Hi��
I tried to derive traffic between two routers by using flow-filter.
In flow.acl file, I define access list as:
ip access-list standard gx6509_add permit 10.176.52.0 255.255.252.0
ip access-list standard gx6509_add permit 10.191.0.128 255.255.255.248
ip access-list standard gx6509_add permit 10.191.0.152 255.255.255.248
ip access-list standard gx6509_add permit 10.191.1.76 255.255.255.252
ip access-list standard gx6509_add deny any
netflow is enabled on a cisco catalyst 6509 box, flow-capture is used
to collects and store those "netflow version 7" packets.
I run flow-filter by:
#flow-cat ./ft-v07.2004-11-22.121441+0800 | flow-filter -f ./flow.acl
-Dgx6509_add | flow-print > test_gx.txt
It seems test_gx.txt contains some records, but I noticed not all those
records fall into ACL list.
Define another ACL file (wl6509_add) with address block on another
Catalyst6509, run flow-filter like :
#flow-cat ./ft-v07.2004-11-22.121441+0800 | flow-filter -f ./wl.acl
-Dgx6509_add | flow-print > test_wl.txt
Comparing "test_gx.txt" and "test_wl.txt", I found there is NO
difference.
Checking ft-v07.2004-11-22.121441+0800 by flow-print, the result looks
like:
=====================
srcIP dstIP router_sc prot srcPort
dstPort octets pac
kets
10.103.117.92/0 18.74.17.188/0 10.74.64.11 6 1128
1987 5116 118
10.74.56.106/0 192.74.210.152/0 10.74.64.11 6 23551
3601 33982 535
10.161.135.182/0 192.18.246.101/0 10.74.64.11 6 1432
6667 40 1
.....
==================
The srcIP and dstIP records has a "/0" appended to IP
Is there anything wrong with my operation?
thanks
--
-- --
Regards
Jing Shen
******************************************
* The sunshine of lifetime is made up of *
* little beams which is bright all the *
* time. *
******************************************
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
