-1

I have an old 2800 series router with ios 12.4(10) that I need to monitor traffic on an interface. Issue is the version of ios installed doesn't support traffic capture. I would love to update ios, but I'm not the one running the project. I didn't find any methods on capturing for my version of ios.

My solution was to run tcpdump on the node to the switch. Only problem is, that server doesn't have tcpdump and I cannot install it. Next solution is to compile from source and run tcpdump from usb (proving to be a bit tricky). My next approach is to remotely log into the router, view the traffic, and save to a file. I don't know the command to do that unfortunately and all the commands on the cisco support site are for newer ios versions.

I'm no networking guru and I'm very unfamiliar with ios commands. I need a way to monitor the traffic between the node and the router.

FYI:

When I say monitor, I mean I want to see the header, destination, port, etc. not just a packet accounting.

notorious.no
  • 4,919
  • 3
  • 20
  • 34

2 Answers2

0

I don't think the router can do what you're asking. However if you are using a cisco switch to connect your router to your host, you can mirror (it's called 'Span port' on new switches) a port or a vlan to another port and sniff the data there.

As I don't know your switch model, I can only point you to this cisco doc that lists the config for all of them.

Hope this helps, Alex

Alex
  • 86
  • 4
  • I had read something about mirroring, I just don't have access to the switch. I ended up just installing tcpdump and uninstalling it when I was done. I do appreciate the documentation as it will serve me well in the future. – notorious.no Oct 02 '13 at 13:34
  • Glad the doc was useful. Half the battle of getting a cisco device to do something is finding the right doc. – Alex Oct 04 '13 at 10:57
0

What is the exact model? I thought 2800 should be a router, not a switch. If it is a router, you can use netflow to see IP and ports(but not full header), another option is debug ip packet, however you must be careful not to kill the router by extensive debugging.

ncs
  • 1
  • 1
  • 1
  • 2
  • its a 2821. I thought netflow was discontinued? Besides that I need full headers. How do you debug? – notorious.no Oct 02 '13 at 13:35
  • This configuration turns on the debug ip packet command only for packets between the hosts 10.1.1.1 and 172.16.1.1. R1(config)#access-list 199 permit tcp host 10.1.1.1 host 172.16.1.1 R1(config)#access-list 199 permit tcp host 172.16.1.1 host 10.1.1.1 R1(config)#end R1#debug ip packet 199 detail IP packet debugging is on (detailed) for access list 199 – ncs Oct 03 '13 at 11:35