[j-nsp] Getting traffic details

Michael Loftis mloftis at wgops.com
Fri Feb 18 13:08:34 EST 2005 


--On Friday, February 18, 2005 10:27 -0500 Jared Mauch 
<jared at puck.nether.net> wrote:

> On Fri, Feb 18, 2005 at 10:20:37AM -0500, Mark Fullmer wrote:
>> On Thu, Feb 17, 2005 at 09:47:14PM -0700, Michael Loftis wrote:
>> >
>> > Do you need the sampling input/output statements in the interface(s)
>> > you  want to sample?
>>
>> Yes, or define them in a filter and apply the filter to the interface.
>
> 	Using that method, have you seen the same issues i have been?
>
> 	Seems when things are commited, the rotuer stops sampling data
> for several minutes (sometimes up to 10 min).


Dunno personally, I'll give it a try if oyu like...I do have another 
wierdness though...

mloftis at border0.msomt> show services accounting flow-detail terse order 
packets limit 10
Service Accounting interface: sp-1/2/0, Local interface index: 129
Service name: (default sampling)
Interface state: Accounting
Protocol   Source         Source  Destination Destination    Packet 
Byte
           address          port  address            port     count 
count
tcp(6)     216.129.251.99  20480  84.83.104.194     17962         1 
535
tcp(6)     84.83.104.194   17962  216.129.251.99    20480         9 
396
tcp(6)     64.174.37.150   15109  216.129.251.30     6400       597 
826842
tcp(6)     216.129.251.30   6400  64.174.37.150     15109       401 
16812
tcp(6)     24.203.78.243    9720  216.129.251.99    20480       221 
10313
tcp(6)     216.129.251.119 20480  209.113.245.98     7816       260 
373558
tcp(6)     216.129.251.99  20480  66.121.234.187    35642       199 
270865
tcp(6)     70.249.208.144  45037  216.129.251.99    20480       175 
26666
tcp(6)     66.192.36.1     49247  216.129.251.99    20480       151 
8369
tcp(6)     70.249.208.144  45293  216.129.251.99    20480       148 
23011


see the port numbers, they make no sense (20480 I've figured out means 
80)...it displays fine in the non-terse view though...it also filters 
correctly if I ask it for filtering based on port which is how i found out 
that somehow 20480 means 80...

any ideas why that is?  also aoccasionally, as is exampled above 'order <>' 
doesn't quite take effect fully...

seems buggy-ish to me.

More information about the juniper-nsp mailing list