cerminad
asked on
Configuring Cisco Netflow
I got a call today. A machine on my network is performing a port scan on my ISP's customer's server. They provided me with a NAT'd address for our machine, source port 500, destination port 500, and the customer's destination address. How can I setup netflow on my cisco 3550, to show my culprit internal address? I'm guessing I just want to aggregate info for source port 500, dest port 500, and dest IP?
I'm looking for specifics. I'm a cisco newbie, and the online docs are a little over my head for netflow.
I'm looking for specifics. I'm a cisco newbie, and the online docs are a little over my head for netflow.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then you have a few options- you could kill two birds with one stone and throw it in an acl that blocks this traffic and logs it and then watch the logs. You could even run a sniffer on yor LAN if your switch has a monitor port. You seem to want to get info on netflow in particular. I have not used it, but i am sure someone who has will speak up soon too....
Good luck!