The report confirms that PC2 (172.16.2.1), destination TCP port 22 (SSH) is flooded with many single packets from spoofed source IPv4 addresses. Network administrators can use a network traffic analysis tool or the stored_records.pdf report in the process of further investigation of a DDoS attack. IOS-1# show flow monitor NETFLOW-MONITOR cache format csv | tee flash0:stored_records.csv The following is a set of commands that are issued on a Cisco router to enable Flexible NetFlow on the GigabitEthernet 0/1 interface and export to the NetFlow collector with IP address 192.168.3.2 on UDP port 2055.
Flexible NetFlow is comprised of 3 components: Picture 1: Network Topology with Cisco IOS Flexible Netflow Exporterįlexible NetFlow allows the user to configure and customize the exported information using NetFlow version 9. The Exporter router is the Cisco router running IOS 5.6(2)T configured to collect and export NetFlow records to the Linux host – Collector (192.168.3.2). They advertise the subnet 172.16.x.0/24 configured on the intevrface GigabitEthernet0/0. The BGP-1 and BGP-2 network devices are Cisco routers running Cisco IOS 15.6(2)T and are eBGP neighbors. Flexible NetFlow Configuration on Cisco DevicesĪ network topology is depicted in Picture 1. This post however, is more practical and provides the basic configuration steps for the deployment of Cisco Flexible NetFlow and Juniper j-Flow v8. Another blog post discusses the purpose, limitations, accuracy and the overhead of flow sampling. The post also explains differences across different vendor implementations of NetFlow, such as NetFlow, sFlow, IPFIX and NetStream. One of our recent blog posts dedicated to NetFlow technology provides the necessary knowledge needed to understand NetFlow principles and what it is used for.
0 kommentar(er)
