Hello,
My name is Vladimir. I would like to help me with one question.
We have tried to use cflowd for analysing IP traffic on our Cisco router
and collect the data about 2 weeks. The process of collecting the data
passes without any problem. The problem is that for some reason all IP
traffic on speciffic host address writes to net matrix with the subnet
netmask. For example, if I ping on IP address 215.80.70.3 and watch on
the raw flow data (command flowwatch '(srcaddr == 215.80.70.3)') I can
see incoming IP traffic on this address. In the raw flow data I see the
destination address 215.80.70.3 but the netmask is 24 not the 32 and the
data in net matrix containe the destination address 215.80.70.0/24 not
the right host IP address 215.80.70.3/32. In this case we are collecting
the data from Fast Ethernet interface on Cisco 7200 router. That is the
part of Cisco router configuration.
interface FastEthernet0/0
description ISL_Trunk
bandwidth 100000
no ip address
ip route-cache flow
full-duplex
!
...
!
interface FastEthernet0/0.3
description Server Hosting
encapsulation isl 4
ip address 215.80.70.1 255.255.255.0
no ip redirects
!
...
ip flow-export source FastEthernet0/0
ip flow-export version 5 peer-as
ip flow-export destination 215.80.64.2 2059
!
...
On the router run OSPF and BGP protocols.
Thank you beforehand,
Best regards,
Vladimir Antonyuk
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Mon Jun 04 2001 - 03:50:35 PDT