[c-nsp] tcpdump on ios?

Kim Onnel karim.adel at gmail.com
Sun Jan 13 06:16:44 EST 2008 

Have you taken a look at IOS XR ? it has stuff similar to the commit and
rollback and more.

Regards,
Kim

On Jan 13, 2008 10:23 AM, Masood Ahmad Shah <masood at nexlinx.net.pk> wrote:

> Well, All in all Cisco needs to improve packet sniffing tools on their
> platforms. What would you do if you come from juniper and used to use
>
> jahil at jahil> monitor traffic detail interface em0 no-resolve print-ascii
>
> Address resolution is OFF.
> Listening on em0, capture size 1514 bytes
>
> 12:58:43.311620  In IP (tos 0x0, ttl 128, id 25379, offset 0, flags
> [none],
> proto: UDP (17), length: 78) 192.168.10.101.137 > 192.168.10.255.137: UDP,
> length 50
> 0x0000   ffff ffff ffff 0050 da36 e12f 0800 4500        .......P.6./..E.
> 0x0010   004e 6323 0000 8011 40c7 c0a8 0a65 c0a8        .Nc#.... at ....e..
> 0x0020   0aff 0089 0089 003a ec0a fc36 0110 0001        .......:...6....
> 0x0030   0000 0000 0000 2044 4244 4a44 4343 4f44        .......DBDJDCCOD
> 0x0040   4244 4744 4943 4f44 4244 4143 4f44 4244        BDGDICODBDACODBD
> 0x0050   4144 4443 4143 4100 0020 0001                  ADDCACA.....
>
>
> I strongly suggest an integrated tool to debug IP payloads (like tcpdump).
> They also need to work on dependencies and only platform specific
> features,
> why the heck I need to disable something to get another thing or I need to
> buy a new router just for a feature :)
>
> Also I suggest a feature such as "commit" and "rollback n" can really make
> backing out of changes a no brainer.
>
> Regards,
> Masood Ahmad Shah
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aamer Akhter
> (aakhter)
> Sent: Sunday, January 13, 2008 1:31 AM
> To: Saku Ytti; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] tcpdump on ios?
>
> Hi Folks,
>
> It really depends on what the intent is. If the intent is to track flows
> transiting the router, then these debug commands are (IMHO) not the best
> way. Eg, a problem with debug cef is going to be not all packets are CEF
> switched (eg PBR, MPLS). These are really meant to troubleshoot the
> specific
> switching/forwarding system(s)
>
> I think the original poster was looking for only tracking of flows, not
> interested in payload gathering etc (so the tcpdump in the subject line
> might be conveying more than actually required). For that purpose, NetFlow
> should suffice.
>
> For specifically creating pcap files on the router, IP router traffic
> export
> (RTE) has been mentioned. RTE can create pcap files on a remote tftp or
> locally (disk,usb etc). The limitation there is that it is only available
> on
> certain platforms and there it only captures TCP traffic. I'm trying to
> help
> prioritize the case for supporting non-TCP traffic so if there is solid
> interest please drop me an email.
>
> SPAN and lawful intercept (LI) are also options providing you're on the
> right platform and an image that has LI.
>
> Regards,
>
> --
> Aamer Akhter / aa at cisco.com
> Ent & Commercial Systems, cisco Systems
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Saku Ytti
> > Sent: Saturday, January 12, 2008 1:30 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] tcpdump on ios?
> >
> > On (2008-01-12 10:42 -0500), Luan Nguyen wrote:
> >
> > > But on a simple router, to track down a problem for a few seconds...
> > > no logging console
> > > logging buffer xxxx debugging
> > > no ip route-cache on interfaces
> > > access-list to match or set interface condition
> > > debug ip packet detail <access-list> (dump).
> > >
> > > would do fine?
> >
> > Since new CEF code in 12.2S, in software platforms using CEF
> > for switching you can debug CEF switched packets virtually
> > for free (as well as mirror, which was already mentioned
> > in the thread earlier). Debugging is not surprisingly 'debug ip cef
> > packet
> > ..'.
> >
> > Thanks,
> > --
> >   ++ytti
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list