Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Monitoring IP Traffic

I have a link which is showing very high utilization.

Is there a way I can monitor which host/IP this is coming from? I seem to remember doing something with IP accounting but im not sure.

3 REPLIES
Purple

Re: Monitoring IP Traffic

Hi,

The following thread has some ideas that myself and some other posters contributed to regarding this very thing:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dda6899

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: Monitoring IP Traffic

Thanks for that most helpful.

A couple of things I noticed:

Dialer1 is up, line protocol is up (spoofing)

reliability 255/255, txload 1/255, rxload 61/255

When I implement IP account on FE0/1 I get

Source Destination Packets Bytes

205.205.36.178 10.0.129.29 55 73398

84.45.224.23 10.0.129.6 11 11449

84.45.224.14 10.0.129.31 80 109545

2

I have done this by implementing it on the interface FE0/1

ip accounting output-packets

ip accounting precedence input

ip accounting precedence output

I guess that is showing whats being downloaded, is there a way I can see whats coming from each LAN address as the source.

When I look at usage graph in SDM it 50-100% always of 2MB SDSL but I can't see where all this traffic originates.

Using ip flow top talkers this also doesnt show any "outstanding" amount of traffic which could be causing this.

Silver

Re: Monitoring IP Traffic

I will advice you to enable netflow. On the LAN interface add the config -

ip route-cache flow

Then use

sh ip cache flow

to display the flows that are entering into the router.

Netflow is able to give a lot more information than ip accounting. It gives the source and destination ip addresses, the source and destination interface, the soruce and destination ports, the ip protocol number and the number of packets in the flow. Note that the ports number and the ip protocol numbers are written in hexadecimal. Also, Netflow is an ingress technology, so the flows displayed are the ones entering the interface only.

263
Views
0
Helpful
3
Replies