Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IP Accounting via SNMP

185 views
Skip to first unread message

Peter Elford

unread,
Sep 25, 1990, 4:49:22 AM9/25/90
to
A while back I asked if anyone had an application that retrieved the
cisco IP Accounting table via SNMP, preferably using the CMU SNMP
package. The only response I got was from Carl Rigney (c...@brahms.AMD.COM)
who had written a Perl script to parse the output of the CMU snmpwalk
command.

I decided to do it myself and this is the result:

gwacc [-c] [-n] [-d] <router> <community>

Retrieve the cisco specific IP accounting table from the specified
router. -c says get the checkpoint accounting table. -n says don't
translate IP addresses into names. -d says dump the SNMP packets in hex.

**WARNINGS**

-c does not work with release 8.0(13) of the cisco gateway server code.
If the checkpoint IP accounting table has not been created (ie. a
CLEAR IP ACCOUNTING command has not been given) it will crash routers
running 8.1(19) of the cisco gateway server code (to be fixed in the
next maintenance release of 8.1).

The output looks like this ...

Source Destination Packets Bytes
16.1.0.1 129.78.64.1 4 284
16.1.0.1 129.78.64.2 1 71
16.1.0.2 129.78.64.1 3 213
16.1.0.2 129.78.64.2 1 71
16.1.240.23 129.78.64.1 7 483
18.87.0.28 129.78.64.1 1 71
139.130.116.2 129.78.64.5 1 348

:

192.43.207.1 134.148.48.250 4 320
192.52.195.1 129.78.131.11 8 560
192.52.195.1 130.155.128.8 12 812
192.52.195.10 129.78.64.1 4 554
192.52.195.10 129.78.64.2 1 151
192.52.195.10 134.148.16.240 2 248
192.67.67.53 129.78.64.1 2 266
192.67.67.53 134.148.4.2 6 765


The source code is available via anonymous ftp from aarnet.edu.au (130.56.4.16)
as file pub/tools/gwacc.c. You will need the CMU SNMP libraries to compile
it (available from lancaster.andrew.cmu.edu - 128.2.13.21).

I would appreciate it if someone could make this available for ftp in the US
rather than everyone beating up our overloaded satellite link (assuming they think
it's worth having :-),

Peter Elford, e-mail: P.El...@aarnet.edu.au
Network Co-ordinator, phone: +61 6 249 3542
Australian Academic Research Network, fax: +61 6 247 3425
c/o, Computer Services Centre, post: PO Box 4
Australian National University Canberra 2601
Canberra, AUSTRALIA

Steven Blair

unread,
Sep 25, 1990, 12:59:38 PM9/25/90
to
gwacc.c is now available here on the Internet from:

syn-gate-gw.synoptics.com(134.177.32.116)

in ~ftp/sources

login as anonymous, of course


--
Steven C. Blair Network Operations Center
SynOptics Communications Inc. Mountain View, California
INTERNET: sbl...@synoptics.com sbl...@excalibur.synoptics.com
PROBLEMS/EMAIL: HOSTM...@SYNOPTICS.COM postm...@synoptics.com
---->>RIP Stevie Ray Vaughan 1954-1990 You Will Be *Missed*<<----

Marten Terpstra

unread,
Sep 25, 1990, 3:56:54 PM9/25/90
to

-- In the message of Sep 25, you write : --


A while back I asked if anyone had an application that retrieved the
cisco IP Accounting table via SNMP, preferably using the CMU SNMP
package. The only response I got was from Carl Rigney
(c...@brahms.AMD.COM) who had written a Perl script to parse the
output of the CMU snmpwalk command.

Daniel Karrenberg from CWI/EUnet Amsterdam wrote his own program to fetch the
IP accounting from a cisco. He chose to use a direct TCP connection to the
cisco in stead of using SNMP, for speed and the fact that some lower versions
of GS screw up on the SNMP variables with the IP accounting.

The only problem with this is that both passwords for your cisco are included
in the sources, therefore you should be carefull with access rights on these
files.

People interested can find it at mcsun.eu.net (192.16.202.1) in
~/network/cisco/account.shar.Z

Marten
--
Marten Terpstra National Institute for Nuclear
Internet : terp...@nikhef.nl and High Energy Physics
Oldie-net: {....}mcsun!nikhefh!terpstra (NIKHEF-H), PO Box 41882, 1009 DB
Phone : +31 20 592 5102 Amsterdam, The Netherlands

Arnold Nipper

unread,
Sep 26, 1990, 12:58:45 PM9/26/90
to
In article <26...@boulder.Colorado.EDU> pte...@jatz.aarnet.edu.au (Peter Elford) writes:
>I decided to do it myself and this is the result:
> [ ... stuff deleted ... ]
>

How long does it take to let's say retrieve ~1000 entries
from the CISCO via SNMP. We retrieve the data via a telnet
program written by Daniel Karrenberg (d...@cwi.nl) and this
works quite fine. With another tool you can have domainnames
or information about the IP-networks given by NIC/NSF/RIPE
instead of pure IP-addresses. This tool was written by Daniel too.

>it's worth having :-),

... because it's via SNMP???

Arnold
********************************************************************************
Arnold Nipper *** Universitaet Karlsruhe, Am Fasanengarten 5 * nip...@ira.uka.de
XLINK, Inst. fuer Betr.- und Dialogsysteme, D-7500 Karlsruhe * +49 721 608 4331
********************************************************************************

Peter Elford

unread,
Sep 27, 1990, 9:19:36 AM9/27/90
to

In article <90.269.16:58:4...@ira.uka.de>, nip...@iramu1.ira.uka.de

(Arnold Nipper) writes:
|> How long does it take to let's say retrieve ~1000 entries
|> from the CISCO via SNMP. We retrieve the data via a telnet
|> program written by Daniel Karrenberg (d...@cwi.nl) and this
|> works quite fine. With another tool you can have domainnames
|> or information about the IP-networks given by NIC/NSF/RIPE
|> instead of pure IP-addresses. This tool was written by Daniel too.

This is true. Because of the MIB structure, each IP accounting table
entry (four SNMP variable instances) requires a separate SNMP query.
They packets won't be very large, so the time to retrieve "~1000" entries
is a function of your network speed and the ability of the router to
respondto the queries. Pulling it pack through a telnet sessioon will
be more efficient because MIB I defines inherently scalar objects only;
the telnet session gets blocks of data (equal to the screen size) thus
giving you (sort of) portions of vectors of information.

This limitation (of SNMP) is being addressed by the IETF: take a look
at draft-ietf-snmp-mibdefinitions-00.txt, which talks about columnar
objects.

|> >it's worth having :-),

You have misquoted me. I was asking sites elsewhere in the Internet to make
it available for ftp only if they thought it was worth having.

|> ... because it's via SNMP???

Well yes! If you have only a small IP accounting table this is a more
elegant way of doing it. Sure, for 1000+ entries elegance is less important
compared to getting the data, but if people don't make use of new facilities
like SNMP then they are not going to develop to be useful (like the
columnar objects).

I did forget to mention the responses I got from the guys who had done
telnet based IP accounting grabbers (there were two), for which I
apologise.

Michael Newbery

unread,
Sep 25, 1990, 6:47:08 PM9/25/90
to
I have retrieved the gwacc.c file and made it available for anonymous ftp
in New Zealand on rata.vuw.ac.nz. Kiwis take note. (The rest of the world
should be aware that our piece of wet string to the Internet runs at
14k4bps, so we are not a very attractive alternate source for gwacc.c)

Thanks to Peter for producing the code and letting us all have it.
--
Michael Newbery<new...@rata.vuw.ac.nz>
Dear Lucrezia, thank you for the chocolates, they are delic...

0 new messages