> My name is Vladimir. I would like to help me with one question.
> We have tried to use cflowd for analysing IP traffic on our Cisco router
> and collect the data about 2 weeks. The process of collecting the data
> passes without any problem. The problem is that for some reason all IP
> traffic on speciffic host address writes to net matrix with the subnet
> netmask. For example, if I ping on IP address 188.8.131.52 and watch on
> the raw flow data (command flowwatch '(srcaddr == 184.108.40.206)') I can
> see incoming IP traffic on this address. In the raw flow data I see the
> destination address 220.127.116.11 but the netmask is 24 not the 32 and the
> data in net matrix containe the destination address 18.104.22.168/24 not
> the right host IP address 22.214.171.124/32. In this case we are collecting
> the data from Fast Ethernet interface on Cisco 7200 router. That is the
> part of Cisco router configuration.
If I'm not wrong the netmask saved in netmatrix database is the same as
in the packet flow exported by the router...
Please see with "flowwatch" the complete export packet, look in the field
"Mask Lenght", for instance:
src masklen: 19
dst masklen: 25
So as the netmatrix database only saves "nets" the mask lenght is used
to find the correct "subnet" or "supernet"...
-- cflowd mailing list firstname.lastname@example.org
This archive was generated by hypermail 2b29 : Mon Jun 04 2001 - 07:36:23 PDT