Configuration Note 14 Document #: LTRT-40386
Troubleshooting the MSBR
The following example captures data from the Ethernet interface on the WAN side and sends
it to a TFTP server:
# debug capture data interface gigabitethernet 0/0 proto all host
any port any tftp-server 192.168.0.50
..............................
2.2.2 Looking Inside the VPN IPSec Tunnel Example
The "debug capture data interface" command allows you to monitor traffic on a specific
interface. When the interface is encrypting traffic, the packets are encapsulated inside ESP
packets.
# debug capture data interface GigabitEthernet 0/0.1000 proto all
host any
05:19:08.422033 0:90:8f:3c:81:b0 a4:4c:11:e4:22:b0 0800 126:
10.42.0.1 > 10.42.0.2: ESP(spi=0xf40c9b81,seq=0x1) (ttl 64, id
61420, len 112)
05:19:08.422446 a4:4c:11:e4:22:b0 0:90:8f:3c:81:b0 0800 126:
10.42.0.2 > 10.42.0.1: ESP(spi=0xc3415d3e,seq=0x1) (DF) (ttl 255,
id 25482, len 112)
Adding the IPSec flag to the "debug capture data interface" command displays the encrypted
packets running in to the IPSec tunnel.
# debug capture data interface GigabitEthernet 0/0.1000 ipsec
proto all host any
05:19:28.191142 0:90:8f:3c:81:b0 a4:4c:11:e4:22:b0 0800 74:
192.169.20.1 > 192.169.40.1: icmp: echo request (DF) (ttl 64, id
0, len 60)
05:19:28.191454 a4:4c:11:e4:22:b0 0:90:8f:3c:81:b0 0800 74:
192.169.40.1 > 192.169.20.1: icmp: echo reply (DF) (ttl 255, id 0,
len 60)
05:19:29.185888 0:90:8f:3c:81:b0 a4:4c:11:e4:22:b0 0800 74:
192.169.20.1 > 192.169.40.1: icmp: echo request (DF) (ttl 64, id
0, len 60)
05:19:29.186700 a4:4c:11:e4:22:b0 0:90:8f:3c:81:b0 0800 74:
192.169.40.1 > 192.169.20.1: icmp: echo reply (DF) (ttl 255, id 0,
len 60)