Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How I can monitoring all traffic on interface serial
- Thread starter loso1133
- Start date
You're looking for the debug command. If you want lots of output, you can just do "debug all" and that will show you just about everything the router's doing, on a busy router, this will easily overwhelm your console connection, so you'll probably want to narrow it down. Generally, to see all packets, you can do a "debug ip packet", you can add an access list number to this command, to see only those packets that match an access list. To specifically see packets on the serial interface, do a "debug serial packet".
Use the "?" in the middle of typing the command to see what other options you might have.
Hope this helps.
Use the "?" in the middle of typing the command to see what other options you might have.
Hope this helps.
if your setup is
router
serial--ethernet----->restofnetwork
then try this
router
serial--ethernet--->hubwith()pcattached--->restofnetwork
download a copy of winpcap, windump, and ethereal, and set it up to sniff traffic in promiscous mode (on the pcattached to the hub.
the debug commands will kill your router espescially if it is doing processs switching
--or--
download a copy of kiwi syslog server and modify your in-bound acls to 'log-input'
send logging trap level to 6 on your router
this will log everything to your 'c:\windows\program files\syslogd\syslogcatchall.txt file
beware that this file will get tremendously large
router
serial--ethernet----->restofnetwork
then try this
router
serial--ethernet--->hubwith()pcattached--->restofnetwork
download a copy of winpcap, windump, and ethereal, and set it up to sniff traffic in promiscous mode (on the pcattached to the hub.
the debug commands will kill your router espescially if it is doing processs switching
--or--
download a copy of kiwi syslog server and modify your in-bound acls to 'log-input'
send logging trap level to 6 on your router
this will log everything to your 'c:\windows\program files\syslogd\syslogcatchall.txt file
beware that this file will get tremendously large
you can also set your switches ethernet port to log all traffic coming through the uplink port to your router. this is referred to as a span port or "switch port analyzer" according to cisco, some companies call it a monitoring port. Needless to say what it does is rewrite all traffic passing across one switch port to another (admin specified) port where a device such as a packetsniffer ethereal windump etc is located would listen for traffic. i would recommend commview. you can download it from search for commview. the eval is 30 days or so and its only 99 bucks to buy. it lets you set rules and all. the eval only catches half the packets but is detailed enough that i was able to read pop3 email messages in my network and see clear text password without purchasing it. anyways try it out. on a cisco 2980G catalyst switch the command is
set span mod/port mod/port (the first mod/port being the source port that you want info copied from and the second being the destination port you want info copied to, ie the sniffer port where the commview station resides)
set span 3/5 4/5
causes switch to copy all info from 3/5 to 4/5
have fun
set span mod/port mod/port (the first mod/port being the source port that you want info copied from and the second being the destination port you want info copied to, ie the sniffer port where the commview station resides)
set span 3/5 4/5
causes switch to copy all info from 3/5 to 4/5
have fun
- Status
Similar threads
- Locked
- Question
- Locked
- Question