Have you tried this "Minimum prefix mask" ?
I am not sure if we use /32 mask what is the difference in term of traffic and CPU load
compared to V5.
----- Original Message ----- From: "Marcus C. Gottwald" <firstname.lastname@example.org> To: "Devon True" <email@example.com> Cc: <firstname.lastname@example.org> Sent: Friday, May 18, 2001 4:41 PM Subject: Re: Getting specific /32 from cflowd
> > Hi! > > Devon wrote (Thu 2001-May-17 17:19:36 -0400): > > > When I run "artsnets <filename>", I get the SrcAdr as a /24 or smaller (e.g. > > /23, /22, etc). Is there anyway to get specific hosts (i.e. /32)? If not, > > anyone have any suggestions? We are trying to track down an IP address that > > is sending a lot of traffic. > > Within the flow information sent out by a Cisco, netmasks are > included. These netmasks match an entry in the current routing > table. > > If you have a specific route in the table (be careful with route > aggregation, e.g. eigrp auto-summary), the mask should never be > shorter than the routing entry. > > I have seen Ciscos being more detailled than expected. We had a > single host-route into a network for which we also had a route > with a shorter mask. However, all flows coming from or destined > to a host within this network were given 32bit masks. > > > For you, Devon, it might be sufficient to include a host route > into the network the traffic is coming from. In any case, you > should be able to do a "binary search" by adding two routes > which are each 1bit longer, then take the one with all the > traffic, split that one, ... > > > Cheers, Marcus > > -- > Condat AG > Alt-Moabit 91d | 10559 Berlin | Germany > Tel: +49.30.39094-167 | Fax: +49.30.39094-555-167 > <email@example.com> | http://www.condat.de > -- > cflowd mailing list > firstname.lastname@example.org >
-- cflowd mailing list email@example.com
This archive was generated by hypermail 2b29 : Fri May 18 2001 - 19:34:45 PDT