Re: Fkiws with destination port 0 and TCP SYN flag set

[Maqbool Hashim <maqbool () madbull info>]

Agreed.  Might see if I can get netstat -antp output from the operators at some point though.

I will start with one of the hosts, looks like the whole flow capturing exercise for this LAN will need to be done 
using multiple laptops connected to the different access ports for the hosts.  No RSPAN support on these switches and 
no netflow :(

________________________________________
From: NANOG <nanog-bounces () nanog org> on behalf of Roland Dobbins <rdobbins () arbor net>
Sent: 17 June 2015 10:44
To: nanog () nanog org
Subject: Re: Fkiws with destination port 0 and TCP SYN flag set

On 17 Jun 2015, at 11:34, Maqbool Hashim wrote:

> What might be easier is to set up a span port for the hosts access
> port on the switch and grab that via the collector laptop I have.

It's better to collect as much information you have without perturbing
the systems involved, anyways.

-----------------------------------
Roland Dobbins <rdobbins () arbor net>