Network Security: Detailed info on Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly

from [Stef] Network Security

[Permanent Link]

Subject:	Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly
Date:	Tue, 11 Apr 2006 18:31:22 -0500

Please see $subj - this is how I knew it was confined to one VLAN only
- the interface in netflow was the VLAN number

Thanks,
Stef

On 4/11/06, Nyuk Loong Kiw <Kiw@safecom.co.nz> wrote:

Are all the netflow packets generated by the 4506 switch? Are you using
flowtools for netflow analysis?

From memory flows generated by cisco devices actually have the
additional interface identifier or something similar in the actual flow
packets itself, if you know which cisco interface is the 'incoming'
interface you should be able to apply a filter to look for all traffics
going through that incoming interface, that should help isolate things.


Kiw

<snip>

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Pierre, Jean-Raymond Message not available RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly, AJ Cochenour Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Stef Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Roland Dobbins RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Jose Nazario RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Nyuk Loong Kiw Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Stef <=

Previous by Date:	RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Nyuk Loong Kiw
Next by Date:	Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Roland Dobbins
Previous by Thread:	RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Nyuk Loong Kiw
Next by Thread:	Re: How to determine which PHP-script allows spamming?, Rainer Duffner
Indexes:	[Date] [Thread] [Top] [All Lists]