From: tan (tan@dia.janis.or.jp)
Date: Thu Feb 20 2003 - 20:44:45 GMT-3
Just a tidbit here outside of the logging issue, if you rely soley on debug
ip icmp to track down a failed ping, you might be mislead. You can't use
debug icmp to see outgoing requests in the case the reply does not come.
Only if the reply comes back do outgoing requests get posted to debug icmp
as well. This is not related to `no ip route-cache`. It is as if the router
says to me, "since no ping reply came back, no bother showing you the
request I sent". I think this is an odd implementation of debug icmp. To
verify this, first do a ping with success, then block ping replies on far
router and ping again and check debup ip icmp. It will be empty. Make sure
your other debugs are off at the time.
To get around this, use debug ip packet detail to see the true picture. Then
you can judge if the request was put onto the wire, or was not because
unroutable or something else. Personally after I discovered this, I stopped
using debug icmp. I only verified this 12.1T so could be t series bug or IOS
specific, but kinda doubt the code for this has changed inside IOS over the
years.
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Ken Matwie
> Sent: Friday, February 21, 2003 1:44 AM
> To: 'ccielab@groupstudy.com'
> Cc: 'Lileikis, Gary'
> Subject: RE: Monitoring ICMP
>
>
> If you want the to - from information you will want to see
> the echo request
> and echo reply packets. You can use the ACL to filter your
> traffic and then
> debug icmp to see exactly what is being sent and received.
> Another option..
>
> -----Original Message-----
> From: Lileikis, Gary [mailto:gary.lileikis@unisys.com]
> Sent: Thursday, February 20, 2003 9:27 AM
> To: Sanfilippo, Ted; 'ccielab@groupstudy.com'
> Subject: RE: Monitoring ICMP
>
>
> Could this be what you are looking for?
>
> R1
> Show run
> ip access-list extended icmplist
> permit icmp any host 150.50.100.4 log
> permit icmp any host 150.50.100.6 log
>
> r1#show access-lists
> Extended IP access list icmplist
> permit icmp any host 150.50.100.4 log (5 matches)
> permit icmp any host 150.50.100.6 log (20 matches)
>
> Cheers...Gary
>
> -----Original Message-----
> From: Sanfilippo, Ted [mailto:Ted.Sanfilippo@PaeTec.com]
> Sent: Thursday, February 20, 2003 9:43 AM
> To: 'ccielab@groupstudy.com'
> Subject: Monitoring ICMP
>
>
> I had a question in a lab scenario that asked to monitor ICMP
> traffic and be
> able to report on how many packets and where they are going.
> The access-list
> needs to be named ICMPLIST. This was on a router that was a multipoint
> connected to two other routers ( R1 in the diagram).
>
>
> R1 -------------- R2
> \
> \
> \
> \
> R3
>
> Any idea on what I can use to monitor this and obtain the information
> stated?
>
>
>
>
> Ted Sanfilippo
>
>
> This communication is intended for the use of the recipient
> to which it is
> addressed, and may contain confidential, personal and or privileged
> information. Please contact us immediately if you are not the intended
> recipient of this communication, and do not copy, distribute,
> or take action
> relying on it. Any communication received in error, or
> subsequent reply,
> should be deleted or destroyed.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:31 GMT-3