Catalyst 3524 - Capturing fragmented packets

Greetings,
I have run into an interesting issue with a trunked connection to my ASA.
Scenario: ASA-5510 connected to a Catalyst 3524 switch via a dot1q trunk. There are approximately 12 vlans configured and passing traffic.
The ASA interface shows no errors; the Catalyst switch is incrementing runts fairly rapidly.
From what I have read this typically is a cabling or hardware issue. We changed ports and cables on the Catalyst switch to rule out that side. Both ASA and Switch are set to Full Duplex/ Speed 100.
From a troubleshooting perspective, I am limited on my packet captures due to the switch and/or my NIC hardware discarding 'bad' packets. I don't have access to a hardware packet capturing device or a NIC with that capability.
To anyone's knowledge, is there a way to capture the packets being dropped at the switch port? I have a port monitor set up and have disabled "checksum offloading" on my NIC; so far that is the best I have come up with.
It looks like the switch will increment the runts counter, but not log any of that info.
I am eliminating any other port issues I see on the switch, but that hasn't made a difference so far.
My apologies for the long post, but I do appreciate your patience and expertise!
Thanks for your time!

Thanks for the info - I will be able to use that for future troubleshooting!
I have resolved the incrementing runts issue with an IOS upgrade on the switch (to current level for the Cat 3524).
After the upgrade, the counters no longer increment. I was hoping this would be the case; we were just waiting for a maintenance window to complete the upgrade.
Thanks again!

Similar Messages

  • CSS 11155 drops fragmented packets.

    My CSS 11155 WebNS 6.10 drops fragmented packets to VIP configured on a layer 4 rule.
    I have seen plenty on how to handle this with WebNS 7 but is there a way to handle this on version 6?
    Regards,
    Paul.

    I have found the link for troubleshooting the CSS 11155 hardware, please have a look at it.
    http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_installation_guide_chapter09186a00801760b3.html#wp1031725

  • How to capture rtp packet??

    Hi,
    can someone plz tell me how to capture rtp packets. And also can u tell me how to remove the rtp header. I want to add another header to the rtp packet. I will be glad if u can also send me some code samples too.
    Thank you in advance.
    bye
    R.Ravi Kiran

    To Capture the RTP Packet all you need to do is listen for a UDP packet on the destination address and you will be able to receive the data. The Data field is by default 256 bytes long (just to let you know).
    So you will send the RTP Packet to Localhost port 4444
    To capture the packet you need to be listening for a UDP packet on that Address
    it would look something like this:
    byte[] buf = new byte[256];
    DatagramSocket socket = new DatagramSocket(4444);
    DatagramPacket packet = new DatagramPacket(buf, buf.length);
    socket.receive(packet);
    then you just have to do what you want with the buf array
    I'm not to sure about the RTP Header I'm working on that as well.. so if I find anything I will let you know.

  • Fragmenting packets over Ethernet to improve voice quality

    Setup:
    1750--Ethernet---Satellite Receiver---128K Sat Link---Sat. Recvr--Ether---1750
    Question:
    Since the Satellite Link is only 128K there will be a problem of Serialization Delay. Is there a way to fragment packets and Interleave over ethernet ? The same way it is done over Frame Relay or MLPPP.
    In this setup how does one lower down "Serialization Delay" ?

    rocampo,
    With a Satellite link, most the latency will be travel time and not serialization delay. I would expect VoIP quality to be an issue, since the users will have to tolerate long delays and have to wait to make sure the person on the other end has actually finished speaking before starting to speak. VoIP packets are generally small enough that they are already at or near Ethernet minimum packet size of 64 KBytes, so they are not fragmented on Ethernet. However, you may want to look into the QOS / COS capabilities of your LAN switches. But the real issue for you will be the large amount of latency across the satellite link. Be sure to use QOS on the satellite link, to send along VoIP packets on a preferred basis over other less time sensitive traffic. And you may want to see if you can use RTP header compression on the Satellite link to shrink the size of VoIP frames.
    Regards,
    Rob Bristow
    AT&T Solutions
    CCIE #3335

  • Wireshark capture rtp packets on Cisco CUBE.

    Hello all,
    We have this call flow and we are having intermittent DTMF issue
    CUCM 10.5--->CUBE(10.1.1.10--->AVAYA(10.1.1.11)--->PSTN
    I am trying to capture RTP packets between CUBE and AVAYA, How can we capture RTP packets between(10.1.1.10 and 10.1.1.11)??
    I followed below steps and I can see the traffic only from AVAYA to CUBE and that too only SIP and TCP not RTP.
    Router(config)# access-list 140 permit ip host 32.55.55.32 any
    Router(config)# access-list 140 permit ip any host 32.55.55.32
    This ACL will capture all traffic to and from this IP address.
    Next we need to enable the Cisco packet monitoring service:
    Router# monitor capture buffer holdpackets
    Now we can filter the monitored traffic by filtering it through our access-list:
    Router# monitor capture buffer holdpackets filter access-list 140
    Now we need to name our particular packet capture. I have called mine "testcap"
    Router# monitor capture point ip cef testcap all both
    Router# monitor capture point associate testcap holdpackets
    Now we can start our capture!
    Router# monitor capture point start testcap
    Once you think you have acquired enough packets, to stop the capture, type:
    Router# monitor capture point stop testcap
    Now you can export your data to your tftp server by typing in the following command. You can then open the .pcap file in Wireshark for viewing
    Router# monitor capture buffer holdpackets export tftp://10.0.0.55/testcap.pcap
    Once uploaded you can clear your capture buffer by typing the following:
    Router# no monitor capture buffer holdpackets
    Any help is much appreciated
    Thanks!

    But when i configure the destination as USB0 my pendrive, it fails.
    Could be a bug but I wouldn't recommend configuring the destination as your USB drive because no one has the same luxury as you to have the USB sit there all the time.
    Store to the flash and transfer to USB is probably the best solution.

  • Firewall causing playstation 3 fragmented packets blocked!

    Just wanted to post this as info to other RV220w users that have a playstation 3.  By default a setting is on in the firewall that blocks fragmented packets..  With this setting on even if the ps3 is in the dmz some games wont work and if you test the ps3 connection it will tell you that either your router or service provider doesn't allow fragmented packets.  Its under Firewall > Attack Prevention > check box "block fragmented packets".
    the error from testing connection on  ps3 is
    The router in use may not support IP fragments, and the communication features of some games may be restricted.

    [email protected] wrote:
    > I am using Netware 6.5 sp1a and bm 3.8 sp1a.
    >
    > I recently deleted some unneeded packet filter exceptions using
    > iManager. When my server was restarted over the weekend the firewall is
    > not allowing packets in the exception list to pass through.
    > I get a message on the logger screen that states:
    > "nbm filewall failed to read configuration from ds"
    > What is actuall happening is all traffic is blocked as the exceptions do
    > not seem to be working.
    >
    > I have checked ds and all looks healthy.
    >
    > Any ideas. I have been forced to disable filters on the public interface
    > until I can fix the problem.
    >
    > Thanks,
    >
    Sorry but this is the wrong forum. You need to go to
    novell.support.bordermanager.packet-filtering. This forum is for the
    Novell Client Firewall that comes with BM 3.8
    Brad

  • Configuring port mirroring on the MA561x to capture voice packets?

    How to configure port mirroring on the MA561x to capture voice packets? Now I use the MA5616. Any help would be appreciated!

    How to configure port mirroring on the MA561x to capture voice packets? Now I use the MA5616. Any help would be appreciated!
     I use the MA5616,too,and I bought from  www.huanetwork.com
    , nice price. The configuration of this problem, please visit:  http://momopp.blogdetik.com/

  • Cat3750-Metro-Not Pass Last Fragment Packet

    Hello,
    I have a cat 3750 metro on a customer, although the customer is not using any metro feature I am having a problem with passing packets grater than 4,9K, the switch is not passing the last fragment of the packet when the packet is routed, if the packet is switched no problem .
    I have made an upgrade to the last (12.2.25.SEE) version and did not resolve.
    Thus any one has a clue.
    I will try to change the SVI to the physical interfaces (no switchport) to see if something changes?
    Thanks

    @prabodh:
    SQL> declare
      2  TYPE tab_person_id is of table of number(15) index by pls_integer;
      3  begin
      4  null;
      5  end;
      6  /
    TYPE tab_person_id is of table of number(15) index by pls_integer;
    ERROR at line 2:
    ORA-06550: line 2, column 23:
    PLS-00103: Encountered the symbol "OF" when expecting one of the following:
    ( array limited new private range record VARRAY_ char_base
    number_base decimal date_base clob_base blob_base bfile_base
    table ref object fixed varying opaque sparse
    The symbol "OF" was ignored.Check What you are posting.
    @ qwestion: What is your Database Version? It is a implementation restriction.

  • Management VLAN for Catalyst 3524

    Hi,
    I'm currently using VLAN30 as my management VLAN (172.16.xxx.xxx) and would like to use VLAN20 for the management VLAN. After configuring VLAN20 as my management VLAN, the changes didn't get updated in the running-config. The IOS commands used are:
    config t
    int vlan 20
    ip address 149.199.xxx.xxx 255.255.252.0
    no shutdown

    Hi Ankur,
    This switch is in VTP client mode. When I did a show vlan, the output is as follows. VLAN 20 is already active.
    VLAN Name Status
    1 default active
    20 core-network active
    When I did a sh ip int brief, the output is as follows:
    VLAN1 unassigned YES manual up
    VLAN20 149.xx.xx.xx YES manual deleted
    VLAN30 172.xx.xx.xx YES manual up
    The VLAN 20 showed as deleted. I think this was because I issued the no int vlan 20 command as shown below:
    config t
    int vlan 20
    ip address 149.xx.xx.xx.255.255.255.0 (For setting it as the management VLAN)
    no int vlan 20
    How do I set VLAN20 as the Management VLAN again?
    What is the difference between the following:
    i) int vlan 20
    shutdown
    ii) no int vlan 20

  • Ask the Expert: Packet Capture Capabilities of Cisco Routers and Switches

    With Rahul Rammanohar 
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about packet capture capabilities of Cisco routers and switches.
    In May 2013, we created a video that included packet capture capabilities across multiple Cisco routers and switches. For each product, we began with a discussion about the theory of the capabilities, followed by an explanation of the commands, and we concluded with a demo on real devices. In this Ask the Expert event, you’re encouraged to ask questions about the packet capture capabilities of these Cisco devices:
    •       7600/6500: mini protocol analyzer (MPA), ELAM, and Netdr
    •       ASR9k: network processor capture
    •       7200/ISRs: embedded packet capture
    •       Cisco Nexus 7K, 5K, and 3K: Ethanalyzer
    •       Cisco Nexus 7K: ELAM
    •       CRS: show captured packets
    •       ASR1K: embedded packet capture
    More Information
    Blog URL: Packet Capture Capabilities of Cisco Routers and Switches
    Watch the Video:  https://supportforums.cisco.com/videos/6226
    Hitesh Kumar is a customer support engineer in the High-Touch Technical Services team at Cisco specializing in routing protocols. He has been supporting major service providers and enterprise customers in routing, Multiprotocol Label Switching (MPLS), multicast, and Layer 2 VPN (L2VPN) issues on routing platforms for more than three years. He has more than six years of experience in the IT industry and holds a CCIE certification (number 38757) in service. 
    Rahul Rammanohar is a technical leader with the High-Touch Technical Support Team in India. He handles escalations in the area of routing protocols and large-scale architectures for devices running Cisco IOS, IOS-XR, and IOS-XE Software. He has been supporting major service providers and large enterprise customers for routing, MPLS, multicast, and L2VPN issues on all routing platforms. He has more than 13 years of experience and holds a CCIE certification (number 13015) in routing/switching and service provider.
    Remember to use the rating system to let Hitesh and Rahul know if you have received an adequate response.  
    Because of the volume expected during this event, Hitesh and Rahul might not be able to answer each question. Remember that you can continue the conversation in the Service Provider, sub-community forum shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

    Hello Erick
        Thanks for the topology. The trigger will be different for labelled  packet as you would need to mention the values of labels too in the  trigger.
         Below are two examples of one or two labels being  used, it depends on where you are capturing the packet in mplsvpn  scenario which will decide teh number of labels being imposed on the  packet.
    Trigger for one label. (if the router on which you are capturing the packet PHP is being performed)
    VPN label - 5678
    Source Address - 111.111.111.111
    Destination Address - 123.123.123.123
    show platform capture elam trigger dbus others if data = 0 0 0 0x88470162 0xE0000000 0 0 0x00006F6F 0x6F6F 7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
    Trigger for two labels. (for other core routers)
    IGP label - 1234
    VPN label - 5678
    Source Address - 111.111.111.111
    Destination Address - 123.123.123.123
    show platform capture elam trigger dbus others if data = 0 0 0 0x8847004D 0x20000162 0xE0000000 0 0 0x00006F6F 0x6F6F7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf000ffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
        You can check the labels being used (by using show ip cef <> details) and covert their values to hex and change the trigger accordingly.
         I have changed the colors for better understanding. If you notice carefully in the trigger the values for ip address, labels have just been converted to their respective hex values which could be replaced.
         Please let me know if this helps.
    Thanks & Regards
    Hitesh & Rahul

  • Capturing packets from two server programs in single solaris box

    Hi,
    Greetings.
    I observe that snoop is not capturing packets exchanged between two server process which are running in a same solaris machine.
    Are there any options with snoop, so that it is possible to capture the
    packets between two server processes in a single machine ?
    Thanks in advance.
    BR, RK

    Snoop? No. Packets to the same machine never reach the DLPI layer which is where snoop is looking.
    There are some 'dtrace' scripts on Solaris 10 that attempt to view the contents as they go within the machine. They should work with most interfaces.
    I don't know of any good solution for Solaris 9.
    Darren

  • Capture packet / ip logging

    What is the best way to capture packets as well as display them for signatures.
    I need to see the packets that cuase the ICMP hard DoS sig 2157 to fire. From the Cisco IDS Install and Configuration guide version 4.x it talks about enabling packet capture to true as well as Event action, but no clear instructions on which to use or if both need to be configured.

    If you want to capture the packets that caused the signature to fire, then you must enable the "log" option as the EventAction in the signature. When the IDS detects an attack based on this signature, it creates an IP log.
    There is also an "IP logging" feature in the IDS that is used to capture the packets for a duration of time. This capture is time or size (bytes) based and is not based on signature.

  • Packet capture

    i need to capture the packets which are browsed by the browser.
    it should run as like as a spy.
    i need to complete this projet for my course .very urgent
    can you help me please.

    good luck to you.

  • Packet-capture filters

    Has anyone successfully used a source-port or destination-port filter in a packet-capture command on a waas?  Anytime I try to filter on any port # I capture no packets.  If I however remove the port # and run a packet-capture I capture packets and see the traffic my filter should have caught.  I'm not sure if I'm looking at a bug since it seems straightforward.
    packet-capture interface gigabitEthernet 0/0 source-port 1494 file-size 50000 capctx
    Cisco Wide Area Application Services (universal-k9) Software Release 5.1.1d (build b7 Aug 19 2013)
    Version: oe7571-5.1.1d.7
    thank you,
    Bill

    Thank you Srinivasa.  I tried the tcpdump, but get the same behavior.  As soon as I remove the filter all the packets come pouring in.  I've tried different ports such as 445, but with the same results, 0 packets. 
    pa-harr-0-7571a#tcpdump -i eth0 -s 3200 tcp port 1494 -w ctxcapnew.pcap
    Note : The tcpdump and tethereal CLIs are planned to be deprecated in a future release. The use of 'packet-capture' CLI is recommended.
    tcpdump: Setting virtual memory/file size limit to 524288000
    tcpdump: WARNING: eth0: no IPv4 address assigned
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 3200 bytes
    0 packets captured
    12 packets received by filter
    0 packets dropped by kernel
    pa-harr-0-7571a#tcpdump -i eth0 -s 3200 -w ctxcapnew1.pcap
    Note : The tcpdump and tethereal CLIs are planned to be deprecated in a future release. The use of 'packet-capture' CLI is recommended.
    tcpdump: Setting virtual memory/file size limit to 524288000
    tcpdump: WARNING: eth0: no IPv4 address assigned
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 3200 bytes
    225215 packets captured
    225222 packets received by filter
    0 packets dropped by kernel
    Update on this:
    tethereal seems to be the only utility that works with a  filter.  The command below performed as expected, which is odd since  it's advertised as working with 4.0 and earlier and I'm running 5.1.1d  where I'm warned that tethereal and tcpdump are soon to be deprecated;  hopefully not before the issue with packet-capture not working with  filters is resolved.
    tethereal -i eth0 -s 1600 -w dump.cap -R "tcp.port == 1494"

  • Packet capture on IPS 5x

    In CLI mode version 5.x, we run "packet capture" command to capture xx packets of an x.x.x.x IP address. Logon to service, searching thought directories but could not find the file that packet
    capture created. Please advise file name and directory this command created.
    TIA.
    Simone

    You will find the capture file here:
    /usr/cids/idsRoot/var/packet-file

Maybe you are looking for

  • How to Schedule a Report to Run on a Specific Business Day and Not on the Weekend

    Hi, Is there a way to schedule a Webi report to run on a specific Business Day? For example, if I wanted a report to run on the 3rd day of every month, but when the 3rd day for a particular month landed on a Saturday or Sunday, then Monday would auto

  • Error while loading data from ECC to BI

    Hi BW Experts, while loading data from ECC 6.0 to BI  i got error in details tab of the infopackage as datapackage 1  arrived in bw processing not yet finished. Could any one help me out? Thanks

  • Installing Webdb 2.1 on Solaris big problem

    "You entered an incorrect system password or an incorrect TNS names alias" error message while I was installing the Webdb 2.1 on Sun Solaris. During configation : In installer I entered other new home: ORACLE_HOME=/u01/app/oracle/product/webdb Host N

  • Dynamic Text for Recurring Documents

    Hello all, I want to know how to use dynamic texts for Document Header field in recurring documents. We run the recurring program each month (F.14). I would like the document header text to have the dates of that month eg "01/06/08 - 30/06/08". If we

  • Language settings for shared elements

    I am encountering some problems that most probably are language related with items and custom attributes. We have installed both Norwegian and Swedish, and the shared elements page group has activated translations. All my custom attributes were defau