Security Incidents mailing list archives
Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly
From: Stef <stefmit () gmail com>
Date: Tue, 11 Apr 2006 18:31:22 -0500
Please see $subj - this is how I knew it was confined to one VLAN only - the interface in netflow was the VLAN number Thanks, Stef On 4/11/06, Nyuk Loong Kiw <Kiw () safecom co nz> wrote:
Are all the netflow packets generated by the 4506 switch? Are you using flowtools for netflow analysis? From memory flows generated by cisco devices actually have the additional interface identifier or something similar in the actual flow packets itself, if you know which cisco interface is the 'incoming' interface you should be able to apply a filter to look for all traffics going through that incoming interface, that should help isolate things. Kiw
<snip>
Current thread:
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly Pierre, Jean-Raymond (Apr 10)
- Message not available
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly AJ Cochenour (Apr 11)
- Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly Stef (Apr 11)
- Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly Roland Dobbins (Apr 11)
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly Jose Nazario (Apr 11)
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly AJ Cochenour (Apr 11)
- Message not available
- <Possible follow-ups>
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly Nyuk Loong Kiw (Apr 11)
- Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly Stef (Apr 11)