Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Traffic analysis questions 3

Status
Not open for further replies.
intelwizrd

intelwizrd

IS-IT--Management
Dec 20, 2002
263
US
I'm not sure where I should post this, so if anyone knows of a better forum, let me know.

I am trying to set up some traffic analysis for traffic to and from the internet. I am interested in how much of our traffic is http, https, ftp, smtp, dns, etc.. I can set up an ACL that will give me packet counts but not the ammount of traffic (how many Mbps). Does anyone know of a device that I could plug into a span/monitor port or software i can install on a device that is capable of monitoring 45Mbps and reporting that back to me. the more information i can grab, the better, as i am also interested in grabbing information about the top 10 requesting nodes and the top 10 destination nodes.

Thanks for your help.

----------------------------
Josh
CCNA, MCSE 2003(in progress)
 
Sort by date Sort by votes
Hi Josh,
We are using NetFlow Analysis to watch IP traffic flows by protocol. Most all cisco routers can capture NetFlow statistics (counts by src/dest/port) and export them to an external box for analysis. AdventNet.com has a really good Netflow Analyzer program (reasonable cost, too)
To activate NF, add the following lines to your config:
GLOBAL:
ip cef
ip flow-cache timeout active 1
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination xx.xx.xx.xx 9996
ip flow-aggregation cache prefix enabled
xx,xx,xx,xx is the IP address of your collector/analyzer
Also, we use a loopback interface to group all the stats for all the interfaces on a given router, thus the optional "source loopback0" stmt

On each interface you want to track usage:
interface xxxx
ip route-cache flow

You can spend thousands to do what Cisco gives away free.
 
Upvote 0 Downvote
Thanks hassarfj,

This is a great find. One more question though, I set it up on one interface (our DS3) but i am only getting flows that are inbound from the internet. How do I get it to report on flows being sent out to the internet?

Thanks again for all your help.

----------------------------
Josh
CCNA, MCSE 2003(in progress)
 
Upvote 0 Downvote
never mind, i didnt have the loopback address set correctly. i changed it and now everything is working great.

Thanks again for this truly awesome information.

----------------------------
Josh
CCNA, MCSE 2003(in progress)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
67
quazimotto
quazimotto
steel_bender
  • Locked
  • Question
Allow HTTPS TCP Traffic through ASA5525
Replies
1
Views
109
Mogles49
Mogles49
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
75
acabezas2014
acabezas2014
rejackson
  • Locked
  • Question
Traffic shaping - how much memory is required
Replies
0
Views
53
rejackson
rejackson
Punk6296
  • Locked
  • Question
UC520-8U-2BRI-K9 Questions
Replies
0
Views
52
Punk6296
Punk6296

Part and Inventory Search

Sponsor

Back
Top