Limiting the debug ip packet Analysis and, Therefore, CPU Use

Limiting the debug ip packet Analysis and, Therefore, CPU Use

The debug ip packet command displays in real-time all IP packet activity passing through a router. This is, unfortunately, extremely hard on CPU resources. In fact, a router running at 50 percent capacity can be buried by the command dominating the CPU use. Many organizations ban all use of the command for this reason. A second problem with the command is the screen is often overwhelmed by output, making it difficult to see the expected information.

Fortunately, the command syntax, debug ip packet [acl-num], allows an ACL to be created to filter the specific traffic of interest. In the following example, the output is limited to any traffic originating in the 192.168.0.0 network. Any valid host address, subnet, or network address can be used.

Rtr1#conf t
Rtr1(config)#access-list 20 permit 192.168.0.0 0.0.0.255
Rtr1(config)#^Z
Rtr1#debug ip packet ?                        <-shows the options
  <1-199>      Access list
  <1300-2699>  Access list (expanded range)
  detail       Print more debugging detail
  

Rtr1#debug ip packet 20 
IP packet debugging is on for access list 20
Rtr1#
00:05:28: IP: s=192.168.0.1 (local), d=224.0.0.10 (Ethernet0), 
    len 60, sending broad/multicast
00:05:28: IP: s=192.168.0.10 (Ethernet0), d=192.168.0.1 (Ethernet0), 
    len 56, rcvd 3