Hi, This is a total "gimme" question. I keep staring at the flow-report manpage, but without some examples of the filter files, I'm basically lost.
Anyhow, yesterday we were hit with a nasty DDoS attack. For my own curiousity, I'd like a report that shows the following (assume I know the attacked IP): -source IP hitting attacked IP -average packet size per source host -destination protocol/port -source AS -sort the above based on highest PPS Possible? I've been toying with the easier to use "flow-stat", but it seems to have trouble sorting on a number of fields that I'm interested in (like dst IP). Thanks, Charles ___ Charles Sprickman NetEng/SysAdmin Bway.net - New York's Best Internet - www.bway.net [EMAIL PROTECTED] - 212.655.9344 _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
