What does the Traffic History CLI command do?

book

Article ID: 167212

calendar_today

Updated On:

Products

PacketShaper

Issue/Introduction

 

 

  • Blue Coat Support asked me to disable this command
  • I was wondering what the impact would be if I did disable the command from functioning.
  • I was wondering what the command actually did and if I needed it for future use 

Resolution

Blue Coat Support may have asked to turn off the command so that PacketShaper memory rescources be allocated for other uses.  The impact of disabling this command is minimul outside of the Traffic History command removal.

You will not be able to use the Traffic History command until the command is re-enabled from the system settings.  However you can continue to use the similar Traffic Flow command that can give you similar outout.

 

The Traffic History CLI command performs the following functions. 

Display recent traffic flows for a specific host or traffic class.

traffic history recent|find <name>

recentLists recent flows for a specified traffic class. The output includes the date, time, IP address, port number, and URL of each flow in the specified class.
findLists recent flows for a specified host. The output lists each class that the specified host uses, as well as the date, time, service name, IP address, port number, and URL of each flow in the class.
<name>With the recent argument, <name> is the traffic class name. With the find argument, <name> is the IP address or name of the host to be tracked.

Examples

The traffic history find command is useful for determining the servers that a specified client IP address is transferring data with, or the clients that are retrieving data from a specific server. It can also be used to determine exactly what type of network applications a specified PC is using.

traffic history find 10.10.1.6

-----( /Outbound/rsh )-----

07-Jan-2005 10:53:25      rsh
     192.21.1.26     1023  raltman-t23.example.com
     10.10.1.6        514  test2.example.com

-----( /Inbound/rsh )-----

07-Jan-2005 10:53:25      rsh
   192.21.1.26       1023  raltman-t23.example.com
   10.10.1.6          514  test2.example.com

The traffic history recent command is useful for analyzing the type of traffic that is falling into a Default class, such as Inbound/Default in the following example.

traffic history recent inbound/default

-----( /Inbound/Default )-----

07-Jan-2005 13:01:19       UDP
   192.21.1.26        3288  example-40vp63
   10.100.10.30       2687  mail.example.com
07-Jan-2005 12:59:53       UDP
   192.21.1.26        3299  example-40vp63
   192.21.0.20         389  dc-dev.example.com
07-Jan-2005 12:56:14       UDP
   192.21.255.255     7741
   192.21.31.251     32808  opslab.example.com
07-Jan-2005 12:42:16       TCP
   192.21.0.25        9100
   10.10.100.24       1995  phogle.example.com
07-Jan-2005 12:33:19       UDP
   192.21.1.26        2967  example-40vp63
   10.10.10.18        2967  test.example.com
07-Jan-2005 11:01:29       UDP
   192.21.1.26       38293  example-40vp63
   10.10.10.89        1046  test.example.com
07-Jan-2005 10:51:54       HTTP
   192.21.1.26        2606  example-40vp63
   216.148.237.145      80  a216-148-237-145.deploy.akamaitechnologies.com
07-Jan-2005 10:51:54       HTTP
   192.21.1.26        2607  example-40vp63
   216.239.53.104       80
07-Jan-2005 10:51:54       HTTP
   192.21.1.26        2611  example-40vp63
   128.242.107.114      80  vrp1.sjc.xpc-mii.net
07-Jan-2005 10:44:53       UDP
   255.255.255.255     631
   192.21.1.34         631

If you were to disable this command, you can get similar output from using the Traffic Flow command. 

Traffic flow

Display summary information about some or all currently active TCP connections and/or UDP sessions.

traffic flow -tIo

TCP overview of non-idle flows

traffic flow -uIo

UDP overview of non-idle flows

traffic flow -h

lists help with all options

 

The traffic flow -tL command puts two columns in the output: LI (representing the inbound part of the TCP flow) and LO (outbound part of the flow).

Note that some flows do not completely shut down, and are therefore listed until the unit is reset. Therefore, the -t or -u option, combined with the I option, provides a list of non-idle TCP or UDP flows. For example:

traffic flow -tIpc inbound/http
 

Num TCP Flows total = 3 (class HTTP)

InAddr           Port OutAddr            Port  Idle  ClasI  ClasO  Svc

---------------------------------------------------------------------------

10.10.254.249
10.10.254.249
10.10.254.249

1119 207.158.237.171
1120 207.158.237.171
1105 207.158.237.171

80
80
80

22m  HTTP   HTTP   HTTP
22m  HTTP   HTTP   HTTP
44s  HTTP   HTTP   HTTP

traffic flow -tCX
Num TCP Flows total = 6 (all classes) InAddr OutAddr Idle Svc ------------------------------------------------------------------------------- 172.21.19.102 10.1.1.46 8m Telnet-Clear Inbound Class: /Inbound/Default Outbound Class: /Outbound/Default
172.21.1.39 10.100.99.30 21s KaZaA-Cmd Inbound Class: /Inbound/Default Outbound Class: /Outbound/Default 172.21.1.39 10.1.1.45 5m NetBIOS-IP-SSN Inbound Class: /Inbound/NetBIOS-IP Outbound Class: /Outbound/Default 172.21.1.39 10.1.1.20 8s Microsoft-ds Inbound Class: /Inbound/Microsoft-ds Outbound Class: /Outbound/Default

To view a list of unique host pairs for a traffic class (Inbound/Default):

traffic flow -taUc inbound/default
Num unique host pairs total   =     1 (class Default)
InAddr            OutAddr         # of flows        
---------------------------------------------
10.9.50.157       10.9.50.75        10

To see if a host is being classified correctly in the expected class:

tr fl -tupXICA 209.210.203.33

Num TCP Flows total   =      1 (all classes)


InAddr           Port  OutAddr          Port Idle Svc
-------------------------------------------------------------------------------
192.168.0.7      4721 209.210.203.33     80  19s HTTP 
Inbound Class: /Inbound/HTTP
Outbound Class: /Outbound/HTTP


Num UDP Flows total   =      0 (all classes)