I come across some hidden commands that sometimes seems useful and sometimes they're utterly useless or disastrous! well i decided to blog every single hidden command i found, beginning with this one.
debug ip packet detail dump
For the people who use Linux, they might find this command familiar to an extent, because actually, it is the command tcpdump which has been customized to work under IOS
lets see the output of this command when another router is pinging
R1#*Mar 1 01:06:48.815: IP: tableid=0, s=10.1.123.2 (FastEthernet0/0), d=10.1.123.1 (FastEthernet0/0), routed via RIB*Mar 1 01:06:48.815: IP: s=10.1.123.2 (FastEthernet0/0), d=10.1.123.1 (FastEthernet0/0), len 100, rcvd 3*Mar 1 01:06:48.819: ICMP type=8, code=00F402000: C200 1E640000 B..d..0F402010: C2011E64 00000800 45000064 00130000 B..d....E..d....0F402020: FE01B280 0A017B02 0A017B01 080053D9 ~.2...{...{...SY0F402030: 00040000 00000000 003D2A30 ABCDABCD .........=*0+M+M0F402040: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M0F402050: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M0F402060: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M0F402070: ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M
*Mar 1 01:06:48.835: IP: tableid=0, s=10.1.123.1 (local), d=10.1.123.2 (FastEthernet0/0), routed via FIB*Mar 1 01:06:48.835: IP: s=10.1.123.1 (local), d=10.1.123.2 (FastEthernet0/0), len 100, sending*Mar 1 01:06:48.839: ICMP type=0, code=00F402000: C200 1E640000 B..d..0F402010: C2011E64 00000800 45000064 00130000 B..d....E..d....0F402020: FF01B180 0A017B01 0A017B02 00005BD9 ..1...{...{...[Y0F402030: 00040000 00000000 003D2A30 ABCDABCD .........=*0+M+M0F402040: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M0F402050: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M0F402060: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M0F402070: ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M
Here's another telnet packet showing the TCP source/destination ports, packet sequence number, ACKs and TCP window size
*Mar 1 01:19:28.059: IP: tableid=0, s=10.1.123.2 (FastEthernet0/0), d=10.1.123.1 (FastEthernet0/0), routed via RIB
*Mar 1 01:19:28.059: IP: s=10.1.123.2 (FastEthernet0/0), d=10.1.123.1 (FastEthernet0/0), len 40, rcvd 3
*Mar 1 01:19:28.063: TCP src=38274, dst=23, seq=3865343855, ack=3109086096, win=4128 ACK
0F7CBB60: C200 1E640000 B..d..
0F7CBB70: C2011E64 00000800 45C00028 D9400000 B..d....E@.(Y@..
0F7CBB80: FE06D8C9 0A017B02 0A017B01 95820017 ~.XI..{...{.....
0F7CBB90: E664776F B950E390 50101020 05600000 fdwo9Pc.P.. .`..
0F7CBBA0:
*Mar 1 01:19:28.067: IP: tableid=0, s=10.1.123.1 (local), d=10.1.123.2 (FastEthernet0/0), routed via FIB
*Mar 1 01:19:28.071: IP: s=10.1.123.1 (local), d=10.1.123.2 (FastEthernet0/0), len 52, sending
*Mar 1 01:19:28.071: TCP src=23, dst=38274, seq=3109086096, ack=3865343855, win=4119 ACK PSH
The catch here is that the hidden DUMP attribute at the end of the command makes the router print the payload of the packet in HexaDecimal format instead of just showing the headers, which is pretty neat if you really really need to know the content of the packet without using wireshark or any external tools.
I need to digress that debugging IP packets on a router is very dangerous in live networks ( as we all know, don't we ) and i highly suggest the you try it out in a lab environment.
hopefully this would come handy in case you really needed to debug some packets
No comments:
Post a Comment