Hi,
Suppose I would want to know which host on my network consumes the biggest percentage of our bandwidth... Also, I would want to know what port it is using so that I can block that particular port (in case of worm flooding: #Using flow-nfilter: #First I will write our network block: filter-primitive inblock type ip-address-prefix permit 10.10.8.0/24 #Then any network outside ours: filter-primitive outblock type ip-address-prefix deny 10.10.8.0/24 permit 0.0.0.0/0 #Now the definitions: filter-definition inboundtraffic match src-ip-addr outblock match dst-ip-addr inblock filter-definition outboundtraffic match src-ip-addr inblock match dst-ip-addr outblockpregi #..Now, I can run: flow-cat -p /usr/local/var/db/flows/ft/ft-v05.2006-06-13.09* | flow-nfilter -Fouttraffic -f /usr/local/var/db/flows/bin/filters.cfg | flow-print | less My biggest question is... Now what??? =) The output shows these columns: srcIP dstIP prot srcPort dstPort octets packets Don't know what to do next... heeeelp =). Thanks. =) _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
