Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
- From: Stef <stefmit@xxxxxxxxx>
- Date: Mon, 10 Apr 2006 06:04:01 -0500
On 4/10/06, Nicolai van der Smagt <nicolai.vandersmagt@xxxxxxxx> wrote:
Stef,
Why don't you just span the entire VLAN to a machine capable of running
tcpdump, use tcpdump -e to find the hardware address of the station(s)
sending the traffic, and look up that address in the CAM table of your
switch? Would be quicker than spanning 1 port at a time..
Kr,
Nicolai van der Smagt
Thanks to all who answered - basically the suggestions revolved around
the same type of solution I assumed originally to be needed
(span/mirror/monitor ports, one at a time, to a probe machine -
whether done via a script on the switch, itself, or controlled
remotely). The above solution is different (saving tons of work), and
it is in fact something I have tried in the past, but never been able
to get to work properly [the entire traffic]. I am thankful for the
reminder, as I could give it another shot. This 4506 is fairly knew,
so hopefully things have improved since last time I have tried this
...
Thanks again to all for answers - part of the hope I had was that
someone could perhaps recognize the pattern, itself - but, if not, I
promise I will get back to this list with a follow-up on our findings.
Stef
- Follow-Ups:
- Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
- From: Roland Dobbins
- Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
- Prev by Date: Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
- Next by Date: Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
- Previous by thread: Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
- Next by thread: Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
- Index(es):
Relevant Pages
|
|
