Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3708
Views
0
Helpful
2
Replies

netflow statistics

Go to solution
WILLIAM STEGMAN
Level 4
Level 4

‎10-08-2007 05:13 AM

I'm trying to understand what netflow statistics are being show when using sh ip flow top and the sh ip flow top (#) aggregate commands. What I'm looking for is a real-time picture of statistics, not a n accumulation of stats. We have periods of congestion and an alert system setup to notify me when that congestion takes place. I'd like to connect to the router where the congestion is occurring and get a snapshot of the top ten talkers at that moment. However I'm unsure if that is a real time picture or an accumulation of statistics since either the last clear counters or clear ip flow stats command was issued. Can anyone offer some clarity on how netflow's stats are presented?

Thank you,

Bill

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paitken
Level 1
Level 1

‎11-27-2007 06:24 AM

Bill,

The "show ip flow top" scans the netflow cache in real time and shows you a snapshot of what's happening in your router at this exact moment.

Aggregation is of the traffic that's in the netflow cache right now; and isn't related in any way to the last clear command.

So when you see congestion, you can be 100% confident that the "sh ip flow top ... " output shows you exactly what the cause is.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
wdrootz
Level 4
Level 4

‎10-12-2007 09:44 AM

Using show ip flow top-talkers and match criteria command can be used to display statistics for unaggregated top flows

Using the show ip flow top-talkers command to display the aggregated statistics from the flows on a router for the highest volume applications and protocols in your network helps you identify, and classify, security problems such as a denial of service (DoS) attacks because DoS attack traffic almost always show up as one of the highest volume protocols in your network when a DoS attack is in progress. Displaying the aggregated statistics from the flows on a router is also useful for traffic engineering, diagnostics and troubleshooting.

0 Helpful

Go to solution
paitken
Level 1
Level 1

‎11-27-2007 06:24 AM

Bill,

The "show ip flow top" scans the netflow cache in real time and shows you a snapshot of what's happening in your router at this exact moment.

Aggregation is of the traffic that's in the netflow cache right now; and isn't related in any way to the last clear command.

So when you see congestion, you can be 100% confident that the "sh ip flow top ... " output shows you exactly what the cause is.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents