[nsp] NBAR question

Cisco Geek Rotation cisco at peakpeak.com
Sun Mar 2 19:26:50 EST 2003


At 08:35 PM 3/2/2003 -0500, Scott Morris wrote:
>Wait for more signatures to get programmed into the IOS, or by adding a
>PDLM in your config!
>
>The more signatures to compare against, the more work you want your
>router to do!
>
>Scott


Sure, but looking at what all is in the list of protocols already when I do 
a show ip nbar proto interface <x> that list looks pretty 
comprehensive.  What other protocols are likely to be happening that are 
missing from that list?

Chris


>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net
>[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Cisco Geek
>Rotation
>Sent: Sunday, March 02, 2003 12:22 PM
>To: cisco-nsp at puck.nether.net
>Subject: [nsp] NBAR question
>
>
>I've been putting ip nbar protocol-discovery on egress interfaces as a
>way
>of seeing what kinds of traffic are traversing the WAN links.
>
>What I've noticed even on very late revisions of IOS (a month old) is
>that
>the "unknown" category always seems to have more traffic than anything
>else
>(853Kbps here which oeverwhelms the traffic of anything else).  It's as
>though NBAR can't classify a lot of the traffic.  Any ideas how to get
>NBAR
>to more carefully detail what the traffic is?
>
>#show ip nbar proto int fastether4/0/0
>
>   FastEthernet4/0/0
>                              Input                    Output
>     Protocol                 Packet Count             Packet Count
>                              Byte Count               Byte Count
>                              30 second bit rate (bps) 30 second bit rate
>(bps)
>     ------------------------ ------------------------
>------------------------
>     fasttrack                458                      1200
>                              27480                    1582200
>                              3000                     123000
>     http                     1218                     2617
>                              543204                   546493
>                              50000                    33000
>     gnutella                 386                      1120
>                              135542                   349589
>                              13000                    33000
>     icmp                     51                       62
>                              9026                     6752
>                              2000                     1000
>     smtp                     26                       69
>                              6167                     7032
>                              3000                     0
>
>
><snip>
>
>     unknown                  2052                     11682
>                              758973                   7760912
>                              88000                    853000
>     Total                    4529                     17380
>                              1546650                  10359269
>                              165000                   1045000
>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list