04-10-2007 07:33 AM
Hello,
Without the use of 3rd party applications, how can I perform minor monitoring on a router? For example, how can I monitor a specific workstation with it's I.P address or hostname with information on what type of traffic it's traversing inbound and outbound to and from the internet? For eg, I would like to monitor data transmissions, the source of the transmission (ie youtube video downloading), etc etc
Thank You
04-10-2007 07:53 AM
Netflow is probably your best option for analysing traffic on the basis of source and destination IP address and ports.
You would normally want to export your netflow from your Cisco routers to a separate netflow collector for aggregation and collection but you can get some useful information using just the Cisco router itself.
Enable ip cache flow on each interface for which you would like to see traffic statistics as follows:
interface fa0
ip route-cache flow
To show the statistics use the command:
show ip cache flow
You should see stats similar to the following:
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
--------
Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 20225 0.0 20 49 0.0 3.7 7.8
TCP-FTP 45024 0.0 10 73 0.1 11.2 9.4
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Se2 xxx.xxx.236.69 Fa0 66.117.168.68 11 041F 7221 1
Fa0 69.208.124.204 Se2 xxx.xxx.236.69 06 2041 08C5 4
See http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/cs/csprtx/csswcmd.htm#2776 for more information on Netflow commands.
04-18-2007 07:43 AM
Thanks a lot
Are there any other commands or programs that are good for monitoring traffic?
04-18-2007 01:03 PM
I agree that netflow is the best, but you could also take look at nbar. For example-
3845-1#sh ip nbar protocol-discovery top-n 5
Serial1/0
Input Output
----- ------
Protocol Packet Count Packet Count
Byte Count Byte Count
5min Bit Rate (bps) 5min Bit Rate (bps)
5min Max Bit Rate (bps) 5min Max Bit Rate (bps)
------------------------ ------------------------ ------------------------
custom-03 237646903 2510777256
27266440280 1429979257844
0 0
1803000 42200000
custom-02 750134185 3928162883
284406865383 1036238460274
174000 2754000
12971000 28550000
http 292195917 566733859
177327666661 96719171553
618000 284000
6669000 1153000
notes 15984344 138059171
13305138667 33276059628
38000 75000
1490000 3963000
ftp 4132108 2481924
5971729836 155576593
0 0
3396000 143000
unknown 107147902 1929645324
18457068654 642355089767
10000 1287000
657000 4411000
Total 1697033050 10141636323
655116274012 3414138215558
1135000 4793000
35688000 100026000
http://cisco.com/en/US/products/ps6616/products_ios_protocol_group_home.html
HTH and please rate.
Aaaahhhh all the formatting was lost, looks better on the router :-)
04-18-2007 01:05 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: