Solved: Re: debug showing only icmp to console or vty

HayInTheDen81 · ‎04-13-2024

I'm trying to debug and only view ICMP traffic between 2 specific host via ping, but there are so many messages, it's hard to troubleshoot. Is there a way to filter and see only the ICMP traffic between them? I've tried debug ip icmp and using acl(debug ip packet), yet I'm still seeing other traffic such as BGP messages, etc.

MHM Cisco World · ‎04-13-2024

View solution in original post

MHM Cisco World · ‎04-13-2024

Undebug all

Then

Ip access-list extended 100

Permit icmp any any

Then

Debug ip packet 100

Debug ip icmp

Do above and check

MHM

HayInTheDen81 · ‎04-13-2024

I tried it, but I'm still seeing all other traffic such as BGP messages.

MHM Cisco World · ‎04-13-2024

Did you

Undebug all

First

If not then it always show you old debug.

In real network for any troubleshooting you need in end do

Undebug all

MHM

HayInTheDen81 · ‎04-13-2024

Yes, I did. If I had to guess, I'm thinking I'm seeing the ICMP from the debug command you mentioned and all the other traffic, but I need to stop the console from showing non ICMP traffic somehow. I should also mention, if I undebug all, I still see all the log messages.

MHM Cisco World · ‎04-13-2024

bgp log-neighbor-changes <- this config under bgp

Also did you run

Logging monitor or logging console and logging level 7?

MHM

HayInTheDen81 · ‎04-13-2024

I just added bgp log statement to see what would happen. I tried logging monitor 7 and logging console 7 and these messages are still showing up.

MHM Cisco World · ‎04-13-2024

You need to do opposed'

Remove bgp log

And reduce the

Log console/ monitor to level below debug level (level7)

MHM

HayInTheDen81 · ‎04-13-2024

Looks like there are limits to the log filters. It doesn't seem possible to isolate the filtering of logs to just show specific traffic as ICMP. BGP plus many other message types and debug messages seem to be linked to level 7, so there's no way to separate for filtering.

MHM Cisco World · ‎04-13-2024

Let me lab it

Update you tonight

MHM

MHM Cisco World · ‎04-13-2024

HayInTheDen81 · ‎04-13-2024

If you setup bgp on R2 and R1 and give either router the wrong as (i.e., remote-as 101 on R2 even though R1 is 100), you will mostly get a bunch of log messages for bgp plus the icmp traffic you're seeing in this log. I want to be able to see only ICMP traffic without any others messages or errors. I could do a 'show log | i ICMP' or something similar, but I want to see it in real-time.

MHM Cisco World · ‎04-13-2024

Friend I already run bgp between R1 abd R2

Abd as I mention before I use

No bgp log

Under bgp process to prevent bgp generate log

Abd I use

Terminal monitor Command

In R3 (telent to R1) to see real time log of icmp.

I already share log I get in real time

MHM

HayInTheDen81 · ‎04-13-2024

I took a break and came back and checked my config to see how different mine was to your screenshot, and I see that its working now. Not sure what I was doing wrong prior. Thanks for your help.