On Dec 01, "jing shen" wrote: > I tried to derive traffic between two routers by using flow-filter. > > In flow.acl file, I define access list as: > > ip access-list standard gx6509_add permit 10.176.52.0 255.255.252.0 > ip access-list standard gx6509_add permit 10.191.0.128 255.255.255.248 > ip access-list standard gx6509_add permit 10.191.0.152 255.255.255.248 > ip access-list standard gx6509_add permit 10.191.1.76 255.255.255.252 > ip access-list standard gx6509_add deny any > > netflow is enabled on a cisco catalyst 6509 box, flow-capture is used > to collects and store those "netflow version 7" packets. > > I run flow-filter by: > > #flow-cat ./ft-v07.2004-11-22.121441+0800 | flow-filter -f ./flow.acl > -Dgx6509_add | flow-print > test_gx.txt > > It seems test_gx.txt contains some records, but I noticed not all those > records fall into ACL list. > > Define another ACL file (wl6509_add) with address block on another > Catalyst6509, run flow-filter like : > > #flow-cat ./ft-v07.2004-11-22.121441+0800 | flow-filter -f ./wl.acl > -Dgx6509_add | flow-print > test_wl.txt > > Comparing "test_gx.txt" and "test_wl.txt", I found there is NO > difference. > > Checking ft-v07.2004-11-22.121441+0800 by flow-print, the result looks > like: > > ===================== > srcIP dstIP router_sc prot srcPort > dstPort octets pac > kets > 10.103.117.92/0 18.74.17.188/0 10.74.64.11 6 1128 > 1987 5116 118 > > 10.74.56.106/0 192.74.210.152/0 10.74.64.11 6 23551 > 3601 33982 535 > > 10.161.135.182/0 192.18.246.101/0 10.74.64.11 6 1432 > 6667 40 1 > > ..... > ================== > > The srcIP and dstIP records has a "/0" appended to IP > > Is there anything wrong with my operation?
It's probably better to use flow-nfilter. The man page says -D is for destination...is that your intention? You might want to check by hand with flow-export -f 2 that the proper information exists in your flows. Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
