[c-nsp] Netflow output in hex or decimal

Kim Onnel karim.adel at gmail.com
Fri Mar 25 07:31:45 EST 2005 

it is much preferable for the naked eye in decimal, its even easier
for scripts to read them in decimal, no need for conversion, i guess
if that will take much processing off the switch, then its better off
on the scripts side(PCs has more CPU),

What exactly is the diff. between: sh ip cache flow and sh mls netflow ip ?

I'd like to know what are known Regex(tricks) to be used on the CLI
for common administrative purposes(spot DoS), Spot Worms, spot VoIP ?

Netflow is great, in my opinion needs more publicity and more documents, 

One last thing came to my notice the other day, i would say that once
netflow is well known, there will be an increasing number of interest
from 'crackers' to get access to cisco, because it facilitates looking
at who is doing what,

sh mls netflow ip source|dest x.x.x.x  will show me what this ip is
doing, for example

7600#sh mls netflow ip source x.x.x.x nowrap

Displaying Netflow entries in Supervisor Earl

DstIP           SrcIP           Prot:SrcPort:DstPort  Src i/f         
:AdjPtr     Pkts         Bytes      Age    LastSeen   Attributes
--------------------------------------------------------------------------------
----------------------------------------------------------
x.x.x.x   x.x.x.x tcp :1443   :telnet   Gi5/1            :0x0    0    
       0             7     14:29:31   L3 - Dynamic


As you can that is alot of information, it says this user is doing
telnet to that host, so everyone should go and on their AAA server
limit access to this command, or maybe cisco has a new feature under
their sleeves.

Thank your Rodney for Asking

Regards


On Thu, 24 Mar 2005 10:54:06 -0500, Rodney Dunn <rodunn at cisco.com> wrote:
> 'sh ip cache flow' shows port number information in
> hex.
> 
> We'd like to change that to decimal to easier consumption.
> 
> The pros:
> easier reading
> 
> The cons:
> no way to use the same command and have backwards
> compatability so people using some screen scraper
> or scripts may have to change them
> 
> The other option is to add an extension to the
> sh ip cache flow command with a decimal option but
> then that leaves hex (which most people don't like)
> as the default.
> 
> Which would you prefer?
> 
> Rodney
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list