Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only

[Stef <stefmit () gmail com>]

On 4/10/06, Nicolai van der Smagt <nicolai.vandersmagt () bbned nl> wrote:
> Stef,
>
> Why don't you just span the entire VLAN to a machine capable of running
> tcpdump, use tcpdump -e to find the hardware address of the station(s)
> sending the traffic, and look up that address in the CAM table of your
> switch? Would be quicker than spanning 1 port at a time..
>
>
> Kr,
> Nicolai van der Smagt

Thanks to all who answered - basically the suggestions revolved around
the same type of solution I assumed originally to be needed
(span/mirror/monitor ports, one at a time, to a probe machine -
whether done via a script on the switch, itself, or controlled
remotely). The above solution is different (saving tons of work), and
it is in fact something I have tried in the past, but never been able
to get to work properly [the entire traffic]. I am thankful for the
reminder, as I could give it another shot. This 4506 is fairly knew,
so hopefully things have improved since last time I have tried this
...

Thanks again to all for answers - part of the hope I had was that
someone could perhaps recognize the pattern, itself - but, if not, I
promise I will get back to this list with a follow-up on our findings.

Stef