Sometimes we need to trouble shoot when an application admin reports error, they always say “can’t access to the network/internet”. We might use sniffering tools like wireshark to monitor the packets at the same time before and behind the router. But there’s an easier way to do that.
(config)#permit 199 icmp any any
Priv#debug ip packet 199 (detail)
That’s all, this is the sample to monitor ICMP packets passing through the Cisco routers.
Why using access-list 199? ‘Couse my simulator can only debug the access-list from 1 to 199.
There are some differences between debug ip icmp and debug ip packet <access-list-number>.
In my lab, the testing result told me that “debug ip icmp” shows the icmp packets from or to the router its self, but not the packets “pass through” it.