permit ip any host 192.168.11.3

access-list 199 permit ip host 192.168.11.3 any

debug ip packet 199

This will display only traffic to and from the host 192.168.11.3

I believe this is as close as the router comes. But note that it is not as effective as the capture on PIX and ASA.

HTH

Rick

HTH

Rick

johnleeee
Level 1
Level 1
In response to Richard Burts

‎09-10-2007 06:17 AM

Rick,

the packet capture in the PIX and ASA is a very helpful feature -it is. And Im looking for something like this to know if my packets go inside/outside one interface and inside/outside other interface.

Any idea?

BR

jl

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to johnleeee

‎09-10-2007 06:49 AM

JL

As I already said the closest solution that I know of for IOS router is debug ip packet. It is not quite the same but it is as close as I know of for IOS.

HTH

Rick

HTH

Rick
0 Helpful

foxbatreco
Level 3
Level 3

‎09-10-2007 06:58 AM

Hello,

R u looking at capturing some specific classes of traffic in the router?

u can do so by using the ip nbar protocol-discovery command.

This will capture d traffic for an interface

including b/w consuming once like share ware traffic morpheus,kaaza et al.

U can view d output by sh ip nbar protocol-discovery command with many options to view in finer details like traffic counts etc.

Hope this helps/clarifies u .

Please do rate the post so tht it helps each one of us to give useful/proper outputs .

thnk u.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card