[Flow-tools] flow-fanout and flow-capture filling up syslog

Hi, Ill begin with some background info: our setup has a central collector running flow-fanout and flow-capture, with flow-fanout sending flows to multiple development/testing servers. Ive read in a previous post that flow-fanout cant maintain the sequence numbers, and as a result,

RE: [Flow-tools] how can I filter each router from a ft file

(BUse the ip-exporter-address match type with flow-nfilter. So a filter file (Bmight have the following primitives and definitions: (B (BFilter-primitive routerA (B Type ip-address (B Permit 10.0.1.1 (B (BFilter-primitive routerB (B Type ip-address (B Permit 10.0.2.1 (B

RE: [Flow-tools] in/out traffic.

My understanding of flow-stat -f 11 is that it displays both source and destination IP addresses, so the following: flow-cat ft- | flow-stat -f 11 | grep 192.168. will show all entries where the source or the destination IP contains 192.168. This is different to in/out traffic. For In

RE: [Flow-tools] Convert into bidirectional flow data

I do something similar, and rely on known ports. Rather than using the list of known ports as in /etc/services, it's more useful to construct our own list of known ports based on what is actually used on our network. We have an advantage though in that our network is very much a closed system

RE: [Flow-tools] Strange Router Export Issue

I would have thought that the DDoS that you've described is relatively easy to block, so more sophisticated ones will spray an entire subnet, with the source coming from random IP addresses, and with random src/dst ports. Unless things have changed in the last couple of years, there isn't much