Step 2
| clear
ip
accounting [checkpoint]
You can remove all contents of a particular cache, table, or database. Clearing a cache, table, or database can become necessary when the contents of the particular structure have become or are suspected to be invalid. To clear the active IP accounting database when IP accounting is enabled, use the following command:
Example:
Router# clear ip accounting
To clear the checkpointed IP accounting database when IP accounting is enabled, use the following command:
Example:
Router# clear ip accounting checkpoint
|
Step 4
| show
ip
accounting [checkpoint] [output-packets |
access-violations]
To display access list violations, use the
show
ip
accounting command. To use this command, you must first enable IP accounting on a per-interface basis.
Use the
checkpoint keyword to display the checkpointed database. Use the
output-packets keyword to indicate that information pertaining to packets that passed access control and were routed should be displayed. Use the access-violations keyword to display the number of the access list failed by the last packet for the source and destination pair. The number of packets reveals how aggressive the attack is upon a specific destination. If you do not specify the
access-violations keyword, the command defaults to displaying the number of packets that have passed access lists and were routed.
If neither the
output-packets nor
access-violations keyword is specified,
output-packets is the default.
The following is sample output from the
show
ip
accounting command:
Example:
Router# show ip accounting
Source Destination Packets Bytes
172.16.19.40 192.168.67.20 7 306
172.16.13.55 192.168.67.20 67 2749
172.16.2.50 192.168.33.51 17 1111
172.16.2.50 172.31.2.1 5 319
172.16.2.50 172.31.1.2 463 30991
172.16.19.40 172.16.2.1 4 262
172.16.19.40 172.16.1.2 28 2552
172.16.20.2 172.16.6.100 39 2184
172.16.13.55 172.16.1.2 35 3020
172.16.19.40 192.168.33.51 1986 95091
172.16.2.50 192.168.67.20 233 14908
172.16.13.28 192.168.67.53 390 24817
172.16.13.55 192.168.33.51 214669 9806659
172.16.13.111 172.16.6.23 27739 1126607
172.16.13.44 192.168.33.51 35412 1523980
192.168.7.21 172.163.1.2 11 824
172.16.13.28 192.168.33.2 21 1762
172.16.2.166 192.168.7.130 797 141054
172.16.3.11 192.168.67.53 4 246
192.168.7.21 192.168.33.51 15696 695635
192.168.7.24 192.168.67.20 21 916
172.16.13.111 172.16.10.1 16 1137
accounting threshold exceeded for 7 packets and 433 bytes
The following is sample output from the
show
ip
accounting
access-violations command. The output pertains to packets that failed access lists and were not routed:
Example:
Router# show ip accounting access-violations
Source Destination Packets Bytes ACL
172.16.19.40 192.168.67.20 7 306 77
172.16.13.55 192.168.67.20 67 2749 185
172.16.2.50 192.168.33.51 17 1111 140
172.16.2.50 172.16.2.1 5 319 140
172.16.19.40 172.16.2.1 4 262 77
Accounting data age is 41
|
Step 9
| show
udp [detail]
To display IP socket information about UDP processes, use the
show
udp
command. The following example shows how to display detailed information about UDP sockets:
Example:
Router# show udp detail
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 67 0 0 2211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 2517 0 0 11 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5000 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5001 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5002 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5003 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5004 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
|
Step 10
| show
ip
traffic
To display IP protocol statistics, use the
show
ip
traffic command. The following example shows that the IP traffic statistics have been cleared by the
clear
ip
traffic command:
Example:
Router# clear ip traffic
Router# show ip traffic
IP statistics:
Rcvd: 0 total, 0 local destination
0 format errors, 0 checksum errors, 0 bad hop count
0 unknown protocol, 0 not a gateway
0 security failures, 0 bad options, 0 with options
Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
0 timestamp, 0 extended security, 0 record route
0 stream ID, 0 strict source route, 0 alert, 0 cipso
0 other
Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
0 fragmented, 0 couldn't fragment
Bcast: 0 received, 0 sent
Mcast: 0 received, 0 sent
Sent: 0 generated, 0 forwarded
Drop: 0 encapsulation failed, 0 unresolved, 0 no adjacency
0 no route, 0 unicast RPF, 0 forced drop
ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable
0 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 info request, 0 other
0 irdp solicitations, 0 irdp advertisements
Sent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp
0 info reply, 0 time exceeded, 0 parameter problem
0 irdp solicitations, 0 irdp advertisements
UDP statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 0 total, 0 forwarded broadcasts
TCP statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 0 total
Probe statistics:
Rcvd: 0 address requests, 0 address replies
0 proxy name requests, 0 where-is requests, 0 other
Sent: 0 address requests, 0 address replies (0 proxy)
0 proxy name replies, 0 where-is replies
EGP statistics:
Rcvd: 0 total, 0 format errors, 0 checksum errors, 0 no listener
Sent: 0 total
IGRP statistics:
Rcvd: 0 total, 0 checksum errors
Sent: 0 total
OSPF statistics:
Rcvd: 0 total, 0 checksum errors
0 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks
Sent: 0 total
IP-IGRP2 statistics:
Rcvd: 0 total
Sent: 0 total
PIMv2 statistics: Sent/Received
Total: 0/0, 0 checksum errors, 0 format errors
Registers: 0/0, Register Stops: 0/0, Hellos: 0/0
Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0
Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0
IGMP statistics: Sent/Received
Total: 0/0, Format errors: 0/0, Checksum errors: 0/0
Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0
DVMRP: 0/0, PIM: 0/0
|