[nsp] packet tracing

From: Jon Lewis (jlewis@inorganic5.fdt.net)
Date: Thu Jun 25 1998 - 10:22:59 EDT


Can anyone tell me how to do packet tracing in IOS to track down what's
going on when a T1 customer is attacking some site out on the net, and is
connected to the same router as our T1s to the net?

I'm looking for something as useful as tcpdump...i.e. if IOS had tcpdump,
the first things I'd check in this case would be

tcpdump -i s1/2 "proto \udp"
tcpdump -i s1/2 "proto \icmp"

I played around with debug ip packet (if 1.2.3/24 were the customer
sourcing the attack)

        access-list 199 permit ip 1.2.3.0 0.0.0.255 any log
        access-list 199 deny ip any any
        exit
        term mon
        debug ip packet 199 detail

This did give me some log output...but not really what I'd expected and
nothing useful. There's got to be a better way to do this. Is playing
with the ip access-group filters on the interface the only way to go?

------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or
 Network Administrator | drawn and quartered...whichever
 Florida Digital Turnpike | is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____






This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:14 EDT