04-22-2009 11:08 AM - edited 03-04-2019 04:28 AM
This router currently has IOS 12.2. My task is to find out SSH connections from a source ip to a destination ip. I believe ssh port number is 22(correct me if I'm wrong).
The user in the office is using an app that uses SSH connection to connect to a datacenter at another location. So, what command do i use to find out that it actually goes through our office router(6509)?
thanks
04-22-2009 11:53 AM
Hello Lei,
you need to use an extended ACL.
access-list 111 permit tcp host user-ip destination-ip eq 22
then you have two choices
use
debug ip packet det 111
or you apply a modified ACL like
access-list 112 permit tcp host user-ip destination-ip eq 22 log
access-list 112 permit ip any any
applied on the SVI where the user is:
int Vlan X
ip access-group 112
in the same way you can think to analyze the return path.
ACLs for return path have to be like
access-list 113 permit tcp host server-addr eq 22 host user-ip-addr
don't use the debug without the ACL.
verify the ACL numbers you use are not already present in the device.
Hope to help
Giuseppe
04-22-2009 12:13 PM
I recommend enabling NetFlow.
HTH,
__
Edison.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: