[unisog] Cisco netflow and argus (was registering servers)
gtb at slac.stanford.edu
Mon Jul 31 18:40:13 GMT 2006
> As well as this good advise, the traffic counters on
> your router interface are probaby a good bet as well.
Most (all) vendors have interface counter bugs(*). Some serious,
some less so, but while the counters are useful for cross
checking, one should not trust them as absolute references.
And note that not all traffic on an interface will be IP
based for netflow tracking (there is usually lower layer
management/routing traffic between devices), so that is
another reason the interface counters may not match netflow
(*) Sometimes they are called "features". On at least one
device, retries due to collisions were counted twice
(or more). On another device, packets punted up to
the route/mgmt engine could end up be double counted
(or not at all). One device counted jumbo packets as
errors (even though they were being transmitted correctly).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3376 bytes
Desc: not available
Url : http://lists.dshield.org/pipermail/unisog/attachments/20060731/8b007a99/attachment.bin
More information about the unisog