Problem solve Get help with specific problems with your technologies, process and projects.

Monitoring traffic by port number with MRTG

I'm using MRTG to monitor incoming/outgoing traffic on a Cisco 3600 series router, and I'm now interested in being able to break that traffic down by TCP/IP port number. I haven't had much luck finding anything on the Internet, and I was wondering if you had any suggestions for programs to try?
There are some problems with this. The Cisco IOS doesn't really pay much attention to TCP or UDP traffic. Usually it only cares about routing the IP packets. However, there are a number of things you can try.

First, investigate using NBAR application recognition and then enable NBAR protocol-discovery on the interfaces that you want to monitor. You can use the command line to see statistics. The NBAR feature can be exposed to MRTG using the correct MIB, and you can chart the various traffic categories (not easy, but it can be done).

Second, consider using NetFlow in the router. NetFlow is a feature that outputs accounting records about each protocol flow. You can collect these records and analyze them. Each flow contains the port information so you can get exactly the information you are looking for.

Of course, a good-sized router produces a very large number of flow records, so this brings up some issues that you need to consider. An Open Source version is available at CAIDA, along with a number of other measuring and monitoring tools. You can see sample of the results at http://wwwstats.net.wisc.edu/, a very good Web page on NetFlow traffic monitoring.

Otherwise, you will need an external tool such as a Packeteer PacketShaper (one of my personal favorites).

This was last published in July 2002

Dig Deeper on Network management and monitoring