RE: debug commands [7:62107]
Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62110t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: debug commands [7:62107]
I see, so if I want to debug for certain tcp protocols can I use extended access-lists? Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62111t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: debug commands [7:62107]
Right. using debug IP packet is nice because you can use an ACL to narrow down the protocol and/or host(s) that you want to debug. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62112t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
You are correct. Very nice feature eh? -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] I see, so if I want to debug for certain tcp protocols can I use extended access-lists? Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62114t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: debug commands [7:62107]
nice, not as nice as tcpdump, but nice ;-) Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You are correct. Very nice feature eh? -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] I see, so if I want to debug for certain tcp protocols can I use extended access-lists? Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62115t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
logging on logging buffered informational Access-list 101 permit ip 10.10.10.1 0.0.0.0 any log access-list 101 permit ip any any Apply that ACL to an interface in the direction traffic will be flowing and when that host traverses the Router you can do a show log and it should have created an entry. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62118t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
You really don't get an idea of how fantastic Cisco until you work with other products. We have several Enterasys routers here and they are very limited in what they can do as compared to IOS. I have used the debug packet acl command and it really makes life easier. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:36 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] nice, not as nice as tcpdump, but nice ;-) Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You are correct. Very nice feature eh? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62120t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
Watch the CPU utilization on the Cisco router, though. Turning a router into a sniffer seems like a really bad idea to me. Plus the output isn't very detailed and isn't in English. I recommend a real analyzer. Ethereal is free. Priscilla Maccubbin, Duncan wrote: You really don't get an idea of how fantastic Cisco until you work with other products. We have several Enterasys routers here and they are very limited in what they can do as compared to IOS. I have used the debug packet acl command and it really makes life easier. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:36 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] nice, not as nice as tcpdump, but nice ;-) Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You are correct. Very nice feature eh? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62128t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
Hi Yes you have to configure an access-list that allows only this particular host. Then - debug ip packets (access-list X) Make sure you have configured no logging console on your router in advance. This way you don't risk to crash the router so easily. If you only want to see what traffic that this host generates you can also configure ip accounting on the outbound interface. see you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62133t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]