02-20-2007 11:16 PM
I have the following Queries on Cisco Network Analyzer Module WS-SVC-NAM-2 which installed on Core switch 6500 series.
1. When monitoring Application; some applications appears as 'tcp-unknown' or 'gre-unknow' how could we know the type of this application monitored by the NAM.
2. Some reports appear to have missing data between some intervals.
3. Traffic monitored for specific VLAN is less than the traffic monitored for one host that belongs to that VLAN.
I have more queries, but those are the mort important for me.
02-26-2007 09:01 PM
Dear All,
I'am Still Waiting!!
02-26-2007 09:23 PM
The "others" issue is a known issue. We are addressing it in the
upcoming 3.5 release. The issue stems from
the fact that on the NAM GUI we only show protocolDir leaf nodes. In the
RMON-II standard packets
are parsed and counted up all the protocol layers until no further
differentiation is known by the parser.
So e.g. if it is a unknown TCP port, counting stops at TCP. But TCP is
not a leaf protocol and does
now show up (except in "others") in the GUI. In 3.5. we introduce a
bunch of xxx-unknown protocols
e.g. ip-unknown, tcp-unknown that are real leaf protocols where those
packets are counted. As they
are real protocols in the protocolDir we will collect stats on them
(hosts, conversations, etc) and they
can be captured.
02-26-2007 10:38 PM
Thanks a lot Mr.Ayganesa for your replay. but could i know the TCP Ports that those protocols are using?
03-02-2007 11:07 AM
Any CCIE Engineer can help me?!
03-02-2007 11:32 AM
hi there,
I would say the other/unknown ports are not specific to port numbers of tcp ( I have put more explanation below on that.) To address th e new question, NAM does not have an easy way to see the TCP port via the GUI
interface. However, you can session into the NAM and run "show config" and look for the
"monitor protocol" section.
For example:
monitor protocol
prot-specifier 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.80.4.0.1.0.0
name "w-ether2.ip.tcp.http"
addressmap not-applicable
host enable
conversations enable
art disable
exit
In the above long port-pecifier, you will see 80 which is the TCP port for HTTP.
You can dump your "show config" output to a file and then sort this file out using an
Editor.
NAM comes with a good list of application protocols. You are right, other
means, it's the application that has not been defined in NAM. However, NAM
displays the first 100 unknown protocols using the format "Layer4-port
number it saw this protocol on". So, the example for this is the
application in your screenshot is udp-17234. Custoemrs can save this by
going to Setup-->Monitor-->Protcol directory. Customers can give it a name
that they recognize.
For your original question on other/unknown -
Once the unknown protocols cross the 100 range, they are all grouped under
"other" category.
In 3.1 and 3.3 releases, the number of unknown protocols monitored are 100. It has been increased to a maximum of 500 (user definable) in 3.4
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide