If you want to see packets that are actually going through the router you
can use the "debug ip packet" command with the dump option. The dump option
is hidden and use it at your own risk. You'll also need to disable any route
caching that the router maybe doing. If you don't you'll only see packets
that are process switched. Remember turning off route caching can create
high CPU utilization.
In a production environment you should never use the debug ip packet command
without using an access-list with it.
Well it may not be a real Sniffer but it's better than nothing if it's all
you have ;)
Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640
5G Networks, Inc.
[EMAIL PROTECTED]
(925) 260-2724
R1(config)#access-list 150 permit icmp any any
R1(config)#^Z
R1#deb ip pack 150 dump
IP packet debugging is on (dump) for access list 150
R1#
IP: s=172.16.1.50 (local), d=172.16.1.4 (Ethernet0), len 74, sending
04015510: 0000 0C3D9FCA 00609771 ...=.J.`.q
04015520: 5B930800 4500003C 1CBF0000 FF0144AB [...E..
R1#
IP: s=172.16.1.50 (local), d=172.16.1.4 (Ethernet0), len 74, sending
0401C740: 0000 ..
0401C750: 0C3D9FCA 00609771 5B930800 4500003C .=.J.`.q[...E.. -----Original
Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Priscilla Oppenheimer
> Sent: Friday, May 18, 2001 1:17 PM
> To: [EMAIL PROTECTED]
> Subject: Re: debug command [7:4966]
>
>
> My guess it that the "debug ip udp" command will let you look at UDP
> packets generated by the router but not UDP packets forwarded by the
> router. You wouldn't want to slow down the router and ask it to
> look above
> the IP layer to see if it's a UDP packet and then display it on
> the console
> if it were.
>
> Try generating DNS queries from the router.
>
> And get a Sniffer! The router isn't a protocol analyzer. ;-)
>
> Priscilla
>
> At 06:47 AM 5/18/01, Dwayne Saunders wrote:
> >Hi all,
> > this might be a stupid question but when you use the
> debug ip udp
> on
> >a rsm blade of a catalyst 5500 what output would you expect to
> see. dns on
> >one side mail server on the other.
> >
> >I am getting no output at all when I do a domain lookup from the
> mail server
> >to the dns is this correct or am I meant to see that traffic log to the
> >console
> >
> >D'Wayne Saunders
> >CCNA
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
> ________________________
>
> Priscilla Oppenheimer
> http://www.priscilla.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5096&t=4966
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
