Jul.08, 2010, under Networks
If you are working on a Cisco, it can be very useful to see details of the traffic going through it. Occasionally you can use a mirrored (SPAN) port to do this, but if you have exotic interfaces or are using Dynamips this can be more difficult. The “debug ip packet” command will dump packet information straight into your terminal. Occasionally though you will have traffic going through the device but no output shows up in the debug, whats that all about?
Well actually there are a couple of gotchas to bear in mind when doing this. The first is easy and you’ll probably be hitting yourself – if you are in a vty session (eg you are connected via telnet or ssh) you don’t see the console messages by default. Use the terminal monitor command to view the debug messages:
The second issue is a bit less obvious (unless you’ve read the command description carefully). Only packets which are process-switched are included in the debug – this makes sense if you think about it because unless they are process switched the CPU never sees them. To see the traffic in your debug you need to somehow disable CEF which can be done globally or on a per interface basis:
Router(config)#no ip cef Router(config)#int fa 0/0 Router(config-if)#no ip route-cache
If you do it on a per interface basis you need to do it on both the ingress and egress port of the traffic you want to capture, otherwise you will only see it in one direction.
As a final warning, think very carefully before disabling CEF on a production router! You could very easily overload the processor and crash the router.