[cisco-bba] RE: [c-nsp] Static ip address info
Jon Lewis
jlewis at lewis.org
Thu Nov 17 08:39:31 EST 2005
On Thu, 17 Nov 2005, Oliver Boehmer (oboehmer) wrote:
> Mark,
>
> you need to enable Netflow on your virtual-access interfaces as well as
> on the GigE interface, i.e. where you see the "raw" IP traffic, not the
> L2TP-encapsulated traffic..
And assuming you have a unix box, look for the flow-tools package. You
can use that to collect netflow exported from the router(s) and generate
reports showing you what your IPs are up to...or which ones are generating
traffic and which are not.
You'll probably only be interested in traffic with your IPs as the source
address, since all the IPs are likely the destinations of everpresent
scans.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list