[mrtg] Re: Packet count specific values inside the ethernet paket
Daniel J McDonald
dmcdonald at digicontech.com
Wed Oct 17 16:26:41 MEST 2001
>I am looking for an way to count specific packets.
>I would like to increment a counter when an event of this specified packet
>appeared and make a HTML page with this information.
Warning: the advice I am about to give may cause serious network
disruptions due to buggy code. Do not try this in mission critical
environments. Do not even read this posting without wearing safety goggles
For the truly brave, running NBAR on a Cisco router with 12.1.5T10 or 12.2.3
code will probably give you the information that you want. There is a mib
to pull the stats, but I have not dug into it yet. I probably need to do
that so that I can graph the number of code-red/nimda attacks that the
router is tossing in the trash can.
NBAR with CEF and Netflow switching can cause excessive CPU utilization and
huge numbers of input queue drops on low end platforms. I have spent the
better part of two weeks nursing a couple of routers along while trying to
keep code-red at bay.
High-end platforms, like the 7206VXR/300, can handle this with no problems.
I have it applied to a 7206VXR with a gigabit interface and an SRP OC-12 and
it is humming along nicely. A 3640 with a HSSI running frame-relay chokes
with only about 2meg of traffic.
I would recommend using cbQosCMPostPolicyByte64 or cbQosCMDropByte64 to
gather the stats. I'm not certain whence the instance value is derived, so
I'd just do an snmpwalk on it and go from there.
Daniel J McDonald, CCIE 2495, CNX
Principal Network Specialist
Digicon, a Cisco Partner, Silver Certified.
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
More information about the mrtg