23 - Using Network Analysis Tools Flashcards
What command displays the processes and CPU utilisation?
show processes cpu
What command shows the CPU utilisation for the last minute?
show processes cpu sorted 1min
When issue the ‘show proccesses cpu’ command, the CPU utilisation for five seconds field contains two elements. The first number is the total CPU ___ and the second number is the ___ which indicates the volume of network traffic the CPU is receiving.
CPU utilisation, interrupted utilisation
The ___command displays the amount of processor memory and I/O memory that is in use and available. I/O memory is used for temporary packet buffering.
show memory
The __ command is essential for troubleshooting. It shows you the status of the interface, MTU, interface operation mode and stats about input queue and output queue drops and errors
show interface
The show interface command: signifies that the traffic is dropping because the router was receiving traffic more than is could process
input queue drops
The show interface command: usually a result of a congested link
output queue drops
The show interface command: result of interface problems, duplex errors, CRC errors
input errors
The show interface command: usually related to duplex issues
output errors
This command can be helpful to troubleshoot a router reload. It also provides useful info to convey to Cisco support
show platform
An ___ determines whether an SLA is being met.
IP SLA
An IP SLA can use various options such as:
- FTP
- ICMP
- HTTP
- SIP
IP SLAs are Cisco proprietary and uses UDP port __.
1967
This is where all IP SLA measurement probe operations are configured either by CLI or through SNMP tool
IP SLA source
A device that is required to respond to IP SLA packets. The ___ adds a time stamp to packets and can take in to account any latency that occurred while the responder is processing the test packets
SLA responder
___ IP sla operations can run in a network at any given time
Multiple
A local __ session is an association of a source port and source VLAN with one or more destination ports.
SPAN
How do you configure a SPAN port?
SW1(config)# monitor session 1 source interface Gigabit0/1
SW1(config)# monitor session 1 destination interface Gigabit0/2
How do you verify the configuration of the SPAN session?
show monitor
__ SPAN supports source and destination ports on different switches, while __ SPAN supports only source and destination ports on the same switch.
remote, local
RSPAN consists of the RSPAN __ session, RSPAN __, and RSPAN __ session.
source, VLAN, destination
On some platforms, a __ port needs to be specified together with an RSPAN VLAN. The __ port is a physical interface that acts as a loopback and reflects the traffic that is copied from the source port to the RSPAN VLAN. The need for a __ port is caused by a hardware design limitation on some platforms.
reflector
How do you configure RSPAN?
SW1(config)# vlan 100
SW1(config-vlan)# name SPAN-VLAN
SW1(config-vlan)# remote-span
SW1(config)# monitor session 2 source interface Gig0/1
SW1(config)# monitor session 2 destination remote vlan 100
SW2(config)# vlan 100
SW2(config-vlan)# name SPAN-VLAN
SW2(config-vlan)# remote-span
SW2(config)# monitor session 3 destination interface Gig0/2
SW2(config)# monitor session 3 source remote vlan 100
Because the ports are now on two different switches, you must use a special RSPAN VLAN to transport the traffic from one switch to the other. You configure this VLAN like any other VLAN, but in addition, you must enter the ___ keyword in the VLAN configuration. You need to define this VLAN on all switches in the path.
remote-span
RSPAN uses two sessions, the __ and __. The two sessions need to be defined on both the local and remote switches.
source, destination
RSPAN __ numbers are local to each switch so do not need to be the same on every switch.
session
The Cisco ___ mirrors traffic on one or more “source” ports and delivers the mirrored traffic to one or more “destination” ports on another switch. The traffic is encapsulated in GRE and is, therefore, routable across a L3 network between the source switch and the destination switch.
Encapsulated Remote Switched Port Analyser (ERSPAN)
ERSPAN consists of an ERSPAN __ session, routable ERSPAN __ encapsulated traffic, and an ERSPAN __ session.
source, GRE, destination
A device that has only an ERSPAN source session configured is called an ERSPAN ___ device, and a device that has only an ERSPAN destination session configured is called an ERSPAN __ device.
source, termination
Each ERSPN source session can have either __ or __ as sources, but not both. The ERSPAN source session copies traffic from the source ___ and forwards the traffic using routable GRE-encapsulated packets to the ERSPAN destination session. The ERSPAN destination session switches the traffic to the destination.
ports, VLANs
When enabled, Cisco devices can capture the packets sent and received through or to and from them. The packets are stored within a buffer in the __ and are thus not persistent through a reload. Once the data is captured, it can be examined via the CLI in a summary or detailed view on the Cisco device.
DRAM
There are 3 key characteristics of Cisco packet tools:
- There are exec-level commands to start and stop the capture
- The tools are useful when it is not possible to tap into the network using a stand-alone packet sniffing tool, or when the need arises to remotely debug or troubleshoot issues
- The capture rate can be throttled using future admin control, for example using an ACL to specify the maximum packet capture rate or specific sampling interval
- You can use show commands to display packet contents on the device itself.
This allows for packet data to be captured at various points in the CEF packet-processing path, flowing through, to and from a Cisco router. Support varies based on model
Embedded Packet Capture
This allows for packet data to be capture at various points in the packet-processing path, flowing through, to and from a Catalyst 4500 switch and Catalyst 3850 switch
Embedded Wireshark
This uses a SPAN session to capture data plane traffic. Allows for packet data to be captured at various points in a hardware-forwarding device like Cisco 7600, Catalyst6500 and ME6500 platforms.
Mini-Protocol Analyser (MPA)
