Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
3
Replies

Monitoring IP Traffic

rasoftware
Level 1
Level 1

‎02-15-2006 03:05 AM - edited ‎03-03-2019 11:45 AM

I have a link which is showing very high utilization.

Is there a way I can monitor which host/IP this is coming from? I seem to remember doing something with IP accounting but im not sure.

Labels:
0 Helpful
3 Replies 3

pkhatri
Level 11
Level 11

‎02-15-2006 03:18 AM

Hi,

The following thread has some ideas that myself and some other posters contributed to regarding this very thing:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dda6899

Hope that helps - pls rate the post if it does.

Paresh

0 Helpful

rasoftware
Level 1
Level 1
In response to pkhatri

‎02-15-2006 07:22 AM

Thanks for that most helpful.

A couple of things I noticed:

Dialer1 is up, line protocol is up (spoofing)

reliability 255/255, txload 1/255, rxload 61/255

When I implement IP account on FE0/1 I get

Source Destination Packets Bytes

205.205.36.178 10.0.129.29 55 73398

84.45.224.23 10.0.129.6 11 11449

84.45.224.14 10.0.129.31 80 109545

2

I have done this by implementing it on the interface FE0/1

ip accounting output-packets

ip accounting precedence input

ip accounting precedence output

I guess that is showing whats being downloaded, is there a way I can see whats coming from each LAN address as the source.

When I look at usage graph in SDM it 50-100% always of 2MB SDSL but I can't see where all this traffic originates.

Using ip flow top talkers this also doesnt show any "outstanding" amount of traffic which could be causing this.

0 Helpful

olorunloba
Level 5
Level 5
In response to rasoftware

‎02-15-2006 08:56 AM

I will advice you to enable netflow. On the LAN interface add the config -

ip route-cache flow

Then use

sh ip cache flow

to display the flows that are entering into the router.

Netflow is able to give a lot more information than ip accounting. It gives the source and destination ip addresses, the source and destination interface, the soruce and destination ports, the ip protocol number and the number of packets in the flow. Note that the ports number and the ip protocol numbers are written in hexadecimal. Also, Netflow is an ingress technology, so the flows displayed are the ones entering the interface only.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card