Bill Woodcock writes:
I'm interested in seeing the distribution of packet sizes across a 1500-byte-constrained measurement point, with "real internet traffic" going past (for some reasonable interpretation of that phrase).
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow Total: 758613841 176.6 2 1170 440.8 6.1 14.6
I.e., on cisco routers with "Flow switching" enabled on all interfaces you want data included from, the router will give you that ...
show ip cache flow IP packet size distribution (1242M total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .001 .436 .050 .018 .012 .008 .006 .005 .004 .005 .004 .006 .004 .003 .004
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .003 .003 .071 .030 .318 .000 .000 .000 .000 .000 .000 [...] Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow [...] Total: 55814697 43.4 22 581 965.3 5.1 7.9 Indeed, if you use the export mechanism you can capture the details behind this summary and analyze it pretty much as you like. #ip flow-export destination cflowd-machine #ip flow-export version 5