I like to open my blogs with a scenario. That way the problem is much more easy to cope with. Today’s problem is this: we have a server that gets hit with some traffic from the Internet. We want to know what kind of traffic and to collect some data for investigation. Here is the diagram:
The router in the middle is Cisco router, of course 🙂
In order to see the traffic between two hosts going through the router, we could debug ip packets. Often a very bad idea! We could try to narrow debugging a little bit with access lists, but still… I had a situation with ACL controlled debugs that almost crashed a router. A bug perhaps.
Another way of doing this is a NetFlow. This is very powerful tool for gathering network statistics and detecting problems. We will do this two way. The first way introduces…
View original post 848 mots de plus