#How to check packet marking and traffic instantly
##################################################
#Config part
interface ...
ip flow ingress
ip flow egress
# To see the result:
sh ip cache flow -- complete list of flows
sh ip cache verbose flow -- complete list of flows, each flow will be verbosely showed (example type of service field)
sh ip cache ip.network.to.check network.mask.for.that verbose flow -- flow will be verbosely showed for a specifig range of IP(s) (example type of service field ; netmask can be 255.255.255.255 to see only one host)
# If you have MLS:
# Config part
mls ip multicast flow-stat-timer 9
mls aging fast time 16
mls aging long 64
mls aging normal 64
mls flow ip interface-full
no mls flow ipv6
mls nde sender
mls qos
mls cef error action reset
# To check MLS QoS netflow
sh mls netflow ip <source|destination> <IP.you.want.to.see> qos nowrap | i <whatever..>
Sample outputs:
#sh ip cac fl
IP packet size distribution (20259790 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .364 .343 .094 .114 .001 .001 .000 .000 .000 .050 .000 .000 .000 .000
packet size distribution — 64 byte and .364 means 36.4% of the traffic
is between packet size 32byte and 64byte and so forth
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .019 .000 .006 .001 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
13 active, 4083 inactive, 11467910 added
277423652 ager polls, 0 flow alloc failures
Active flows timeout in 5 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 34056 bytes
13 active, 1011 inactive, 11467886 added, 11467886 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 568 0.0 36 41 0.0 3.3 12.3
TCP-WWW 184 0.0 3 328 0.0 0.6 7.3
TCP-BGP 1423795 0.3 5 56 1.9 35.1 14.5
TCP-other 7708 0.0 27 341 0.0 8.5 7.2
UDP-DNS 3539 0.0 1 74 0.0 0.3 15.5
UDP-NTP 150741 0.0 1 76 0.0 0.0 15.3
UDP-Frag 3 0.0 2 373 0.0 0.0 15.5
UDP-other 8590603 2.0 1 152 2.2 0.1 15.4
ICMP 1156084 0.2 1 96 0.4 4.4 15.4
Total: 11333225 2.6 1 108 4.7 5.0 15.3
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Gi0/1.100 10.207.3.17 Local 10.207.3.18 06 00B3 2B19 2
Protocol 06 (hex value) = TCP
Protocol 11 (hex value) = UDP
Protocol 01 (hex value) = ICMP
#sh ip cac ve fl
IP packet size distribution (20259839 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .364 .343 .094 .114 .001 .001 .000 .000 .000 .050 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .019 .000 .006 .001 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
9 active, 4087 inactive, 11467921 added
277423910 ager polls, 0 flow alloc failures
Active flows timeout in 5 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 34056 bytes
9 active, 1015 inactive, 11467897 added, 11467897 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 569 0.0 36 41 0.0 3.3 12.3
TCP-WWW 184 0.0 3 328 0.0 0.6 7.3
TCP-BGP 1423797 0.3 5 56 1.9 35.1 14.5
TCP-other 7710 0.0 27 341 0.0 8.5 7.2
UDP-DNS 3539 0.0 1 74 0.0 0.3 15.5
UDP-NTP 150741 0.0 1 76 0.0 0.0 15.3
UDP-Frag 3 0.0 2 373 0.0 0.0 15.5
UDP-other 8590613 2.0 1 152 2.2 0.1 15.4
ICMP 1156084 0.2 1 96 0.4 4.4 15.4
Total: 11333240 2.6 1 108 4.7 5.0 15.3
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Gi0/1.100——xx.xxx.xxx.xxx—Local———–10.212.200.132–11-00—10——–1
incoming and outgoing interface//source and destination IP addresses (next hops may be..)
007B /26 0 007B /32 0 0.0.0.0 76 0.0
Gi0/0 10.207.3.26 Local 10.207.3.25 06 C0–18——-3
ToS value is the 8 byte of the IP field : C0 -> 11000000 bin – DSCP CS6 – IP Precedence 6
423B /30 0 00B3 /0 0 0.0.0.0 52 13.3
Gi0/1.100 xx.xxx.xxx.xx Local 10.212.200.132 06 00 1A 3—- packet means packets per active seconds
0031 /26 0 D08D /32 0 0.0.0.0 47 0.1—- active seconds
Gi0/1.100 xx.xxx.xxx.xx Local 10.212.200.132 11 00 10 2
9BE7 /26 0 00A1 /32 0 0.0.0.0 76—–0.0—- bytes per packets
ToS <> DSCP
ToS ToS ToS ToS DSCP DSCP DSCP DSCP
dec hex bin prec bin hex dec name
bin
0 0×00 00000000 000 000000 0×00 0 none/default
32 0×20 00100000 001 001000 0×08 8 cs1
40 0×28 00101000 001 001010 0x0A 10 af11
48 0×30 00110000 001 001100 0x0C 12 af12
56 0×38 00111000 001 001110 0x0E 14 af13
64 0×40 01000000 010 010000 0×10 16 cs2
72 0×48 01001000 010 010010 0×12 18 af21
80 0×50 01010000 010 010100 0×14 20 af22
88 0×58 01011000 010 010110 0×16 22 af23
96 0×60 01100000 011 011000 0×18 24 cs3
104 0×68 01101000 011 011010 0x1A 26 af31
112 0×70 01110000 011 011100 0x1C 28 af32
120 0×78 01111000 011 011110 0x1E 30 af33
128 0×80 10000000 100 100000 0×20 32 cs4
136 0×88 10001000 100 100010 0×22 34 af41
144 0×90 10010000 100 100100 0×24 36 af42
152 0×98 10011000 100 100110 0×26 38 af43
160 0xA0 10100000 101 101000 0×28 40 cs5
184 0xB8 10111000 101 101110 0x2E 46 ef
192 0xC0 11000000 110 110000 0×30 48 cs6
224 0xE0 11100000 111 111000 0×38 56 cs7