• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

Packet monitoring on 2600

We are wanting to monitor what type of packets are going through a Cisco 2600 router (http, smtp, etc) to verify what is slowing a router down if there are performance issues.  Normally, I would use debug commands, but we want to do this through HP OpenView.  What is the best way?  
1 Solution
Openview would only be able to report SNMP and possibly RMON data gathered from the router.  If the router doesn't have the info, neither will Openview.

I would recommend a tap to which a protocol analyzer could connect.  Is this only a temporary troubleshooting - in which case simply do a sniff - or more of a permanent monitoring and trending need?  

Permanent solutions -
would netflow not help ?
neowolf219Author Commented:
"Openview would only be able to report SNMP and possibly RMON data gathered from the router.  If the router doesn't have the info, neither will Openview"

RMON does not do any packet analyzing does it (it won't distinguish between http, icmp, smtp, etc.)?  We have SNMP working, but we have not done anything with RMON.  

It sounds like the only way to set up a permanent solution is another third-party package ... I just thought Cisco would have something built in for monitoring purposes.  

Yeah, if it was temporary, like you said, do a sniff, debug the the heck out of the router, etc.  But we are trying to find something that unknowledgable workers could use.  

Thanks for all you're help.  Let me know what you think.  
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

MAYBE CiscoWorks would do it - with an add on.

This is exactly what Fluke and Netscout were made to do.
I know you were asking about packet monitoring. But one easy check for an indication as to why the router is slowing down is put <ip accounting out> on the WAN side. See if there is predominantly one IP address inside your network creating a huge amount of traffic or scanning through IP's (Welchia or variants). Do <show ip accounting> once configured and <clear ip accounting> if there is just way too much to go through. If your not seeing anything obvious that way, take the <ip accounting> off the WAN and put it on your Ethernet side. Do the same check.
neowolf219Author Commented:
Thanks Quasiboy.  I do know how to do a little bit of debugging, but I haven't used that specific technique.  Good advice!

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now