Description and configuration of three network traffic detection methods

I. ip accounting
　　
1. configuration method
　　
Router (config) # int s 0/0
　　
Router (config-if) # ip accounting output-packets
　　
Router # sh ip accounting output-packets
　　
Source Destination Packets Bytes
　　
192.1.1.110 192.1.1.97 5 500
　　
172.17.246. 128 192.1.1.110 8 704
　　
Accounting data age is 2d23h
　　
Or
　　
Router (config) # int s 0/0
　　
Router (config-if) # ip accounting access-violations
　　
Router # sh ip accounting [checkpoint] access-violations
　　
Source Destination Packets Bytes ACL
　　
192.1.1.110 224.0.0.5 46 3128 19
　　
Accounting data age is 7
　　
2. Description
　　
● If this method is used in
Routing
When the server load is too large, use it with caution because it will degrade the system performance.
● Address-based byte count and Data Packet Count
● Generally, only outbound data packets and data packets rejected by ACL are supported (IN and OUT ACLs are supported)
● Statistics traversal only
Routing
The traffic of the server. The source or target is
Routing
No statistics are collected on the data packets of Iot platform.
● All switching paths are supported, except Autonomous Switching.
● You can access the statistical value through SNMP, MIB is a OLD-CISCO-IP-MIB, lipAccountingTable
● Ip accounting also supports other monitoring methods, such as tos and mac-address.
　　
　　 Ii. netflow
　　
1. configuration method
　　
Router (config-if) # ip route-cache flow
　　
Router (config) # ip flow-export destination 172.17.246.225 9996
　　
Router (config) # ip flow-export version 5
　　
Optional configuration
　　
Router (config) # ip flow-export source loopback 0
　　
Router (config) # ip flow-cache entries
　　
Router (config) # ip flow-cache timeout
　　
Sh ip cache flow
　　
IP packet size distribution (132429191 total packets ):
　　
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
　　
. 000. 191. 024. 009. 010. 006. 005. 008. 003. 005. 003. 003. 002. 001. 001
　　
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
　　
. 001. 002. 107. 032. 578. 000. 000. 000. 000. 000. 000. 000
　　
IP Flow Switching Cache, 278544 bytes
　　
33 active, 4063 inactive, 7975259 added
　　
104834714 ager polls, 0 flow alloc failures
　　
Active flows timeout in 30 minutes
　　
Inactive flows timeout in 15 seconds
　　
Last clearing of statistics never
　　
Protocol Total Flows Packets Bytes Packets Active (Sec) Idle (Sec)
　　
-------- Flows/Sec/Flow/Pkt/Sec/Flow
　　
TCP-Telnet 25378 0.0 12 652 0.0 22.9
　　
TCP-FTP 432435 0.1 4 59 0.4 1.2 2.7
　　
TCP-FTPD 28670 0.0 212 1397 1.4 8.2
　　
TCP-WWW 4682530 1.0 15 927 16.4 2.4 4.6
　　
2. Description
　　
● Count data volumes based on streams (including address pairs, port numbers, protocol types, and so on)
　　
● Only inbound traffic is supported
　　
● Only unicast is supported.
　　
● Only configured on the master Port
　　
● It must be used with cef or fast switching.
　　
● Pair
Routing
Performance is affected
　　
10,000 active flows: sh log
　　
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes,
　　
0 overruns)
　　
Console logging: level debugging, 79 messages logged
　　
Monitor logging: level debugging, 0 messages logged
　　
Buffer logging: level debugging, 79 messages logged
　　
Logging Exception size (4096 bytes)
　　
Trap logging: level informational, 83 message lines logged
　　
Log Buffer (4096 bytes ):
　　
* May 25 05: 27: 50: % SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71 (0)-> 10.0.29.3 (0), 1 packet
　　
* May 25 05: 28: 59: % SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71 (0)-> 10.0.28.128 (0), 1 packet
　　
* May 25 05: 29: 19: % SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71 (0)-> 10.0.29.3 (0), 56 packets Article entry: csh responsible editor: csh