Hello list
During the validation of our and caida's netflow software I checked against
the interface counters of a cisco's Serial interface (using HDLC) and found
that it does display "wrong" values. E.g.
ping -c 1 -s 1 212.117.XXX.XXX
should result in two packets, each 29 bytes long (20 IP + 8 ICMP + 1 Data).
The SNMP interface statistics show me
interfaces.ifTable.ifEntry.ifInOctets.3: 203460178 -> 203460211 (+33)
interfaces.ifTable.ifEntry.ifOutOctets.3: 55086656 -> 55086689 (+33)
interfaces.ifTable.ifEntry.ifInUcastPkts.3: 176971 -> 176972 (+1)
interfaces.ifTable.ifEntry.ifOutUcastPkts.3: 139830 -> 139831 (+1)
interfaces.ifTable.ifEntry.ifInNUcastPkts.3: 1283 -> 1283 (+0)
interfaces.ifTable.ifEntry.ifOutNUcastPkts.3: 0 -> 0 (+0)
interfaces.ifTable.ifEntry.ifInDiscards.3: 0 -> 0 (+0)
interfaces.ifTable.ifEntry.ifOutDiscards.3: 0 -> 0 (+0)
interfaces.ifTable.ifEntry.ifInErrors.3: 0 -> 0 (+0)
interfaces.ifTable.ifEntry.ifOutErrors.3: 0 -> 0 (+0)
This is 4 bytes to much. I encounter this +4 bytes with UDP packets, too.
Does it measure HDLC, too? Can I get the raw IP Counter with snmp?
Strangely this +4 rule cannot applied everytimes. Especially with TCP data
I have varying values, even different delta values for input and output.
Any help's appreciated!
TIA & bye,
-christian-
:w
-- Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0 ch@westend.com Internet & Security for Professionals Fax 0241/911879 WESTEND ist CISCO Systems Partner - Premium Certified -- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Wed Feb 28 2001 - 06:15:09 PST