Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
43928
Views
0
Helpful
6
Replies

Using "debug ip packet detail" to follow ICMP traffic across multiple hops

Jim R
Beginner
Beginner

‎06-07-2011 07:52 AM - edited ‎03-04-2019 12:38 PM

Hi all,

I'm doing a bit of an experiment at the moment tracking an ICMP reply and the route it takes through our lab network however I've come to a bit of a dead end.  If I do a "debug packet ip detail" on our destination router (Where we are trying to ping to) and the router I am using to send the packet I can clearly see three four things:

1) Sending router: The ICMP type 8 message from the sending router

2) Sending router: The packet going out via the next hop router

3) Recieving router: The ICMP type 0 message going out from the recieving router

4) Recieving router: The packet going out via the next hop router.

However what I was expecting to see was some sort of IP traffic on the routers in the middle stating that they were passing on the traffic but alas I don't see anything.

So my question is:

1) Using "debug ip packet detail" should I be able to see ICMP send/replies/associated packets traversing the network including the routers in the middle.

2) If not what command should I be using.

Cisco details ping usage etc on it's site but only shows pinging a host which is the next hop router.  The other examples just show using "debug ip packet detail" to get back information on the packet being dropped as there is no route to the host.

Perhaps someone could fill in the blanks for me?

Many thanks,

Jamie

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Richard Burts
VIP Community Legend VIP Community Legend
VIP Community Legend

‎06-07-2011 09:36 AM

Jamie

I believe that the issue is that debug can only report on what the CPU of the router sees. So the sending router must create the packet using its CPU and debug sees the packet. The receiving router must use its CPU to process the packet and debug can report the packet. But on the routers in the middle they are forwarding the packet (probably using CEF or some efficient forwarding mechanism) without needing their CPU to see the packet. If you really want the middle router to have debug report the traffic you would need to disable CEF (and Fast Switching or any other enhanced forwarding mechanism). If the router in the middle must process switch the packet then its CPU will be used and debug would report the traffic.

HTH

Rick

HTH

Rick
0 Helpful

xthuijs
Cisco Employee
Cisco Employee

‎06-07-2011 10:40 AM

Hey Jamie, only packets that are process switched can be seen with debug ip packet detail.

Intermediate routers (if cisco) will CEF switch (hopefully ) the packet and therefore not print any debug messages.

If you have hardware forwarding routers (such as the ASR1K, C10K etc) then that is another level of forwarding abstraction in which you may not see the packet either with these debug commands .

I believe that if you'd disable ip cef (if your platform/sw version) supports that, which means that packets will get process switched (or fast switched) you might be able to see the debug ip packet.

Be careful doing this as it slows down your router significantly and more then you wish for debugs might show

xander

0 Helpful

Rozsa Illes
Cisco Employee
Cisco Employee