Hello Wisam,
The packets that got dropped don’t get logged but you can see what gets dropped realtime with a debug.
R2 is a router with an inbound access-list:
R2#debug ip packet detail
IP packet debugging is on (detailed)
Let’s send a ping from R1:
R1#ping 192.168.12.2 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
U
Success rate is 0 percent (0/1)
This gets logged on the console:
R2#
IP: s=192.168.12.1 (GigabitEthernet0/1), d=192.168.12.2, len 100, access denied
ICMP type=8, code=0
FIBipv4-packet-proc: route packet from GigabitEthernet0/1 src 192.168.12.1 dst 192.168.12.2
FIBfwd-proc: Default:192.168.12.2/32 receive entry
FIBipv4-packet-proc: packet routing failed
IP: tableid=0, s=192.168.12.1 (GigabitEthernet0/1), d=192.168.12.2 (GigabitEthernet0/1), routed via RIB
FIBipv4-packet-proc: route packet from (local) src 192.168.12.2 dst 192.168.12.1
FIBfwd-proc: packet routed by adj to GigabitEthernet0/1 192.168.12.1
FIBipv4-packet-proc: packet routing succeeded
IP: s=192.168.12.2 (local), d=192.168.12.1 (GigabitEthernet0/1), len 56, sending
ICMP type=3, code=13
IP: s=192.168.12.2 (local), d=192.168.12.1 (GigabitEthernet0/1), len 56, sending full packet
ICMP type=3, code=13
IP: s=192.168.12.1 (GigabitEthernet0/1), d=192.168.12.2, len 100, input feature
ICMP type=8, code=0, packet consumed, Access List(47), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
The last line shows that this packet got “consumed” by the access-list. If you do this on a production router, make sure you add an access-list for your debug or your router gets overburdened with debug messages:
R2#debug ip packet detail ?
<1-199> Access list
<1300-2699> Access list (expanded range)
<cr>
Hope this helps!
Rene