Where I work at, we have a bunch of Cisco Catalyst 3560 switches (plus two routers), which no one knows how to administer (the guys who installed them, it turns out, don't like doing tech support for free), so I'm stuck trying to figure out how to do even the simplest of tasks.
Currently, I'm trying to find out which workstations are sucking our bandwidth, and the Port Statistics interface seems like a good start (too many packets =~ lot of traffic). However, while I can see the statistics in the Device Manager (the web interface), I can't find the command-line version of said statistics, which I need if I want to write a script. I have the root password for the switches, so I can ssh into the devices, but I can't find which commands are the ones I need.
So far, I've tried:
show interfaces counters
: I realy hoped this one would work, but it seems those are statistics of dropped packets, not regular traffic, so it doesn't workshow interfaces
: This one actually shows a "5 minute input/output rate" field, but 5 minutes is too short - after 5 minutes of downloading, the offenders would be free to go again- Copy and paste the information from the web interface, one switch at the time, pasting them in an Excel spreadsheet and working from there. That works, but every time I do that by hand I die a little inside
Any ideas? In case you ask: yes, it would be smarter to check this in the router instead of the switches, but I know nothing about Cisco, so toying around with the router scares me like a little girl (I do know about regular networking, though), and yes, there is a proxy on the way, but those things take time (check the "How do I plug a proxy into a Cisco router?" question next month).
To make this easy for yourself (and show off some pretty graphs), I'd just install Cacti and use SNMP to monitor the switch ports.
In the "show interface" output, you'll see cumulative counters since the last counter reset ("clear counters []", no specified interface clears counters for all interfaces). This allows you to take snapshots at whatever interval you want. It's the same counters as used by the SNMP management interface (Cacti, MRTG and other monitoring software) and should be relatively easy to parse.
If you're happy scraping the CLI output and do it yourself, that MAY be a quicker way to get up and running with this specific task. I do suspect that some training material and time to install MRTG or Cacti will be worth your time investment, though.
I followed a howto similar to this one:
http://linuxbasement.com/content/mrtg-ubuntu-server
It's been running quietly ever since, generating rrd graphs similar to the one pictured in Cacti up above.
It's not the prettiest, or most effective, but it's a point in the right direction and should give you an estimate of what you're looking for.