Re: [Nfsen-discuss] egress traffic
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] egress traffic
|
From: Lambert H. <lam...@cl...> - 2008-04-16 08:52:10
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> Hi Alban,<br> There's a website <a class="moz-txt-link-rfc2396E" href="http://asn.cymru.com/cgi-bin/whois.cgi">"http://asn.cymru.com/cgi-bin/whois.cgi"</a> that looks up AS numbers for given IP addresses.<br> Obviously this is just for one-off queries, but perhaps you can contact them if they can provide the script or more advanced tools.<br> Hope this is of (some) help.<br> <br> Lambert<br> <br> <br> Alban Dani wrote: <blockquote cite="mid:1d6...@ma..." type="cite">Peter, thank you.<br> <br> I figured that out after looking at the routing tables too.<br> <br> I am in a bit of a bind right now because many of the routers do not have the capacity to get the full routing table<br> and on the other hand I really need these AS number.<br> Is there any tool (ie script) that would work in conjunction with nfdump to get the AS number based on the ip addresses.<br> and then feed the data back in?<br> <br> thank you again,<br> <br> Alban<br> <br> <br> <div class="gmail_quote">On Mon, Apr 14, 2008 at 3:23 AM, Peter Haag <a class="moz-txt-link-rfc2396E" href="mailto:pet...@sw..."><pet...@sw...></a> wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">-----BEGIN PGP SIGNED MESSAGE-----<br> Hash: SHA1<br> <div> <div class="Wj3C7c"><br> <br> <br> - --On April 10, 2008 18:44:26 -0400 Alban Dani <<a moz-do-not-send="true" href="mailto:alb...@gm...">alb...@gm...</a>> wrote:<br> <br> | I have a router that connects to two ISP providers and am interested only in<br> | the traffic going out to them<br> |<br> | I configured "ip flow egress" on the two physical interfaces connected to<br> | them.<br> | No flow related config in any other interface.<br> |<br> | otherwise the rest of the config is:<br> |<br> | mls netflow interface<br> | mls flow ip interface-full<br> | no mls flow ipv6<br> | mls nde sender version 5<br> | mls sampling packet-based 4096 16000<br> |<br> |<br> | Nfsen is still reporting a lot of flows with Dst AS 0.<br> |<br> | This is a cisco ME-C6524GT-8S - Version 12.2(33)SXH1 and I have not found<br> | any netflow related bug for it ( so far ).<br> <br> </div> </div> AS 0 is a question wether you have full routing and BGP information at all in the router. Apart from that, there are some IOS<br> version having problems with AS 0 but not sure which versions ..<br> <br> - Peter<br> <br> |<br> | thank you,<br> |<br> | Alban<br> <br> <br> <br> - --<br> _______ SWITCH - The Swiss Education and Research Network ______<br> Peter Haag, Security Engineer, Member of SWITCH CERT<br> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7<br> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland<br> E-mail: <a class="moz-txt-link-abbreviated" href="mailto:pet...@sw...">pet...@sw...</a> Web: <a moz-do-not-send="true" href="http://www.switch.ch/" target="_blank">http://www.switch.ch/</a><br> -----BEGIN PGP SIGNATURE-----<br> Version: GnuPG v1.4.3 (Darwin)<br> <br> iQCVAwUBSAMGY/5AbZRALNr/AQLirwP/WWqUVTVQqDRenRC+axyHjpJzM2sBC+q0<br> lLbWKGHY0Wi69aStabJv+MgVnhpHhEJHvZF58FLscsb+2wJrslXVg/4jQgkFW8S0<br> gbjWNCKrSrOZ/TyK2qb/2vWwsVT8v/9sfzcOzo9AQVDlKMAZZpOIzwdNP1mEPSLK<br> lFKmRFMf9w0=<br> =QNGP<br> -----END PGP SIGNATURE-----<br> <br> </blockquote> </div> <br> <pre wrap=""> <hr size="4" width="90%"> ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. <a class="moz-txt-link-freetext" href="http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone">http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone</a></pre> <pre wrap=""> <hr size="4" width="90%"> _______________________________________________ Nfsen-discuss mailing list <a class="moz-txt-link-abbreviated" href="mailto:Nfs...@li...">Nfs...@li...</a> <a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/nfsen-discuss">https://lists.sourceforge.net/lists/listinfo/nfsen-discuss</a> </pre> </blockquote> <br> </body> </html> |