Can anyone tell me how to do packet tracing in IOS to track down what's
going on when a T1 customer is attacking some site out on the net, and is
connected to the same router as our T1s to the net?
I'm looking for something as useful as tcpdump...i.e. if IOS had tcpdump,
the first things I'd check in this case would be
tcpdump -i s1/2 "proto \udp"
tcpdump -i s1/2 "proto \icmp"
I played around with debug ip packet (if 1.2.3/24 were the customer
sourcing the attack)
access-list 199 permit ip 1.2.3.0 0.0.0.255 any log
access-list 199 deny ip any any
exit
term mon
debug ip packet 199 detail
This did give me some log output...but not really what I'd expected and
nothing useful. There's got to be a better way to do this. Is playing
with the ip access-group filters on the interface the only way to go?
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or
Network Administrator | drawn and quartered...whichever
Florida Digital Turnpike | is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____