Cisco IOS ICMP – Viewing ICMP Packets on Cisco 2600 IOS

cisco-iosicmp

Does anyone know how to view ICMP packets (ping), if possible, traversing through a Cisco 2600 router, that is, how to use the console connection to the router (the usual for configuration) to display info about those packets, as a sort of 'wireshark lite' protocol analyzer built into it? Or some kind of summary about them.

Hope to have explained it clearly.

Thanks in advance.

Edit:

R1#show version

Cisco IOS Software, C2600 Software (C2600-IPBASEK9-M), Version 12.4(17), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 07-Sep-07 16:04 by prod_rel_team

Best Answer

*DISCLAIMER: Don't run debugs on equipment doing even remotely useful stuff unless you have to *

Also, you've specified console cable which is cool, because debugs normally go to a console session. But if you connect via SSH you won't see debugs until you type

Router1#terminal monitor

As YLearn notes, by default this will only show packets addressed to the router you're debugging. To show transit packets as well, you'll need to run the following on the interfaces you expect the packets to pass through.

R1(config-if)#no ip route-cache

This will switch the packets between the interfaces in software rather than using fast switching / CEF. As such, you should only do it in a test environment because it slows the process of sending and receiving data.

Using image c2600-adventerprisek9-mz.124-15.T14.bin provides some functions that may help, and Cisco's documentation for ping in version 12.1 (first I got in Google) suggests it's been around in general for some time.

Assuming you want to monitor Router1 for pings coming from Router2 and they are at 10.0.0.1 and 10.0.0.2 respectively, you could run

Router1#debug ip icmp

on Router 1 and whenever you send pings over from Router 2, you'll see something like

*Mar  1 00:02:30.530: ICMP: echo reply sent, src 10.0.0.1, dst 10.0.0.2
*Mar  1 00:02:30.622: ICMP: echo reply sent, src 10.0.0.1, dst 10.0.0.2
*Mar  1 00:02:30.674: ICMP: echo reply sent, src 10.0.0.1, dst 10.0.0.2

which simply shows that Router1 replied (so obviously received the pings).

Type

Router1#undebug all

to switch off this particular debug.

If you go with

Router1#debug ip packet

and send some pings over from Router2, you'll see more detail:

*Mar  1 00:15:42.961: IP: tableid=0, s=10.0.0.2 (FastEthernet0/0), d=10.0.0.1 (FastEthernet0/0), routed via RIB
*Mar  1 00:15:42.961: IP: s=10.0.0.2 (FastEthernet0/0), d=10.0.0.1 (FastEthernet0/0), len 100, rcvd 3

Which tells you the source address and interface and the destination address and interface.

Finally, if you go with

Router1#debug ip packet detail

Then each ping will show this:

*Mar  1 00:19:15.069: IP: tableid=0, s=10.0.0.2 (FastEthernet0/0), d=10.0.0.1 (FastEthernet0/0), routed via RIB
*Mar  1 00:19:15.069: IP: s=10.0.0.2 (FastEthernet0/0), d=10.0.0.1 (FastEthernet0/0), len 100, rcvd 3
*Mar  1 00:19:15.073:     ICMP type=8, code=0
*Mar  1 00:19:15.073: IP: tableid=0, s=10.0.0.1 (local), d=10.0.0.2 (FastEthernet0/0), routed via FIB
*Mar  1 00:19:15.073: IP: s=10.0.0.1 (local), d=10.0.0.2 (FastEthernet0/0), len 100, sending
*Mar  1 00:19:15.077:     ICMP type=0, code=0

Which gives you the same details as the previous debug but also tells you the packet was 100 bytes in length, was ICMP and the type - 8 is the actual ping, 0 is the response.

Related Topic