Table of Contents

Учет сетевых ресурсов

NetFlow

Cisco

Unix

server# tcpdump -ni eth1_em1 "port 2055"

Учет трафика пакетом flow-tools

Учет трафика пакетом NetAMS

В эмуляторе считает сильно не точно! Может помочь отключение vlan1 на коммутаторе!

router(conf)# ip flow-export destination server 9555
server# cat netams.conf
...
service data-source 1
type netflow
source 192.168.X.1
listen 0 9555
rule 11 "ip"
...

Дополнительные материалы

NfSen - Netflow Sensor

Экспорт статистики в формате NetFlow из PCAP

Простейший коллектор NetFlow - пакет ehnt (Extreme Happy Netflow Tool)

FreeBSD

[server:~] # pkg_add -r ehnt

[server:~] # /usr/local/etc/rc.d/ehntserv.sh.sample start

[server:~] # rehash
[server:~] # ehnt
Using report interval of 60 minute(s)
flow #1 received from router 172.16.1.X, IP protocol 1
  input ifIndex:     2
  source IP address: 194.87.0.50
  source port:       0
  source AS:         <unknown>(0)
  output ifIndex:    0
  dest IP address:   192.168.X.40
  dest port:         0
  dest AS:           <unknown>(0)
  bytes in flow:        1K
  packets in flow:   20
...

[server:~] # /usr/local/etc/rc.d/ehntserv.sh.sample stop

Ubuntu (don't work)

root@server:~# cd /usr/src
root@server:/usr/src# wget http://downloads.sourceforge.net/project/ehnt/ehnt/0.4/ehnt-0.4.tgz?use_mirror=sunet
root@server:/usr/src# tar -xvzf ehnt-0.4.tgz 
root@server:/usr/src# cd ehnt
root@server:/usr/src/ehnt# make
root@server:/usr/src/ehnt# ./ehntserv
bind Unix error: No such file or directory

IP Accounting

Cisco

interface FastEthernet1/0
 ip accounting output-packets

interface FastEthernet1/1
 ip accounting output-packets

Unix

# rsh router "show ip accounting"

# rsh router "clear ip accounting"

# rsh router "show ip accounting checkpoint"