10-31-2004 10:08 PM - edited 03-02-2019 07:39 PM
Hi Guys,
I am having little problem with my router 3640 series.
The problem is, I monitor activity of the serial interface and what I am getting is like something is transmitting (traffic out) almost same as traffic in the network. say I have 64kpbs in and out of the network...
Please what could be responsible to this strange transmition out?
I replaced the serial interface with new but still having that problem.
I checked my systems and all don't have virus, even if there is no system on the network, still the serial interface transmit traffic out as traffice in...
Guys, your assistance is highly needed here.
11-01-2004 01:14 AM
hi smany,
due to the limited information, it is difficult to conclude what the problem is.
may you try to use "ip route-cache flow" in the serial interface and then "show ip cache flow" to see what the traffic actually is. :>
kennethl
11-01-2004 03:48 AM
System1#sh ip cache flow
IP packet size distribution (0 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 0 bytes
0 active, 0 inactive, 0 added
0 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Above is results of ip cache flow got from my router... please try and help me troubleshoot if you can sir... if you need more infor, i will try and supply you with all you will need to help me solve the problem.
Thanks
11-01-2004 07:05 AM
Can you provide the config of your router and what is the bandwidth of your serial link.
11-01-2004 08:07 AM
Hi Usmany,
another item you can try is to apply ....
"ip accounting output-packets" to your serial interface. Then wait about a minute and do a "show ip accounting" command - this will tell you who's been talking to who within that minute.
Steve
11-01-2004 08:19 AM
If this is strictly a line to the internet, I would apply an ACL to the serial interface:
Router(config)#ip access ex traffic-monitor-in
Router(config-ext-nacl)#permit tcp any any gt 0 log
Router(config-ext-nacl)#permit udp any any gt 0 log
Router(config-ext-nacl)#permit icmp any any log
Router(config-ext-nacl)#permit ip any any log
Router(config-ext-nacl)#interface serialx/x
Router(config-if)#ip access-group traffic-monitor-in in
This will monitor all inbound/outbound tcp/ip traffic. It's name is misleading because you have to assign it as either "inbound" or "outbound" traffic.. but all traffic is inbound when coming to an interface.. and outbound when leaving.. regardless of if it lands on the inside of your network or the outside. So, for monitoring purposes, "in" will work just fine. To view the information while on the router, do a Router#show log
Also, if you want to log this to a syslog server (for windows.. http://www.kiwisyslog.com works great), then you can use Router(config)#logging x.x.x.x and Router(config)#logging trap debugging.
Hope this helps!
Brian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide