1. sh ip accounting
2. Pake NBAR protocol discovery
Caranya, tinggal di enable di interface yang mau dimonitor. Trus tinggal show ip nbar protocol-discovery.
3. Menggunakan Netflow.
Caranya, tinggal ditambahkan perintah "ip route-cache flow" di interface yang ingin dimonitor. Terus "show ip cache flow" Source/destination port dalam Hexadecimal jadi harus diterjemahkan ke desimal dulu.
Router>sh ip cache flow
IP packet size distribution (11301465 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.005 .301 .060 .043 .052 .018 .015 .010 .007 .012 .006 .004 .006 .004 .005
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.003 .003 .048 .034 .356 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
88 active, 4008 inactive, 1443186 added
35187043 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 3639 0.0 6 168 0.0 21.2 14.1
TCP-FTP 4185 0.0 25 78 0.0 26.8 14.1
TCP-FTPD 3507 0.0 7 639 0.0 16.7 13.6
TCP-WWW 513023 0.1 9 1017 1.1 7.5 7.9
TCP-SMTP 3872 0.0 8 176 0.0 21.3 13.4
TCP-X 496 0.0 1 40 0.0 0.0 14.9
TCP-NNTP 2274 0.0 8 155 0.0 23.3 13.9
TCP-Frag 2 0.0 1 47 0.0 0.0 15.1
TCP-other 548228 0.1 6 435 0.8 10.1 13.4
UDP-DNS 7 0.0 1 85 0.0 0.0 15.5
UDP-NTP 496 0.0 1 76 0.0 0.3 15.4
UDP-TFTP 1 0.0 1 302 0.0 0.0 15.0
UDP-Frag 788 0.0 20 1246 0.0 17.8 15.4
UDP-other 331894 0.0 5 197 0.4 1.8 15.4
ICMP 30688 0.0 17 60 0.1 18.4 15.3
Total: 1443100 0.3 7 639 2.6 7.6 12.0SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0/0 xxx.xxx.xxx.xxx Fa0/0 xxx.xxx.xxx.xxx 06 05A5 008B 1
0 comments:
Post a Comment