[mrtg] Re: Packet count specific values inside the ethernet paket

Daniel J McDonald dmcdonald at digicontech.com
Thu Oct 18 16:47:52 MEST 2001 

ok, here's my attempt to do that.  I am counting code-red and nimda bytes:
The results are at:
http://netmon.outreachhealth.com/cgi-bin/mrtg.pl?log=nimda

Remember - this involves the use of unstable code.  Caveat executor.

The mrtg config:
Target[nimda]:
.1.3.6.1.4.1.9.9.166.1.15.1.1.17.1083.1085&.1.3.6.1.4.1.9.9.166.1.15.1.1.17.
1083.1085:11874 at 172.16.0.1:::::2
MaxBytes[nimda]: 64000
toptalker*group[nimda]:nimda
RouterUptime[nimda]: 11874 at 172.16.0.1
Options[nimda]: bits
Title[nimda]: Austin3640 Nimda Bytes Blocked
YLegend[nimda]: Bytes Blocked
PageTop[nimda]: <H1>Nimda and Code Red bytes Blocked</H1>

The router config:

class-map match-any banned
  match protocol http url "*weatherbug*"
  match protocol http url "*webshots*"
  match protocol http host "*weatherbug*"
  match protocol http host "*webshots*"
class-map match-any http-hacks
  match protocol http url "*.ida"
  match protocol http url "*cmd.exe*"
  match protocol http url "*root.exe*"
  match protocol http url "*readme.eml*"
!
policy-map drop-outbound-banned
  class banned
     police 10000000 31250 31250 conform-action drop exceed-action drop
violate-action drop
policy-map drop-inbound-http-hacks
  class http-hacks
     police 1000000 31250 31250 conform-action drop exceed-action drop
violate-action drop
!
interface Serial0/1:0.120 point-to-point
 description *** Internet ***
 bandwidth 768
 ip unnumbered Loopback1
 ip access-group firewall2 in
 ip access-group outbound out
 ip nat outside
 ip inspect outreach out
 ip audit internet in
 service-policy input drop-inbound-http-hacks
 service-policy output drop-outbound-banned
 frame-relay interface-dlci 120 IETF

-----Original Message-----
From: mrtg-bounce at list.ee.ethz.ch [mailto:mrtg-bounce at list.ee.ethz.ch]On
Behalf Of Ronaldo Meireles
Sent: Tuesday, October 16, 2001 7:25 AM
To: mrtg at list.ee.ethz.ch
Subject: [mrtg] Packet count specific values inside the ethernet paket



Folks

I am looking for an way to count specific packets.
I would like to increment a counter when an event of this specified packet
appeared and make a HTML page with this information.

Has anybody seen this kind of tool?


Regards

Ron.

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi




--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list