I would think every decent telnet server is capable of logging the incoming
requests. Anyway, comments inline.
At 07:38 PM 7/17/2003 +0000, [EMAIL PROTECTED] wrote:
>I have a strange request: I need to find out who's telnetting to a remote
>host. I don't have sniffer on the remote site so I'm thinking using debug to
>get this information.
>
>I created an access-list 100 permit tcp any host 1.1.1.1 eq 23 log,
> then debug ip packet detail 100.
You don't need the 'log' keyword if you use the access list for debugging.
However, such debugging is fairly challenging if you are running CEF or
maybe even with fast-switching, as then the packets won't touch the code
where debugging is happening. If you are not afraid of killing the router,
then force it to do process switching and I am sure you will see the packets.
A better solution would be however to apply the access list (with the log
keyword!) to the interface using the 'access-group' command. Then you will
see things like
list 100 permitted tcp -> , 1 packet
in the log.
> I expect to see source IP addresses. But I don't see
>nothing. If I add access-list 100 permit ip any any as 2nd line, I start
>seeing all the output but it's so much that killed the router.
:)))
Thanks,
Zsombor
>What's wrong with my access-list?
>
>Thank you.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72523&t=72505
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
