[nsp] NBAR question
Cisco Geek Rotation
cisco at peakpeak.com
Mon Mar 3 10:56:21 EST 2003
I've yet to be able to get the Packetshaper people to respond with a quote
on an update of a unit I've been looking at buying. Do you have a contact
you can share.
Chris
At 09:28 AM 3/3/2003 -0800, Voll, Scott wrote:
>I agree with Mark. If you want great control, the PacketShaper is a
>great product. Might be a little spendy. We were lucky enough to get
>an old PacketShaper (in an Intel box) and buy the support from Packeteer
>and get a fully up to date OS. Great Way to keep garbage out of your
>network or police your bandwidth. It's great for keeping File sharing
>programs out and streaming within limits.
>
>
>
>Scott Voll
>Network Analyst, CCNA
>Willamette ESD
>scott.voll at wesd.org
>
>
>
>
>
>-----Original Message-----
>From: Mark Persiko [mailto:mark.persiko at bvsd.k12.co.us]
>Sent: Monday, March 03, 2003 8:03 AM
>To: cisco-nsp at puck.nether.net
>Subject: RE: [nsp] NBAR question
>
>
>Another product you can use is Packeteer PacketShaper, which
>shows egress/ingress protocols and lets you set bandwidth
>allocations or blocks for types of traffic. This might be
>more efficient than the CPU cost of NBAR in software, depending on the
>router you use.
>
>Thanks,
> Mark
>
>- Mark C. Persiko, Network Engineer
>- IT Division, Boulder Valley School District
>- mark.persiko at bvsd.k12.co.us
>
>
>
>-----Original Message-----
>From: Scott Morris [mailto:swm at emanon.com]
>Sent: Monday, March 03, 2003 5:38 AM
>To: 'Cisco Geek Rotation'; cisco-nsp at puck.nether.net
>Subject: RE: [nsp] NBAR question
>
>
>It could be as simple as parts of protocols that aren't caught by the
>signature. Such as passive FTP or something utilizing a high port.
>*shrug*
>
>If you really want to be sure of things, plug a sniffer into your line
>and take a look at it "manually"!
>
>Scott
>
>
>-----Original Message-----
>From: Cisco Geek Rotation [mailto:cisco at peakpeak.com]
>Sent: Sunday, March 02, 2003 9:27 PM
>To: swm at emanon.com; cisco-nsp at puck.nether.net
>Subject: RE: [nsp] NBAR question
>
>
>At 08:35 PM 3/2/2003 -0500, Scott Morris wrote:
> >Wait for more signatures to get programmed into the IOS, or by adding a
>
> >PDLM in your config!
> >
> >The more signatures to compare against, the more work you want your
> >router to do!
> >
> >Scott
>
>
>Sure, but looking at what all is in the list of protocols already when I
>do
>a show ip nbar proto interface <x> that list looks pretty
>comprehensive. What other protocols are likely to be happening that are
>
>missing from that list?
>
>Chris
>
>
> >-----Original Message-----
> >From: cisco-nsp-bounces at puck.nether.net
> >[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Cisco Geek
> >Rotation
> >Sent: Sunday, March 02, 2003 12:22 PM
> >To: cisco-nsp at puck.nether.net
> >Subject: [nsp] NBAR question
> >
> >
> >I've been putting ip nbar protocol-discovery on egress interfaces as a
> >way of seeing what kinds of traffic are traversing the WAN links.
> >
> >What I've noticed even on very late revisions of IOS (a month old) is
> >that the "unknown" category always seems to have more traffic than
> >anything else
> >(853Kbps here which oeverwhelms the traffic of anything else). It's as
> >though NBAR can't classify a lot of the traffic. Any ideas how to get
> >NBAR
> >to more carefully detail what the traffic is?
> >
> >#show ip nbar proto int fastether4/0/0
> >
> > FastEthernet4/0/0
> > Input Output
> > Protocol Packet Count Packet Count
> > Byte Count Byte Count
> > 30 second bit rate (bps) 30 second bit
> >rate
> >(bps)
> > ------------------------ ------------------------
> >------------------------
> > fasttrack 458 1200
> > 27480 1582200
> > 3000 123000
> > http 1218 2617
> > 543204 546493
> > 50000 33000
> > gnutella 386 1120
> > 135542 349589
> > 13000 33000
> > icmp 51 62
> > 9026 6752
> > 2000 1000
> > smtp 26 69
> > 6167 7032
> > 3000 0
> >
> >
> ><snip>
> >
> > unknown 2052 11682
> > 758973 7760912
> > 88000 853000
> > Total 4529 17380
> > 1546650 10359269
> > 165000 1045000
> >
> >
> >_______________________________________________
> >cisco-nsp mailing list cisco-nsp at puck.nether.net
> >http://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list