{"id":969,"date":"2012-04-20T11:56:22","date_gmt":"2012-04-20T01:56:22","guid":{"rendered":"https:\/\/thedragon.kicks-ass.org\/?p=969"},"modified":"2014-07-20T20:12:25","modified_gmt":"2014-07-20T10:12:25","slug":"packet-dump-on-cisco","status":"publish","type":"post","link":"https:\/\/thedragon.kicks-ass.org\/?p=969","title":{"rendered":"Packet dump on Cisco"},"content":{"rendered":"

Finally found a way to dump packets<\/a> on a Cisco Router for tracing.<\/p>\n

Router (config)# logging buffered 15000 (this creates a large enough buffer to look at locally on the router,or you can configure the router to log the ACL matches to a Syslog Server).
\nRouter (config)# access-list 101 permit tcp any gt 0 any gt 0 log
\nRouter (config)# access-list 101 permit udp any gt 0 any gt 0 log
\nRouter (config)# access-list 101 permit icmp any any
\nRouter (config)# access-list 101 permit ip any any log (this entry is a \u00e2\u20ac\u0153catch-all\u00e2\u20ac\u009d)
\nRouter (config)# interface interfaceRouter (config-if)# ip access-group 101 in
\n<\/code><\/p>\n

Look at the log by using the show log command from the exec prompt. You should see IP addresses (source and destination), along with the used TCP or UDP ports (in parentheses):<\/p>\n

One of the issues with the above is rate limiting on access-list’s, another way to trace packets is with debug, while this can be dangous, it can be usefull to. No need to use log in the access list.<\/p>\n

config t
\n!disable CEF
\nno ip cef
\nint f0\/1
\n !disable route cache
\n no ip route-cache
\nend
\ndebug ip packet detail 101<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"

Finally found a way to dump packets on a Cisco Router for tracing. Router (config)# logging buffered 15000 (this creates a large enough buffer to look at locally on the router,or you can configure the router to log the ACL … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[9],"tags":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p20dKL-fD","_links":{"self":[{"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=\/wp\/v2\/posts\/969"}],"collection":[{"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=969"}],"version-history":[{"count":6,"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=\/wp\/v2\/posts\/969\/revisions"}],"predecessor-version":[{"id":1068,"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=\/wp\/v2\/posts\/969\/revisions\/1068"}],"wp:attachment":[{"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedragon.kicks-ass.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}