Cisco IOS Debug Command Reference, Release 12.3
Debug Commands: debug ip msdp through debug ip scp
Download this chapter
Debug Commands: debug ip msdp through debug ip scpDebug Commands: debug ip msdp through debug ip scp
Download the complete book
Book-level PDF: Cisco IOS Debug Command Reference, Release 12.3Book-level PDF: Cisco IOS Debug Command Reference, Release 12.3 (PDF - 11 MB)
give_us_feedback

Table Of Contents

debug ip msdp

debug ip msdp resets

debug ip nat

debug ip ospf events

debug ip ospf mpls traffic-eng advertisements

debug ip ospf packet

debug ip ospf spf statistic

debug ip packet

debug ip pgm host

debug ip pgm router

debug ip pim

debug ip pim atm

debug ip pim auto-rp

debug ip policy

debug ip rgmp

debug ip rip

debug ip routing

debug ip rsvp

debug ip rsvp authentication

debug ip rsvp detail

debug ip rsvp dump-messages

debug ip rsvp policy

debug ip rsvp rate-limit

debug ip rsvp reliable-msg

debug ip rsvp sbm

debug ip rsvp summary-refresh

debug ip rsvp traffic-control

debug ip rsvp wfq

debug ip rtp header-compression

debug ip rtp packets

debug ip scp


debug ip msdp

To debug Multicast Source Discovery Protocol (MSDP) activity, use the debug ip msdp command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip msdp [vrf vrf-name] [peer-address | name] [detail] [routes]

no debug ip msdp [vrf vrf-name] [peer-address | name] [detail] [routes]

Syntax Description

vrf

(Optional) Supports the Multicast Virtual Private Network (VPN) routing and forwarding (VRF) instance.

vrf-name

(Optional) Name assigned to the VRF.

peer-address | name

(Optional) The peer for which debug events are logged.

detail

(Optional) Provides more detailed debugging information.

routes

(Optional) Displays the contents of Source-Active messages.


Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(7)T

This command was introduced.

12.0(23)S

The vrf keyword and vrf-name argument were added.

12.2(13)T

The vrf keyword and vrf-name argument were added in Release 12.2T.


Examples

The following is sample output from the debug ip msdp command: 

Router# debug ip msdp


MSDP debugging is on

Router#

MSDP: 224.150.44.254: Received 1388-byte message from peer

MSDP: 224.150.44.254: SA TLV, len: 1388, ec: 115, RP: 172.31.3.92 

MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.92, used EMBGP peer

MSDP: 224.150.44.250: Forward 1388-byte SA to peer

MSDP: 224.150.44.254: Received 1028-byte message from peer

MSDP: 224.150.44.254: SA TLV, len: 1028, ec: 85, RP: 172.31.3.92 

MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.92, used EMBGP peer

MSDP: 224.150.44.250: Forward 1028-byte SA to peer

MSDP: 224.150.44.254: Received 1388-byte message from peer

MSDP: 224.150.44.254: SA TLV, len: 1388, ec: 115, RP: 172.31.3.111 

MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.111, used EMBGP peer

MSDP: 224.150.44.250: Forward 1388-byte SA to peer

MSDP: 224.150.44.250: Received 56-byte message from peer

MSDP: 224.150.44.250: SA TLV, len: 56, ec: 4, RP: 205.167.76.241 

MSDP: 224.150.44.250: Peer RPF check passed for 205.167.76.241, used EMBGP peer

MSDP: 224.150.44.254: Forward 56-byte SA to peer

MSDP: 224.150.44.254: Received 116-byte message from peer

MSDP: 224.150.44.254: SA TLV, len: 116, ec: 9, RP: 172.31.3.111 

MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.111, used EMBGP peer

MSDP: 224.150.44.250: Forward 116-byte SA to peer

MSDP: 224.150.44.254: Received 32-byte message from peer

MSDP: 224.150.44.254: SA TLV, len: 32, ec: 2, RP: 172.31.3.78 

MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.78, used EMBGP peer

MSDP: 224.150.44.250: Forward 32-byte SA to peer

Table 100 describes the significant fields shown in the display.

Table 100 debug ip msdp Field Descriptions

Field
Description

MSDP

Protocol being debugged.

224.150.44.254:

IP address of the MSDP peer.

Received 1388-byte message from peer

MSDP event.


debug ip msdp resets

To debug Multicast Source Discovery Protocol (MSDP) peer reset reasons, use the debug ip msdp resets command in privileged EXEC mode.

debug ip msdp [vrf vrf-name] resets

Syntax Description

vrf

(Optional) Supports the Multicast Virtual Private Network (VPN) routing and forwarding (VRF) instance.

vrf-name

(Optional) Name assigned to the VRF.


Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(7)T

This command was introduced.

12.0(23)S

The vrf keyword and vrf-name argument were added.

12.2(13)T

The vrf keyword and vrf-name argument were added in Release 12.2T.


debug ip nat

To display information about IP packets translated by the IP Network Address Translation (NAT) feature, use the debug ip nat command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip nat [access-list | detailed | h323 | ipsec | pptp |sip | vrf]

no debug ip nat [access-list | detailed | h323 | ipsec | pptp |sip | vrf]

Syntax Description

access-list

(Optional) The standard IP access list number. If the datagram is not permitted by the specified access list, the related debugging output is suppressed.

detailed

(Optional) Displays debug information in a detailed format.

h323

(Optional) Displays H.225 and H.245 protocol information.

ipsec

(Optional) Displays IP Security (IPSec) packet information.

pptp

(Optional) Displays Point-to-Point Tunneling Protocol (PPTP) information.

sip

(Optional) Displays Session Initiation Protocol (SIP) information.

vrf

(Optional) Displays Virtual Private Network (VPN) routing and forwarding (VRF) traffic-related information.


Defaults

This command is disabled by default.

Command Modes

Privileged EXEC

Command History

Release
Modification

11.2

This command was introduced.

12.1(5)T

The h323 keyword was added.

12.2(8)T

The sip keyword was added.

12.2(13)T

The ipsec and vrf keywords were added.


Usage Guidelines

The NAT feature reduces the need for unique, registered IP addresses. It can also save private network administrators from needing to renumber hosts and routers that do not conform to global IP addressing.

Use the debug ip nat command to verify the operation of the NAT feature by displaying information about every packet that is translated by the router. The debug ip nat detailed command generates a description of each packet considered for translation. This command also outputs information about certain errors or exceptional conditions, such as the failure to allocate a global address. To display messages related to the processing of H.225 signaling and H.245 messages, use the debug ip nat h323 command. To display messages related to the processing of SIP messages, use the debug ip nat sip command. To display messages related to the processing of VRF messages, use the debug ip nat vrf command.

Caution Because the debug ip nat command generates a substantial amount of output, use it only when traffic on the IP network is low, so other activity on the system is not adversely affected.

Examples

The following is sample output from the debug ip nat command. In this example, the first two lines show the debugging output produced by a Domain Name System (DNS) request and reply. The remaining lines show the debugging output from a Telnet connection from a host on the inside of the network to a host on the outside of the network. All Telnet packets, except for the first packet, were translated in the fast path, as indicated by the asterisk (*). 

Router# debug ip nat 


NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]

NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] 

NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] 

NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] 

NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] 

NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] 

NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] 

NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]

Table 101 describes the significant fields shown in the display.

Table 101 debug ip nat Field Descriptions 

Field
Description

NAT:

Indicates that the packet is being translated by the NAT feature. An asterisk (*) indicates that the translation is occurring in the fast path. The first packet in a conversation always goes through the slow path (that is, it is process switched). The remaining packets go through the fast path if a cache entry exists.

s=192.168.1.95->172.31.233.209

Source address of the packet and how it is being translated.

d=172.31.2.132

Destination address of the packet.

[6825]

IP identification number of the packet. Might be useful in the debugging process to correlate with other packet traces from protocol analyzers.


The following is sample output from the debug ip nat detailed command. In this example, the first two lines show the debugging output produced by a DNS request and reply. The remaining lines show the debugging output from a Telnet connection from a host on the inside of the network to a host on the outside of the network. In this example, the inside host 192.168.1.95 was assigned the global address 172.31.233.193. 

Router# debug ip nat detailed


NAT: i: udp (192.168.1.95, 1493) -> (172.31.2.132, 53) [22399]

NAT: o: udp (172.31.2.132, 53) -> (172.31.233.193, 1493) [63671]

NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22400]

NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22002]

NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22401]

NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22402]

NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22060]

NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22071]

The following is sample output from the debug ip nat h323 command. In this example, an H.323 call is established between two hosts, one host on the inside and the other one on the outside. The debug displays the H.323 messages names that NAT recognizes and the embedded IP addresses contained in those messages. 

Router# debug ip nat h323


NAT:H225:[0] processing a Setup message

NAT:H225:[0] found Setup sourceCallSignalling

NAT:H225:[0] fix TransportAddress addr=192.168.122.50 port=11140

NAT:H225:[0] found Setup fastStart

NAT:H225:[0] Setup fastStart PDU length:18

NAT:H245:[0] processing OpenLogicalChannel message, forward channel 

number 1

NAT:H245:[0] found OLC forward mediaControlChannel

NAT:H245:[0] fix TransportAddress addr=192.168.122.50 port=16517

NAT:H225:[0] Setup fastStart PDU length:29

NAT:H245:[0] processing OpenLogicalChannel message, forward channel 

number 1

NAT:H245:[0] found OLC reverse mediaChannel

NAT:H245:[0] fix TransportAddress addr=192.168.122.50 port=16516

NAT:H245:[0] found OLC reverse mediaControlChannel

NAT:H245:[0] fix TransportAddress addr=192.168.122.50 port=16517

NAT:H225:[1] processing an Alerting message

NAT:H225:[1] found Alerting fastStart

NAT:H225:[1] Alerting fastStart PDU length:25

NAT:H245:[1] processing OpenLogicalChannel message, forward channel

Table 102 describes the significant fields shown in the display.

Table 102 debug ip nat h323 Field Descriptions 

Field
Description

NAT:

Indicates that the packet is being translated by the NAT feature.

H.225 and H.245:

Protocol of the packet.

[1]

Indicates that the packet is moving from a host inside the network to one outside the network.

[0]

Indicates that the packet is moving from a host outside the network to one inside the network.


The following is sample output from the debug ip nat ipsec command:

Router# debug ip nat ipsec 

5d21h:NAT:new IKE going In->Out, source addr 192.168.122.35, destination addr 
192.168.22.20, initiator cookie

0x9C42065D

5d21h:NAT:IPSec:created In->Out ESP translation IL=192.168.122.35 SPI=0xAAE32A0A, 
IG=192.168.22.40, OL=192.168.22.20,

OG=192.168.22.20

5d21h:NAT:IPSec:created Out->In ESP translation OG=192.168.22.20 SPI=0xA64B5BB6, 
OL=192.168.22.20, IG=192.168.22.40,

IL=192.168.122.35


5d21h:NAT:new IKE going In->Out, source addr 192.168.122.20, destination addr 
192.168.22.20, initiator cookie

0xC91738FF

5d21h:NAT:IPSec:created In->Out ESP translation IL=192.168.122.20 SPI=0x3E2E1B92, 
IG=192.168.22.40, OL=192.168.22.20,

OG=192.168.22.20

5d21h:NAT:IPSec:Inside host (IL=192.168.122.20) trying to open an ESP connection to 
Outside host (OG=192.168.22.20),

wait for Out->In reply

5d21h:NAT:IPSec:created Out->In ESP translation OG=192.168.22.20 SPI=0x1B201366, 
OL=192.168.22.20, IG=192.168.22.40,

IL=192.168.122.20

The following is sample output from the debug ip nat sip command. In this example, one IP phone registers with a Cisco SIP proxy and then calls another IP phone. The debug output displays the SIP messages that NAT recognizes and the embedded IP addresses contained in those messages. 

Router# debug ip nat sip


NAT:SIP:[0] processing REGISTER message

NAT:SIP:[0] translated embedded address

192.168.122.3->2.2.2.2

NAT:SIP:[0] translated embedded address

192.168.122.3->2.2.2.2

NAT:SIP:[0] message body found

NAT:SIP:[0] found address/port in SDP body:192.168.122.20

20332

NAT:SIP:[1] processing SIP/2.0 100 Trying reply message

NAT:SIP:[1] translated embedded address

2.2.2.2->192.168.122.3

NAT:SIP:[1] processing SIP/2.0 200 OK reply message

NAT:SIP:[1] translated embedded address

2.2.2.2->192.168.122.3

NAT:SIP:[1] translated embedded address

2.2.2.2->192.168.122.3

NAT:SIP:[1] processing INVITE message

NAT:SIP:[1] translated embedded address

2.2.2.2->192.168.122.3

NAT:SIP:[1] message body found

NAT:SIP:[1] found address/port in SDP body:192.168.22.20

Table 103 describes the significant fields shown in the display.

Table 103 debug ip nat sip Field Descriptions 

Field
Description

NAT:

Indicates that the packet is being translated by the NAT feature.

SIP:

Protocol of the packet.

[1]

Indicates that the packet is moving from a host inside the network to one outside the network.

[0]

Indicates that the packet is moving from a host outside the network to one inside the network.


The following is sample output from the debug ip nat vrf command: 

Router# debug ip nat vrf


6d00h:NAT:address not stolen for 192.168.121.113, proto 1 port 7224

6d00h:NAT:creating portlist proto 1 globaladdr 2.2.2.10

6d00h:NAT:Allocated Port for 192.168.121.113 -> 2.2.2.10:wanted 7224 got 7224

6d00h:NAT:i:icmp (192.168.121.113, 7224) -> (168.58.88.2, 7224) [2460]

6d00h:NAT:s=192.168.121.113->2.2.2.10, d=168.58.88.2 [2460] vrf=> shop


6d00h:NAT*:o:icmp (168.58.88.2, 7224) -> (2.2.2.10, 7224) [2460]      vrf=> shop

6d00h:NAT*:s=168.58.88.2, d=2.2.2.10->192.168.121.113 [2460] vrf=> shop



6d00h:NAT:Allocated Port for 192.168.121.113 -> 2.2.2.10:wanted 7225 got 7225

6d00h:NAT:i:icmp (192.168.121.113, 7225) -> (168.58.88.2, 7225) [2461]

6d00h:NAT:s=192.168.121.113->2.2.2.10, d=168.58.88.2 [2461] vrf=> shop

6d00h:NAT*:o:icmp (168.58.88.2, 7225) -> (2.2.2.10, 7225) [2461]      vrf=> shop

6d00h:NAT*:s=168.58.88.2, d=2.2.2.10->192.168.121.113 [2461] vrf=> shop

6d00h:NAT:Allocated Port for 192.168.121.113 -> 2.2.2.10:wanted 7226 got 7226

6d00h:NAT:i:icmp (192.168.121.113, 7226) -> (168.58.88.2, 7226) [2462]

6d00h:NAT:s=192.168.121.113->2.2.2.10, d=168.58.88.2 [2462] vrf=> shop

Table 104 describes the significant fields shown in the display.

Table 104 debug ip nat vrf Field Descriptions 

Field
Description

vrf=>

Indicates NAT is applied to a particular VPN.


debug ip ospf events

To display information on Open Shortest Path First (OSPF)-related events, such as adjacencies, flooding information, designated router selection, and shortest path first (SPF) calculation, use the debug ip ospf events command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip ospf events

no debug ip ospf events

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Examples

The following is sample output from the debug ip ospf events command: 

Router# debug ip ospf events


OSPF:hello with invalid timers on interface Ethernet0

hello interval received 10 configured 10

net mask received 255.255.255.0 configured 255.255.255.0

dead interval received 40 configured 30

The debug ip ospf events output shown might appear if any of the following situations occurs:

The IP subnet masks for routers on the same network do not match.

The OSPF hello interval for the router does not match that configured for a neighbor.

The OSPF dead interval for the router does not match that configured for a neighbor.

If a router configured for OSPF routing is not seeing an OSPF neighbor on an attached network, perform the following tasks:

Make sure that both routers have been configured with the same IP mask, OSPF hello interval, and OSPF dead interval.

Make sure that both neighbors are part of the same area type.

In the following example line, the neighbor and this router are not part of a stub area (that is, one is a part of a transit area and the other is a part of a stub area, as explained in RFC 1247): 

OSPF: hello packet with mismatched E bit

Related Commands

Command
Description

debug ip pgm host

Displays information about each OSPF packet received.


debug ip ospf mpls traffic-eng advertisements

To print information about traffic engineering advertisements in Open Shortest Path First (OSPF) link state advertisement (LSA) messages, use the debug ip ospf mpls traffic-eng advertisements command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip ospf mpls traffic-eng advertisements

no debug ip ospf mpls traffic-eng advertisements

Syntax Description

This command has no arguments or keywords

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(5)ST

This command was introduced.


Examples

In the following example, information about traffic engineering advertisements is printed in OSPF LSA messages: 

Router# debug ip ospf mpls traffic-eng advertisements


OSPF:IGP delete router node 10.106.0.6 fragment 0 with 0 links

      TE Router ID 10.106.0.6

OSPF:IGP update router node 10.110.0.10 fragment 0 with 0 links

      TE Router ID 10.110.0.10

OSPF:MPLS announce router node 10.106.0.6 fragment 0 with 1 links

      Link connected to Point-to-Point network

      Link ID :10.110.0.10

      Interface Address :10.1.0.6

      Neighbor Address :10.1.0.10

      Admin Metric :10

      Maximum bandwidth :1250000

      Maximum reservable bandwidth :625000

      Number of Priority :8

      Priority 0 :625000      Priority 1 :625000    

      Priority 2 :625000      Priority 3 :625000    

      Priority 4 :625000      Priority 5 :625000    

      Priority 6 :625000      Priority 7 :625000    

      Affinity Bit :0x0

Table 105 describes the significant fields shown in the display.

Table 105 debug ip ospf mpls traffic-eng advertisements Field Descriptions 

Field
Description

Link ID

Index of the link being described.

Interface Address

Address of the interface.

Neighbor Address

Address of the neighbor.

Admin Metric

Administrative weight associated with this link.

Maximum bandwidth

Bandwidth capacity of the link (kbps).

Maximum reservable bandwidth

Amount of reservable bandwidth on this link.

Number of Priority

Number of priority levels for which bandwidth is advertised.

Priority

Bandwidth available at indicated priority level.

Affinity Bit

Attribute flags of the link that are being flooded.



debug ip ospf packet

To display information about each Open Shortest Path First (OSPF) packet received, use the debug ip ospf packet command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip ospf packet

no debug ip ospf packet

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Examples

The following is sample output from the debug ip ospf packet command: 

Router# debug ip ospf packet


OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.117

      aid:0.0.0.0 chk:6AB2 aut:0 auk:

The debug ip ospf packet command produces one set of information for each packet received. The output varies slightly depending on which authentication is used. The following is sample output from the debug ip ospf packet command when message digest algorithm 5 (MD5) authentication is used. 

Router# debug ip ospf packet


OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116

      aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0

Table 106 describes the significant fields shown in the display.

Table 106 debug ip ospf packet Field Descriptions 

Field
Description

v:

OSPF version.

t:

OSPF packet type. Possible packet types follow:

1—Hello

2—Data description

3—Link state request

4—Link state update

5—Link state acknowledgment

l:

OSPF packet length in bytes.

rid:

OSPF router ID.

aid:

OSPF area ID.

chk:

OSPF checksum.

aut:

OSPF authentication type. Possible authentication types follow:

0—No authentication

1—Simple password

2—MD5

keyid:

MD5 key ID.

seq:

Sequence number.


Related Commands

Command
Description

debug ip ospf events

Displays information on OSPF-related events, such as adjacencies, flooding information, designated router selection, and SPF calculation.


debug ip ospf spf statistic

To display statistical information while running the shortest path first (SPF) algorithm , use the debug ip ospf spf statistic command in privileged EXEC mode. To disable the debugging output, use the no form of this command.

debug ip ospf spf statistic

no debug ip ospf spf statistic

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(12)

This command was introduced.


Usage Guidelines

The debug ip ospf spf statistic command displays the SPF calculation times in milliseconds, the node count, and a time stamp.

Examples

The following is sample output from the debug ip ospf spf statistic command: 

Router# debug ip ospf spf statistic


00:05:59:	OSPF:	Begin SPF at 359.216ms, process time 60ms

00:05:59:	spf_time 00:05:59.216, wait_interval 0s

00:05:59:	OSPF:	End SPF at 359.216ms, Total elapsed time 0ms

00:05:59:	Intra: 0ms, Inter: 0ms, External: 0ms

00:05:59:	R: 4, N: 2, Stubs: 1

00:05:59:	SN: 1, SA: 0, X5: 1, X7: 0

00:05:59:	SPF suspends: 0 intra, 1 total

Table 107 describes the significant fields shown in the display.

Table 107 debug ip ospf spf statistic Field Descriptions 

Field
Description

Begin SPF at

Absolute time in milliseconds when SPF is started.

process time

Cumulative time since the process has been created.

spf_time

Last time SPF was run or an event has happened to run SPF.

wait_interval

Time waited to run SPF.

End SPF at

Absolute time in milliseconds when SPF had ended.

Total elapsed time

Total time take to run SPF.

Intra:

Time taken to process intra-area link-state advertisements (LSAs).

Inter:

Time taken to process interarea LSAs.

External:

Time taken to process external LSAs.

R:

Number of router LSAs.

N:

Number of network LSAs.

Stubs:

Number of stub links.

SN:

Number of summary network LSAs.

SA:

Number of summary LSAs describing autonomous system boundary routers (ASBRs).

X5:

Number of external type 5 LSAs.

X7:

Number of external type 7 LSAs.

SPF suspends: intra

Number of times process is suspended during intra-area SPF run.

total

Total number of times process is suspended during SPF run.


debug ip packet

To display general IP debugging information and IP security option (IPSO) security transactions, use the debug ip packet command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip packet [access-list-number] [detail] [dump]

no debug ip packet [access-list-number]

Syntax Description

access-list-number

(Optional) The IP access list number that you can specify. If the datagram is not permitted by that access list, the related debugging output is suppressed. Standard, extended, and expanded access lists are supported. The range of standard and extended access lists is from 1 to 199. The range of expanded access lists is from 1300 to 2699.

detail

(Optional) Displays detailed IP packet debugging information. This information includes the packet types and codes as well as source and destination port numbers.

dump

(Hidden) Displays IP packet debugging information along with raw packet data in hexadecimal and ASCII forms. This keyword can be enabled with individual access lists and also with the detail keyword.

Note The dump keyword is not fully supported and should be used only in collaboration with Cisco Technical Support. See the caution notes below, in the usage guidelines, for more specific information.


Command Modes

Privileged EXEC

Usage Guidelines

If a communication session is closing when it should not be, an end-to-end connection problem can be the cause. The debug ip packet command is useful for analyzing the messages traveling between the local and remote hosts. IP packet debugging captures the packets that are process switched including received, generated and forwarded packets. IP packets that are switched in the fast path are not captured.

IPSO security transactions include messages that describe the cause of failure each time a datagram fails a security test in the system. This information is also sent to the sending host when the router configuration allows it.

Caution Because the debug ip packet command generates a substantial amount of output and uses a substantial amount of system resources, this command should be used with caution in production networks. It should only be enabled when traffic on the IP network is low, so other activity on the system is not adversely affected. Enabling the detail and dump keywords use the highest level of system resources of the available configuration options for this command, so a high level of caution should be applied when enabling either of these keywords.
Caution The dump keyword is not fully supported and should be used only in collaboration with Cisco Technical Support. Because of the risk of using significant CPU utilization, the dump keyword is hidden from the user and cannot be seen using the "?" prompt. The length of the displayed packet information may exceed the actual packet length and include additional padding bytes that do not belong to the IP packet. Also note that the beginning of a packet may start at different locations in the dump output depending on the specific router, interface type, and packet header processing that may have occurred before the output is displayed.

Examples

The following is sample output from the debug ip packet command: 

debug ip packet


IP packet debugging is on 


IP: s=172.69.13.44 (Fddi0), d=10.125.254.1 (Serial2), g=172.69.16.2, forward

IP: s=172.69.1.57 (Ethernet4), d=10.36.125.2 (Serial2), g=172.69.16.2, forward

IP: s=172.69.1.6 (Ethernet4), d=255.255.255.255, rcvd 2

IP: s=172.69.1.55 (Ethernet4), d=172.69.2.42 (Fddi0), g=172.69.13.6, forward

IP: s=172.69.89.33 (Ethernet2), d=10.130.2.156 (Serial2), g=172.69.16.2, forward

IP: s=172.69.1.27 (Ethernet4), d=172.69.43.126 (Fddi1), g=172.69.23.5, forward

IP: s=172.69.1.27 (Ethernet4), d=172.69.43.126 (Fddi0), g=172.69.13.6, forward

IP: s=172.69.20.32 (Ethernet2), d=255.255.255.255, rcvd 2

IP: s=172.69.1.57 (Ethernet4), d=10.36.125.2 (Serial2), g=172.69.16.2, access denied

The output shows two types of messages that the debug ip packet command can produce; the first line of output describes an IP packet that the router forwards, and the third line of output describes a packet that is destined for the router. In the third line of output, rcvd 2 indicates that the router decided to receive the packet.

Table 108 describes the significant fields shown in the output.

Table 108 debug ip packet Field Descriptions 

Field
Description

IP:

Indicates that this is an IP packet.

s=172.69.13.44 (Fddi0)

Indicates the source address of the packet and the name of the interface that received the packet.

d=10.125.254.1 (Serial2)

Indicates the destination address of the packet and the name of the interface (in this case, S2) through which the packet is being sent out on the network.

g=172.69.16.2

Indicates the address of the next-hop gateway.

forward

Indicates that the router is forwarding the packet. If a filter denies a packet, "access denied" replaces "forward," as shown in the last line of output.


The following is sample output from the debug ip packet command enabled with the detail keyword: 

debug ip packet detail 


IP packet debugging is on (detailed)


001556: 19:59:30: CEF: Try to CEF switch 10.4.9.151 from FastEthernet0/0

001557: 19:59:30: IP: s=10.4.9.6 (FastEthernet0/0), d=10.4.9.151 (FastEthernet03

001558: 19:59:30:     TCP src=179, dst=11001, seq=3736598846, ack=2885081910, wH

001559: 20:00:09: CEF: Try to CEF switch 10.4.9.151 from FastEthernet0/0

001560: 20:00:09: IP: s=10.4.9.4 (FastEthernet0/0), d=10.4.9.151 (FastEthernet03

001561: 20:00:09:     TCP src=179, dst=11000, seq=163035693, ack=2948141027, wiH

001562: 20:00:14: CEF: Try to CEF switch 10.4.9.151 from FastEthernet0/0

001563: 20:00:14: IP: s=10.4.9.6 (FastEthernet0/0), d=10.4.9.151 (FastEthernet03

001564: 20:00:14:     ICMP type=8, code=0

001565: 20:00:14: IP: s=10.4.9.151 (local), d=10.4.9.6 (FastEthernet0/0), len 1g

001566: 20:00:14:     ICMP type=0, code=0

The format of the output with detail keyword provides additional information, such as the packet type, code, some field values, and source and destination port numbers.

Table 109 describes the significant fields shown in the output.

Table 109 debug ip packet detail Field Descriptions 

Field
Description

CEF:

Indicates that the IP packet is being processed by CEF.

IP:

Indicates that this is an IP packet.

s=10.4.9.6 (FastEthernet0/0)

Indicates the source address of the packet and the name of the interface that received the packet.

d=10.4.9.151 (FastEthernet03)

Indicates the destination address of the packet and the name of the interface through which the packet is being sent out on the network.

TCP src=

Indicates the source TCP port number.

dst=

Indicates the destination TCP port number.

seq=

Value from the TCP packet sequence number field./

ack=

Value from the TCP packet acknowledgement field.

ICMP type=

Indicates ICMP packet type.

code=

Indicates ICMP return code.


The following is sample output from the debug ip packet command enabled with the dump keyword: 

debug ip packet dump


IP packet debugging is on (detailed) (dump)


21:02:42: IP: s=10.4.9.6 (FastEthernet0/0), d=10.4.9.4 (FastEthernet0/0), len 13

07003A00:                       0005 00509C08            ...P..

07003A10: 0007855B 4DC00800 45000064 001E0000  ...[M@..E..d....

07003A20: FE019669 0A040906 0A040904 0800CF7C  ~..i..........O|

07003A30: 0D052678 00000000 0A0B7145 ABCDABCD  ..&x......qE+M+M

07003A40: ABCDABCD ABCDABCD ABCDABCD ABCDABCD  +M+M+M+M+M+M+M+M

07003A50: ABCDABCD ABCDABCD ABCDABCD ABCDABCD  +M+M+M+M+M+M+M+M

07003A60: ABCDABCD ABCDABCD ABCDABCD ABCDABCD  +M+M+M+M+M+M+M+M

07003A70: ABCDABCD ABCDABCD ABCDABCD           +M+M+M+M+M+M    

21:02:42: IP: s=10.4.9.4 (local), d=10.4.9.6 (FastEthernet0/0), len 100, sending

07003A00:                       0005 00509C08            ...P..

07003A10: 0007855B 4DC00800 45000064 001E0000  ...[M@..E..d....

07003A20: FF019569 0A040904 0A040906 0000D77C  ...i..........W|

07003A30: 0D052678 00000000 0A0B7145 ABCDABCD  ..&x......qE+M+M

07003A40: ABCDABCD ABCDABCD ABCDABCD ABCDABCD  +M+M+M+M+M+M+M+M

07003A50: ABCDABCD ABCDABCD ABCDABCD ABCDABCD  +M+M+M+M+M+M+M+M

07003A60: ABCDABCD ABCDABCD ABCDABCD ABCDABCD  +M+M+M+M+M+M+M+M

07003A70: ABCDABCD ABCDABCD ABCDABCD           +M+M+M+M+M+M    

21:02:42: CEF: Try to CEF switch 10.4.9.4 from FastEthernet0/0

21:02:42: IP: s=10.4.9.6 (FastEthernet0/0), d=10.4.9.4 (FastEthernet0/0), len 13

07003380:                       0005 00509C08            ...P..

07003390: 0007855B 4DC00800 45000064 001F0000  ...[M@..E..d....

070033A0: FE019668 0A040906 0A040904 0800CF77  ~..h..........Ow

070033B0: 0D062678 00000000 0A0B7149 ABCDABCD  ..&x......qI+M+M

070033C0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD  +M+M+M+M+M+M+M+M

070033D0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD  +M+M+M+M+M+M+M+M

070033E0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD  +M+M+M+M+M+M+M+M

070033F0: ABCDABCD ABCDABCD ABCDABCD           +M+M+M+M+M+M

Note The dump keyword is not fully supported and should be used only in collaboration with Cisco Technical Support. See the caution in the usage guidelines section of this command reference page for more specific information.

The output from the debug ip packet command, when the dump keyword is enabled, provides raw packet data in hexadecimal and ASCII forms. This addtional output is displayed in addition to the standard output. The dump keyword can be used with all of the available configuration options of this command.

Table 110 describes the standard output fields shown.

Table 110 debug ip packet dump Field Descriptions 

Field
Description

IP:

Indicates that this is an IP packet.

s=10.4.9.6 (FastEthernet0/0)

Indicates the source address of the packet and the name of the interface that received the packet.

d=10.4.9.4 (FastEthernet0/0) len 13

Indicates destination address and length of the packet and the name of the interface through which the packet is being sent out on the network.

sending

Indicates that the router is sending the packet.


The calculation on whether to send a security error message can be somewhat confusing. It depends upon both the security label in the datagram and the label of the incoming interface. First, the label contained in the datagram is examined for anything obviously wrong. If nothing is wrong, assume the datagram to be correct. If something is wrong, the datagram is treated as unclassified genser. Then the label is compared with the interface range, and the appropriate action is taken, as Table 111 describes.

Table 111 Security Actions  

Classification
Authorities
Action Taken

Too low

Too low

Good

Too high

No Response

No Response

No Response

In range

Too low

Good

Too high

No Response

Accept

Send Error

Too high

Too low

In range

Too high

No Response

Send Error

Send Error


The security code can only generate a few types of Internet Control Message Protocol (ICMP) error messages. The only possible error messages and their meanings follow:

ICMP Parameter problem, code 0—Error at pointer

ICMP Parameter problem, code 1—Missing option

ICMP Parameter problem, code 2—See Note that follows

ICMP Unreachable, code 10—Administratively prohibited

Note The message "ICMP Parameter problem, code 2" identifies a specific error that occurs in the processing of a datagram. This message indicates that the router received a datagram containing a maximum length IP header but no security option. After being processed and routed to another interface, it is discovered that the outgoing interface is marked with "add a security label." Because the IP header is already full, the system cannot add a label and must drop the datagram and return an error message.

When an IP packet is rejected due to an IP security failure, an audit message is sent via Department of Defense Intelligence Information System Network Security for Information Exchange (DNSIX) Network Address Translation (NAT). Also, any debug ip packet output is appended to include a description of the reason for rejection. This description can be any of the following:

No basic

No basic, no response

Reserved class

Reserved class, no response

Class too low, no response

Class too high

Class too high, bad authorities, no response

Unrecognized class

Unrecognized class, no response

Multiple basic

Multiple basic, no response

Authority too low, no response

Authority too high

Compartment bits not dominated by maximum sensitivity level

Compartment bits do not dominate minimum sensitivity level

Security failure: extended security disallowed

NLESO source appeared twice

ESO source not found

Postroute, failed xfc out

No room to add IPSO

debug ip pgm host

To display debug messages for the Pragmatic General Multicast (PGM) Host feature, use the debug ip pgm host command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip pgm host [data | nak | spm]

no debug ip pgm host [data | nak | spm]

Syntax Description

data

(Optional) Enables debugging for PGM sent (ODATA) and re-sent (RDATA) data packets.

nak

(Optional) Enables debugging for PGM negative acknowledgment (NAK) data packets, NAK confirmation (NCF) data packets, and Null NAK (NNAK) data packets.

spm

(Optional) Enables debugging for PGM source path messages (SPMs).


Defaults

Debugging for PGM Host is not enabled. If the debug ip pgm host command is used with no additional keywords, debugging is enabled for all PGM Host message types.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(1)T

This command was introduced.


Examples

The following is sample output from the debug ip pgm host command: 

Router# debug ip pgm host

Host SPM debugging is on

Host NAK/NCF debugging is on

Host ODATA/RDATA debugging is on

The following is sample output from the debug ip pgm host command when the data keyword is used: 

Router# debug ip pgm host data

02:50:23:PGM Host:Received ODATA from 10.0.30.2 to 224.3.3.3 (74 bytes)

02:50:23:     ODATA TSI 00000A001E02-0401 data-dport BBBB csum 9317 tlen 74   

02:50:23:     tsqn         31 dsqn         39

The following example shows output of the debug ip pgm host command when the nak keyword is used. In the following example, the host sends a NAK to the source for a missing packet and the source returns an NCF to the host followed by an RDATA data packet. 

Router# debug ip pgm host nak

02:50:24:PGM Host:Sending NAK from 10.0.32.2 to 10.0.32.1 (36 bytes)

02:50:24:     NAK TSI 00000A001E02-0401 data-dport BBBB csum 04EC tlen 36   

02:50:24:     dsqn         38 data source 10.0.30.2 group 224.3.3.3


02:50:24:PGM Host:Received NCF from 10.0.30.2 to 224.3.3.3 (36 bytes)

02:50:24:     NCF TSI 00000A001E02-0401 data-dport BBBB csum 02EC tlen 36   

02:50:24:     dsqn         38 data source 10.0.30.2 group 224.3.3.3


02:50:24:PGM Host:Received RDATA from 10.0.30.2 to 224.3.3.3 (74 bytes)

02:50:24:     RDATA TSI 00000A001E02-0401 data-dport BBBB csum 9218 tlen 74   

02:50:24:     tsqn         31 dsqn         38

The following is sample output from the debug ip pgm host command with the spm keyword is used: 

Router# debug ip pgm host spm


02:49:39:PGM Host:Received SPM from 10.0.