How to quickly sniff a few packets with a Cisco router.

There was a large amount of traffic on a router and I knew something was not right.

int g 0/0
ip accounting output-packets

#sh ip accounting
   Source           Destination              Packets               Bytes
 10.201.195.4    71.225.81.54                   400              187200
 10.194.41.94    63.251.34.130                  488               28733
 10.194.41.36    108.168.214.12                1140              163510862
 10.136.114.135  78.108.118.250                  45                2100
 10.194.41.57    174.62.230.118                  40                2411
 10.194.41.36    65.112.54.26                     5                178235
 10.194.41.78    63.251.34.145                  479               27517

We need more detail on .36

access-list 105 permit tcp host 10.194.41.36 any

debug ip packet 105

terminal monitor (If you are doing this remotely.)

Now you should get more info like port numbers.

no debug all

This was a DOS attack. Now it has been blocked.