10-13-2006 03:22 AM - edited 03-09-2019 04:30 PM
is there a way to debug certain traffic ? eg one host to another.
in IOS you can write an acl and debug against it. just wondering if theres a pix equiv.
10-13-2006 12:13 PM
Paul,
Yes, this is possible on the pix but depends on the version of code that you are running.
"debug packet if_name [src source_ip [netmask mask]] [dst dest_ip [netmask mask]]
[[proto icmp] | [proto tcp [sport src_port] [dport dest_port]]"
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008008d079.html#1025038
For example, refer the below URL where the debug command is used.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009402f.shtml
"debug packet outside dst 192.213.22.5 proto tcp dport 80 bot"
Let me know if it helps.
Regards,
Arul
10-17-2006 03:04 AM
Arul .. thanks for your reply. I am running 7.2 s/w which seems to no longer have the 'debug packet' option.
i found this http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063b408.html#wp1063796
which helps a little, but does'nt really tell me how to filter to the console. maybe my only answer is to use syslog.
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
