Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1441
Views
0
Helpful
4
Replies

Debug traffic ???

huangxiao
Level 1
Level 1

‎02-02-2003 02:32 PM - edited ‎03-02-2019 04:44 AM

Can I use debug command to debug a fraffic of a port on cisco 3620 ?

sach as 80 WWW

If can ,please let me know ...thanks a lot...

Labels:
0 Helpful
4 Replies 4

a.manosca
Level 4
Level 4

‎02-02-2003 05:38 PM

If your purpose to debug the traffic is for troubleshooting ONLY,

you can try using an extended access-list with debug.

Using the debug, you may need to disable fast-switching

in an interface. The following config should only be used temporarily

because it will only permit TCP port 80 coming IN or going OUT the

router (depending on your implementation).

All other traffic will be DENIED.

access-list 100 permit tcp any any eq www

interface XXX

ip access-group 100 in (or out)

router#debug ip packet 100

Debugging ip packets may generate so much information

that may render the router unusable. Handle debugs with

great care.

Hope this helps.

0 Helpful

huangxiao
Level 1
Level 1
In response to a.manosca

‎02-02-2003 09:15 PM

Thank you for your answer

but I want to know why disable fast-switching? And not only for Troubleshooting only but also for security reason...

thanks again...

0 Helpful

Erick Bergquist
Level 6
Level 6
In response to huangxiao

‎02-02-2003 09:54 PM

The access-list and access-group in the reply above will only allow TCP port 80 traffic in that interface. *All* other traffic will be dropped.

If you want to see whats coming on port 80 you could apply a similiar ACL with the log-input option to log it to the log for a few minutes.

example:

access-list 101 permit tcp any any eq 80 log-input

access-list 101 permit ip any any

interface

ip access-group 101 in

You could also debug the traffic without applying the Access-list to the interface.

to do this do:

under config: access-list 101 permit tcp any any eq 80

term mon

u all

debug interface s0/0

debug ip packet 101

this narrows the debugs to the s0/0 interface and only for tcp port 80 traffic

Type 'u all' to end the debug. Be ready to enter this, or hit up arrow 3 times to get the u all entered before the debug commands just incase there is a flood of traffic that overwhelms the console/telnet output and possibly the router. After doing a u all the debug may scroll by for awhile because it's buffered up...

The reason you want to disable fast-switching is because the first packet gets process-switched by CPU and then a cache entry is made and rest of flow is fast-switched. debug traffic only shows process-switched traffic.

0 Helpful

7rbowenii
Level 3
Level 3
In response to Erick Bergquist

‎02-03-2003 11:27 AM

Be very careful with the debug command, it may make your router unresponsive and require a reboot to clear. I would recommend using the logging function of your acl. Also, you may want to point your logging to a server/client to make sure you get everything. Otherwise, you may only get a couple minutes with the router's log.

-Bo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents