We have a DSL client who occasionally(2 Days a month) has 4G worth of downloads.
Looking at the traffic for the affected days, I am seeing the following... Port is always random: ./flow-cat -a /netflow/oar/krc3.v5/2004/2004-08/2004-08-02/ | ./flow-filter -f netflow_acls/minter_palm_beach.acl -D subnet | ./flow-stat -f6 -S2|more # --- ---- ---- Report Information --- --- --- # # Fields: Total # Symbols: Disabled # Sorting: Descending Field 2 # Name: UDP/TCP source port # # Args: ./flow-stat -f6 -S2 # # # port flows octets packets # 3233 2 4294967446 3 80 180 784671 1364 Flows + Packets are always very minimal, but Octets large: # ./flow-cat -a /netflow/oar/krc3.v5/2004/2004-08/2004-08-02/ | ./flow-filter -f netflow_acls/minter_palm_beach.acl -D subnet| ./flow-stat -f6 -S2|more # --- ---- ---- Report Information --- --- --- # # Fields: Total # Symbols: Disabled # Sorting: Descending Field 2 # Name: UDP/TCP source port # # Args: ./flow-stat -f6 -S2 # # # port flows octets packets # 3233 2 4294967446 3 80 180 784671 1364 Always protocol 6: ./flow-cat -a /netflow/oar/krc3.v5/2004/2004-08/2004-08-02/ | ./flow-filter -f netflow_acls/minter_palm_beach.acl -D subnet| ./flow-stat -f12|more # --- ---- ---- Report Information --- --- --- # # Fields: Total # Symbols: Disabled # Sorting: None # Name: IP protocol # # Args: ./flow-stat -f12 # # # protocol flows octets packets # 50 1 1152 8 17 282 101586 325 6 1746 4296584503 6246 1 75 4514 83 Always from single IP: (This IP is different evertime): # ./flow-cat -a /netflow/oar/krc3.v5/2004/2004-08/2004-08-02/ | ./flow-stat -f10 -S3 |grep 203.149.69.54|more 66.183.10.168 203.149.69.54 2 4294967446 3 Anyone have any idea what could cause this type of traffic? Regards, MB _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
