Network Monitoring

Unanswered Question
Apr 10th, 2007
User Badges:

Hello,


Without the use of 3rd party applications, how can I perform minor monitoring on a router? For example, how can I monitor a specific workstation with it's I.P address or hostname with information on what type of traffic it's traversing inbound and outbound to and from the internet? For eg, I would like to monitor data transmissions, the source of the transmission (ie youtube video downloading), etc etc


Thank You

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Craig Balfour Tue, 04/10/2007 - 07:53
User Badges:
  • Bronze, 100 points or more

Netflow is probably your best option for analysing traffic on the basis of source and destination IP address and ports.


You would normally want to export your netflow from your Cisco routers to a separate netflow collector for aggregation and collection but you can get some useful information using just the Cisco router itself.


Enable ip cache flow on each interface for which you would like to see traffic statistics as follows:


interface fa0

ip route-cache flow


To show the statistics use the command:


show ip cache flow


You should see stats similar to the following:


Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

--------

Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 20225 0.0 20 49 0.0 3.7 7.8

TCP-FTP 45024 0.0 10 73 0.1 11.2 9.4


SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Se2 xxx.xxx.236.69 Fa0 66.117.168.68 11 041F 7221 1

Fa0 69.208.124.204 Se2 xxx.xxx.236.69 06 2041 08C5 4


See http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/cs/csprtx/csswcmd.htm#2776 for more information on Netflow commands.

danny9797 Wed, 04/18/2007 - 07:43
User Badges:

Thanks a lot


Are there any other commands or programs that are good for monitoring traffic?

Collin Clark Wed, 04/18/2007 - 13:03
User Badges:
  • Purple, 4500 points or more

I agree that netflow is the best, but you could also take look at nbar. For example-


3845-1#sh ip nbar protocol-discovery top-n 5


Serial1/0

Input Output

----- ------

Protocol Packet Count Packet Count

Byte Count Byte Count

5min Bit Rate (bps) 5min Bit Rate (bps)

5min Max Bit Rate (bps) 5min Max Bit Rate (bps)

------------------------ ------------------------ ------------------------

custom-03 237646903 2510777256

27266440280 1429979257844

0 0

1803000 42200000

custom-02 750134185 3928162883

284406865383 1036238460274

174000 2754000

12971000 28550000

http 292195917 566733859

177327666661 96719171553

618000 284000

6669000 1153000

notes 15984344 138059171

13305138667 33276059628

38000 75000

1490000 3963000

ftp 4132108 2481924

5971729836 155576593

0 0

3396000 143000

unknown 107147902 1929645324

18457068654 642355089767

10000 1287000

657000 4411000

Total 1697033050 10141636323

655116274012 3414138215558

1135000 4793000

35688000 100026000


http://cisco.com/en/US/products/ps6616/products_ios_protocol_group_home.html


HTH and please rate.


Aaaahhhh all the formatting was lost, looks better on the router :-)

Actions

This Discussion