05-17-2011 08:11 AM - edited 03-04-2019 12:25 PM
Attached is the network diagram.
We are running the QoS on the WAN. We want to test the WAN QoS to make sure the class map/policy are properly configured on the router. We installed the Wireshark on the computer and want to capture the real time QoS traffic in the WAN interface on the router. We tried few times and it looks the Wireshark only captured the LAN trafffic and we couldn't capture any QoS traffic. Please advise.
Joe
05-17-2011 08:23 AM
You're not going to be able to capture WAN QoS traffic with wireshark.
Might I suggest running this command
show policy-map interface (interface the qos policy is applied on)
Also if your policy map uses access lists. You can do a show access-lists and it will display hits against the access list.
05-17-2011 08:37 AM
Thank you John. This command only shows the statistic, and we want to capture the real time WAN QoS traffic. If the Wireshark doesn't work with this case, any recommendation? or because I didn't do the right way with the Wireshark?
05-17-2011 08:47 AM
Ok gotcha. I don't know of anything exactly real time. But that doesn't mean it doesn't exist. What we use that is near real time, is a netflow analyzer. There is a small delay between when traffic is being pushed through and when it shows up in the analyzer. Hope this helps.
05-17-2011 09:27 AM
Hi Joe,
you have couple options that I know of :-
1> Use the in built packet capture utility on your IOS device ( depends on your router if avaiable or not ).
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps9913/datasheet_c78-502727.html
2> In your senarios , you can place a configurable L2 switch between the Feed and your router , enable Span on that switch , which will then copy all traffic on the Feed to your switchport where you can have a device running wireshark or tcpdump etc
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml
There could be more technologies that can help you sniff the traffic but these are the most common, I have seen.
Manish
05-17-2011 09:52 AM
Thanks John. Is the Netflow Analyzer connected to LAN switch or the router to pull out the data?
05-17-2011 09:33 AM
Hi,
There is no such thing as QoS traffic, there is traffic marked with QoS settings and if you want to capture WAN traffic on a router you can use RITE or EPC:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html
Regards.
Alain.
05-17-2011 10:04 AM
It's an application that runs on a server or computer. I recommend a server just because it will be easier to have a constant monitor running.
And then it's only a few commands to enable netflow.
ip flow-export version 5
ip flow-export destination x.x.x.x 9996
LAN Interface
ip flow ingress
Wan interface
ip flow ingress
x.x.x.x - IP address of the device with the netflow analyzer installed.
There are a bunch of free analyzers out there.
I attached a screen shot of my analyzer. I can then click on each queue and see what traffic is in that queue. Is there traffic in my default queue I want to tag, well I look at the Default and it will show me traffic by source and destination IP address along with port numbers.
Take some time and do a bit of research, there is plenty of documentation out there on this subject.
05-18-2011 11:05 PM
l33tlinux wrote:
It's an application that runs on a server or computer. I recommend a server just because it will be easier to have a constant monitor running.
And then it's only a few commands to enable netflow.
ip flow-export version 5
ip flow-export destination x.x.x.x 9996LAN Interface
ip flow ingress
Wan interface
ip flow ingress
x.x.x.x - IP address of the device with the netflow analyzer installed.
There are a bunch of free analyzers out there.
I attached a screen shot of my analyzer. I can then click on each queue and see what traffic is in that queue. Is there traffic in my default queue I want to tag, well I look at the Default and it will show me traffic by source and destination IP address along with port numbers.
Take some time and do a bit of research, there is plenty of documentation out there on this subject.
Hi mate,
Can you share with us a good/nice to work with Netflow App?
05-20-2011 12:08 PM
Manage Engine and Solar Winds both create products targeted for this. I don't know the strengths and weeknesses of either of these pieces of software. So I wouldn't be the best to ask about which one is better. Google both of their names with netflow analyzer and you will see their product offering.
05-17-2011 02:22 PM
This can work. The main gotcha is the switches must be set to trust qos or have qos disabled completely.
Otherwise, they will remark all traffic to cos0/dscp0.
Another thing to note is that you must also verify the sending PC is actually marking the traffic.
This is not as easy as it may seem for windows boxes.
In fact, you need to have the qos policy manager in place (and configured) or a registry setting is required.
Search for: “Microsoft Knowledge Base Article - 248611”
http://support.microsoft.com/Default.aspx?scid=kb;ENUS;q248611;
(Link is very old and may not work)
regards,
Leo
05-19-2011 02:19 PM
Hi, I can pull out the file from tcpdump and import to wireshark. Can I verify the traffic will be maked by QoS from the wireshark? Please advise.
05-20-2011 12:10 PM
In the Internet Protocol Section, there is a subsection called Differentiated Services Field. That's what you are looking for. DSCP 0x00
05-20-2011 01:48 PM
As John Peek suggested to use Manage Engine or SolarWinds to see QoS markings in your WAN traffic. I am using both of these products to manage my WAN, and Manage Engine is much easier to install (light install, uses mysl databse) and does not require superior hardware/mem to get the app going. You can get it going easiy on a Windows XP workstaiton, and it'll take you about 5 minutes to install it and enable netflow on your router to point to the workstation running Manag Engine NetFlow Analyzer. You will see the QoS marking, say EF for VoIP, then you know for sure that the packets were marked correctly exiting the router.
With SolarsWinds, it requires a really a couple of decent servers and one of that server will house a MS SQL database. It has detailed info and fancy graphs,but it allows you to do alot more stuff with your network besides monitoring the WAN traffic comparing to ManageEngine Netflow Analysis.
-Hieu
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: