[unisog] Cisco netflow and argus (was registering servers)

Buhrmaster, Gary gtb at slac.stanford.edu
Mon Jul 31 18:40:13 GMT 2006


> As well as this good advise, the traffic counters on 
> your router interface are probaby a good bet as well. 

Most (all) vendors have interface counter bugs(*).  Some serious,
some less so, but while the counters are useful for cross
checking, one should not trust them as absolute references.
And note that not all traffic on an interface will be IP
based for netflow tracking (there is usually lower layer
management/routing traffic between devices), so that is 
another reason the interface counters may not match netflow 
data.

Gary

(*) Sometimes they are called "features".  On at least one
    device, retries due to collisions were counted twice 
    (or more).  On another device, packets punted up to 
    the route/mgmt engine could end up be double counted
    (or not at all).  One device counted jumbo packets as 
    errors (even though they were being transmitted correctly).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3376 bytes
Desc: not available
Url : http://lists.dshield.org/pipermail/unisog/attachments/20060731/8b007a99/attachment.bin 


More information about the unisog mailing list