Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to monitor traffic passing through routers???

Hi ,

Is there a tool to monitor the type of traffic passing in and out of the routers ( broadcast/multicast traffic)???

Any suggestions????

Thanks,

Pallavi

4 REPLIES
bjw Silver
Silver

Re: How to monitor traffic passing through routers???

Try

router> show ip cache flow

IP Flow Switching Cache, 4456704 bytes

718 active, 64818 inactive, 629689258 added

646291620 ager polls, 0 flow alloc failures

Active flows timeout in 1 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 336520 bytes

738 active, 15646 inactive, 636429655 added, 629665327 added to flow

0 alloc failures, 0 force free

1 chunk, 11 chunks added

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 512693 0.1 2 45 0.3 9.0 7.5

TCP-FTP 990 0.0 3 59 0.0 1.0 15.3

TCP-FTPD 998 0.0 1 218 0.0 0.2 19.3

TCP-WWW 116394659 27.1 13 613 377.2 2.1 6.7

TCP-SMTP 3445 0.0 88 703 0.0 1.0 6.9

TCP-X 322 0.0 1 50 0.0 0.4 20.3

TCP-BGP 618 0.0 1 45 0.0 0.0 19.7

TCP-NNTP 618 0.0 1 45 0.0 0.0 19.7

TCP-Frag 304 0.0 1 115 0.0 0.4 15.5

TCP-other 237584262 55.3 22 303 1271.6 1.9 7.4

UDP-DNS 3977636 0.9 2 69 2.6 3.1 15.4

UDP-NTP 65652192 15.2 1 83 15.4 0.0 15.4

UDP-TFTP 34944 0.0 1 66 0.0 1.3 15.5

UDP-Frag 81955 0.0 1 33 0.0 1.8 15.4

UDP-other 119511713 27.8 50 438 1403.0 2.8 15.1

ICMP 68775460 16.0 1 69 19.6 0.3 15.4

GRE 891569 0.2 184 503 38.3 52.9 3.6

IP-other 11616061 2.7 14 60 37.9 58.4 1.9

Total: 625040439 145.5 21 397 3166.4 2.9 10.4

Re: How to monitor traffic passing through routers???

NBAR and/or Netflow

Hall of Fame Super Silver

Re: How to monitor traffic passing through routers???

depending on what Pallavi is really looking for another possibility to consider would be show ip traffic. An example of what it show:

test_router>sh ip traffic

IP statistics:

Rcvd: 2574231 total, 393590 local destination

0 format errors, 0 checksum errors, 12 bad hop count

0 unknown protocol, 0 not a gateway

0 security failures, 0 bad options, 0 with options

Opts: 0 end, 0 nop, 0 basic security, 0 loose source route

0 timestamp, 0 extended security, 0 record route

0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump

0 other

Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble

305 fragmented, 735 fragments, 0 couldn't fragment

Bcast: 1428 received, 11060 sent

Mcast: 101395 received, 102033 sent

Sent: 198096 generated, 917651 forwarded

Drop: 879 encapsulation failed, 0 unresolved, 0 no adjacency

78 no route, 0 unicast RPF, 0 forced drop

0 options denied

Drop: 0 packets with source IP address zero

Drop: 0 packets with internal loop back IP address

ICMP statistics:

Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 89 unreachable

30856 echo, 0 echo reply, 1 mask requests, 0 mask replies, 82 quench

0 parameter, 1 timestamp, 1 info request, 0 other

0 irdp solicitations, 0 irdp advertisements

Sent: 0 redirects, 53 unreachable, 0 echo, 30856 echo reply

0 mask requests, 0 mask replies, 0 quench, 1 timestamp

0 info reply, 12 time exceeded, 0 parameter problem

0 irdp solicitations, 0 irdp advertisements

TCP statistics:

Rcvd: 2975 total, 0 checksum errors, 107 no port

Sent: 3405 total

IP-EIGRP statistics:

Rcvd: 107210 total

Sent: 107862 total

PIMv2 statistics: Sent/Received

Total: 0/0, 0 checksum errors, 0 format errors

Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0, Hellos: 0/0

Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0

Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0

Queue drops: 0

State-Refresh: 0/0

IGMP statistics: Sent/Received

Total: 0/0, Format errors: 0/0, Checksum errors: 0/0

Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0

DVMRP: 0/0, PIM: 0/0

Queue drops: 0

UDP statistics:

Rcvd: 45448 total, 0 checksum errors, 1432 no port

Sent: 55909 total, 0 forwarded broadcasts

OSPF statistics:

Rcvd: 0 total, 0 checksum errors

0 hello, 0 database desc, 0 link state req

0 link state updates, 0 link state acks

Sent: 0 total

0 hello, 0 database desc, 0 link state req

0 link state updates, 0 link state acks

ARP statistics:

Rcvd: 173178 requests, 1 replies, 0 reverse, 0 other

Sent: 264 requests, 3611 replies (0 proxy), 0 reverse

HTH

Rick

Silver

Re: How to monitor traffic passing through routers???

Hi!

Good Day! NBAR and NetFlow are the right tool if you are to monitor traffic up to Layer 7. Routers should have IOS that supports NetFlow. When enabled, NetFlow gets traffic samples on router interfaces and forwards it to applications that gathers and displays these information. NBAR is quite similar in nature. This are great tools that provides high level monitoring but would require additional resources to implement.

To know more about these tools, please check the following links:

Network Based Application Recognition Performance Analysis

http://www.cisco.com/en/US/products/ps6616/products_white_paper0900aecd8031b712.shtml

NBAR Q&A

http://www.cisco.com/en/US/products/ps6616/products_qanda_item09186a00800a3ded.shtml

Cisco CNS NetFlow Collection Engine

http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_data_sheet09186a00801e4ebb.html

Hope this helps,

Thanks and Regards,

Albert

39499
Views
5
Helpful
4
Replies
CreatePlease to create content