PIX debug packet not honoring proto

[Cat Okita <cat () reptiles org>]

Hola!

I'm having an odd issue (which Cisco assures me I can't be having) where
the command:

        debug packet <int> dst <ip> proto icmp

behaves completely differently on two identical[0] pix 515Es running 6.3(4)

On one box, I get the expected result, which is that I see ICMP packets
destined for <ip>, and nothing else.

On the other box, I see all TCP and UDP packets[1] destined for <ip>, 
and nothing else.

I've used 'undebug all', and 'sh debug' shows no debug rules, so I'm
a bit mystified about what I'm missing here.

Suggestions appreciated (I can't post the configs[2], but I can post parts
if there are specific areas to look at).

cheers!
[0] Hardware identical, not config identical
[1] I haven't found any ICMP, but there's a metric ton of traffic flowing,
        so it may be that I just don't see it.
[2] Without lengthy and extensive sanitization.
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards