Guest

Cisco CSS 11000 Series Content Services Switches

Packet Tracing on the CSS 11000

Document ID: 6400

Updated: May 04, 2004

   Print

Introduction

The WebNS software on the Cisco Content Services Switch (CSS) has some very powerful debugging capabilities. Using these features is considered very risky, as there is a high probability you will cause your system to crash. Nevertheless, these features are very useful.

This document will show you how to get packet trace on the CSS that is similar to debug ip packet detail output from a Cisco IOS® software based router. Note that great care must be taken in selecting the traffic you wish to trace so that the debugging output is not so severe as to impact the CSS. This is the reason these procedures are not recommended on production equipment.

Before You Begin

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites

There are no specific prerequisites for this document.

Components Used

The information in this document is based on all Cisco CSS 11000 series content services switches and Cisco WebNS Software Release 2.0 and later.

Commands

Command Description
config Edit your configuration.
show line Find which console/vty you are connected to.
logging line (console|vty?)� Show the packet trace on which console/vty.
llama (or <esc>x) Enter debug mode.
flow trace-ip Specify which traffic you want to view.
flow options What level of detail to you wish to see.
flow active-list� What flows are active on the box.

This document does not intend to provide any interpretation for the data displayed other than the narrative included below. The meaning of the parameters displayed may not be obvious. And the naming of the parameters in the output may not be accurate. This output is intended for product development, and engineering troubleshooting.

Now that you have a list of the commands, remember that the ? character is your friend. Use it when you are unsure of the parameters a specific command might take. Be careful because some commands in the debug mode may cause unpredictable results.

Note: Before issuing debug commands, please see Important Information on Debug Commands.

Example

The normal text is an actual log of the session. The text in blue is a narrative.

Press any key to log in...

User Access Verification


!--- These commands should work for all versions of WebNS, 
!--- however, pay attention to what version you are using.

Username:admin
Password:
CSS11800# version
Version:�������������� ap0500005s (5.00 Build 5)
Flash (Locked):������� 3.10 Build 46
Flash (Operational):�� 5.00 Build 5
Type:����������������� PRIMARY
Licensed Cmd Set(s):�� Standard Feature Set�
���������������������� Enhanced Feature Set
���������������������� Proximity Data Base
���������������������� SSH Server

!-- The configuration is shown below.

CSS11800# show run
!Generated on 10/25/2001 18:06:04
!Active version: ap0500005s

configure


!*************************** GLOBAL ***************************
� snmp community private read-write�
� snmp name "css800-1"�

� logging host 10.1.1.1 facility 0�

!--- The netman subsystem does not need to be set to debug.

� logging subsystem netman level debug-7�

� ip route 0.0.0.0 0.0.0.0 172.17.63.193 1�

!************************* INTERFACE *************************
interface� 1/1
� bridge vlan 2�

!************************** CIRCUIT **************************
circuit VLAN1

� ip address 172.17.63.194 255.255.255.192�
!************************** SERVICE **************************

!--- This is the server (on a remote network).

service steve 
  keepalive type none 
  ip address 209.165.202.129
  active 

!*************************** OWNER ***************************
owner knox 

  content steve 
    advanced-balance sticky-srcip 
    vip address 172.17.63.195 
    add service steve 
    active 

!*************************** GROUP ***************************


!--- This is here to do NAT on the source address, 
!--- before the packets are sent off to the server.

group steve 
  vip address 172.17.63.195 
  add destination service steve 
  active 

CSS11800# config


!--- Determine what line you are using. The "*" marks your terminal.

CSS11800(config)# show line
   Line       User            Login            Idle             Location
   ----       ----            -----            ----             --------
 * console   admin            0 days 00:00:49  0 days 00:00:00  local          


!--- Send the debug info to the screen.

CSS11800(config)# logging line console

!--- Get into debug mode by using escape-x.

CSS11800(config)# llama

!--- Only look at packets to or from one IP address.

CSS11800(debug)# flow trace-ip 172.17.63.195


!--- Turn on the packet trace. Type a ? here, and add the 
!--- HEX values together.  Try the options until you like what you see.





CSS11800(debug)# flow options 0x103

!--- No flows yet.

CSS11800(debug)# flow active-list

-------- -------------- ----- -------------- ----- -- -------- -------- --------
Flow ID  Src IP         SPort Dst IP         DPort Pr IgrsPort EgrsPort Flow flg
-------- -------------- ----- -------------- ----- -- -------- -------- --------

Total Active flows are 0

CSS11800(debug)# 


!--- FTP(port 20) SYN from port 3783 between the client and the VIP.

OCT 26 11:23:16 9/1 80 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 SYN 


!--- FTP(port 20) SYN from port 22507 between the CSS and the server. 



!--- Note the translation of both source and dest addresses, and the source port.

OCT 26 11:23:16 9/1 81 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 SYN 


!--- The server is "ACKing" the SYN.

OCT 26 11:23:16 9/1 82 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 SYN ACK 

!--- The same ACK after being processed by the CSS.

OCT 26 11:23:16 9/1 83 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 SYN ACK 
OCT 26 11:23:16 9/1 84 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 ACK 
OCT 26 11:23:16 9/1 85 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 ACK 
OCT 26 11:23:16 9/1 86 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 PUSH ACK 
OCT 26 11:23:16 9/1 87 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 PUSH ACK 
OCT 26 11:23:16 9/1 88 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 ACK 
OCT 26 11:23:16 9/1 89 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 ACK 
OCT 26 11:23:19 9/1 90 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 PUSH ACK 
OCT 26 11:23:19 9/1 91 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 PUSH ACK 
OCT 26 11:23:19 9/1 92 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 ACK 
OCT 26 11:23:19 9/1 93 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 ACK 
OCT 26 11:23:19 9/1 94 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 PUSH ACK 
OCT 26 11:23:19 9/1 95 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 PUSH ACK 
OCT 26 11:23:19 9/1 96 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 ACK 
OCT 26 11:23:19 9/1 97 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 ACK 
OCT 26 11:23:22 9/1 98 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 PUSH ACK 
OCT 26 11:23:22 9/1 99 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 PUSH ACK 
OCT 26 11:23:22 9/1 100 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 ACK 
OCT 26 11:23:22 9/1 101 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 ACK 
OCT 26 11:23:22 9/1 102 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 PUSH ACK 
OCT 26 11:23:22 9/1 103 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 PUSH ACK 
OCT 26 11:23:22 9/1 104 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 ACK 
OCT 26 11:23:22 9/1 105 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 ACK 
OCT 26 11:23:38 9/1 106 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 PUSH ACK 
OCT 26 11:23:38 9/1 107 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129 21 PUSH ACK 
OCT 26 11:23:38 9/1 108 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 PUSH ACK 
OCT 26 11:23:38 9/1 109 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 PUSH ACK 
OCT 26 11:23:38 9/1 110 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 PUSH ACK 
OCT 26 11:23:38 9/1 111 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 PUSH ACK 

!--- The FTP-DATA stream being established.

OCT 26 11:23:38 6/1 112 FLOWMGR-4: TCP in 209.165.202.129:20->172.17.63.195:22508 SYN 
OCT 26 11:23:38 6/1 113 FLOWMGR-4: TCP out 172.17.63.195:20->192.168.1.1:1036 SYN 
OCT 26 11:23:38 9/1 114 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 PUSH ACK 
OCT 26 11:23:38 9/1 115 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 PUSH ACK 
OCT 26 11:23:38 9/1 116 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 ACK 
OCT 26 11:23:38 9/1 117 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 ACK 
OCT 26 11:23:42 9/1 118 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 ACK 
OCT 26 11:23:42 9/1 119 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 ACK 
OCT 26 11:23:42 9/1 120 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 ACK 
OCT 26 11:23:43 9/1 121 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 ACK 
OCT 26 11:23:43 9/1 122 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 PUSH ACK 
OCT 26 11:23:43 9/1 123 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 PUSH ACK 
OCT 26 11:23:43 9/1 124 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 ACK 
OCT 26 11:23:43 9/1 125 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 ACK 

!--- Review the flows before you end the connection. 
!--- The flow on port 20 is already gone.

CSS11800(debug)# flow active-list

-------- -------------- ----- -------------- ----- -- -------- -------- --------
Flow ID  Src IP         SPort Dst IP         DPort Pr IgrsPort EgrsPort Flow flg
-------- -------------- ----- -------------- ----- -- -------- -------- --------
9503ffee 209.165.202.129   21 172.17.63.195  22507  6 04001f00 04001f00 aa2a0a00
9503fff0 192.168.1.1     1035 172.17.63.195     21  6 04001f00 04001f00 aa2a0a00

Total Active flows are 2

OCT 26 11:24:17 9/1 126 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 PUSH ACK 
OCT 26 11:24:17 9/1 127 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 PUSH ACK 
OCT 26 11:24:17 9/1 128 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 PUSH ACK 
OCT 26 11:24:17 9/1 129 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 PUSH ACK 

!--- The TCP session is closed out.

OCT 26 11:24:17 9/1 130 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 FIN ACK 
OCT 26 11:24:17 9/1 131 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 FIN ACK 
OCT 26 11:24:17 9/1 132 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 ACK 
OCT 26 11:24:17 9/1 133 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 ACK 
OCT 26 11:24:17 9/1 134 FLOWMGR-4: TCP in 192.168.1.1:1035->172.17.63.195:21 FIN ACK 
OCT 26 11:24:17 9/1 135 FLOWMGR-4: TCP out 172.17.63.195:22507->209.165.202.129:21 FIN ACK 
OCT 26 11:24:17 9/1 136 FLOWMGR-4: TCP in 209.165.202.129:21->172.17.63.195:22507 ACK 
OCT 26 11:24:17 9/1 137 FLOWMGR-4: TCP out 172.17.63.195:21->192.168.1.1:1035 ACK
Now lets turn off the debugs.
CSS11800(debug)# flow options 0x0 
CSS11800(debug)# flow trace-ip 0.0.0.0 
CSS11800(debug)#

Related Information

Updated: May 04, 2004
Document ID: 6400